1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Getting popups

Discussion in 'Malware Removal Help' started by Tony D, Nov 9, 2022.

  1. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    4,712
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Can't get rid of pop-ups. They come up in the bottom right corner of the desktop when the machine starts and then come up at random times afterwards. They say the machine is infected. They'll display a Norton logo and another popup will display a McAfee logo. Higedgene.com is mentioned in the popups. I clicked the Scan button on one of the popups. It took me to overiessiscle.com
    They come up in Wayne's account, but not Marie's account. I can't find where they're coming from.

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 11/9/22
    Scan Time: 8:15 PM
    Log File: 20c88962-6095-11ed-95da-b870f48ac074.json

    -Software Information-
    Version: 4.5.17.221
    Components Version: 1.0.1806
    Update Package Version: 1.0.62076
    License: Trial

    -System Information-
    OS: Windows 10 (Build 19044.2130)
    CPU: x64
    File System: NTFS
    User: Marie-PC\Wayne

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 372720
    Threats Detected: 4
    Threats Quarantined: 4
    Time Elapsed: 1 hr, 23 min, 48 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 1
    Adware.BrowserIO, HKU\S-1-5-21-2458775785-876129533-827410088-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Quick Maps And Directions, Quarantined, 826, 558885, , , , , ,

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 3
    Adware.BrowserIO, C:\USERS\MARIE\APPDATA\LOCAL\QUICK MAPS AND DIRECTIONS\UNINSTALL.EXE, Quarantined, 826, 558885, 1.0.62076, , ame, , 7DC72ED3E9068AF320FF304A74CFA971, 18C57BF95577A03AB8C1E603C4DA7C9AAFD5C77AEF982F980F0B1221CA4F8407
    Generic.Malware/Suspicious, C:\USERS\MARIE\DOWNLOADS\CBSI-TECHTRACKER_SETUP-10912909.EXE, Quarantined, 0, 392686, 1.0.62076, , shuriken, , F2E8D8B5AD3A6BF1C97BC71380E6143C, CE2F9ABC39CEE35306F11533F784E545BB2264687F4C7EBFB9018345F3D49E76
    PUP.Optional.Wave, C:\USERS\WAYNE\DOWNLOADS\WAVE BROWSER.EXE, Quarantined, 3429, 1065894, 1.0.62076, , ame, , D26AD6D225E376CB20B961E88F06CF5B, 9AAC6E2F21D7F81DDACD20EC2A6F08AA6691328296D7E9946047F57A33CE8E1E

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)

    (end)

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-11-2022 01

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2022 01
    Ran by Wayne (09-11-2022 22:12:57)
    Running from C:\Users\Wayne\Desktop
    Microsoft Windows 10 Home Version 21H2 19044.2130 (X64) (2020-09-03 03:18:58)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================


    (If an entry is included in the fixlist, it will be removed.)

    Administrator (S-1-5-21-2458775785-876129533-827410088-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-2458775785-876129533-827410088-503 - Limited - Disabled)
    Guest (S-1-5-21-2458775785-876129533-827410088-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2458775785-876129533-827410088-1005 - Limited - Enabled)
    Marie (S-1-5-21-2458775785-876129533-827410088-1000 - Administrator - Enabled) => C:\Users\Marie
    Wayne (S-1-5-21-2458775785-876129533-827410088-1007 - Administrator - Enabled) => C:\Users\Wayne
    WDAGUtilityAccount (S-1-5-21-2458775785-876129533-827410088-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    . . . (HKLM\...\{DB52A2D0-CAA1-4ED1-B122-29E7EDDE187F}) (Version: 2.1.28.3 - Intel) Hidden
    . . . (HKLM-x32\...\{06DA421D-EE23-487D-878F-F0AF97EF69AD}) (Version: 2.6.1.4 - Intel) Hidden
    18 Wheels of Steel - American Long Haul (HKLM-x32\...\WT088649) (Version: 2.2.0.95 - WildTangent) Hidden
    Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
    Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.5.5 - Liteon)
    Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3009 - Acer Incorporated)
    Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3016 - Acer Incorporated)
    Acer Game Console (HKLM-x32\...\Acer Game Console) (Version: - WildTangent) Hidden
    Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.1.3 - WildTangent)
    Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
    Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    AdGuard (HKLM-x32\...\{685F6AB3-7C61-42D1-AE5B-3864E48D1035}) (Version: 7.9.3869.0 - Adguard Software Ltd) Hidden
    AdGuard (HKLM-x32\...\{aa20a42b-6cff-4300-aa71-505c4a58c8be}) (Version: 7.9.3869.0 - Adguard Software Ltd)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}) (Version: 3.4.0.2540 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
    Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
    Agatha Christie - Death on the Nile (HKLM-x32\...\WT088295) (Version: 2.2.0.95 - WildTangent) Hidden
    Amazon Cloud Drive (HKU\S-1-5-21-2458775785-876129533-827410088-1000\...\23ab716f18849b6f) (Version: 2.1.2013.1340 - Amazon)
    Apple Application Support (32-bit) (HKLM-x32\...\{80B42CAA-28C0-4FBD-A46E-D61F45E2F9FC}) (Version: 7.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{466D00D0-E7DE-47C2-8FE5-54A8009F5850}) (Version: 7.2 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
    Backup Manager Basic (HKLM-x32\...\{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems) Hidden
    Bejeweled 2 Deluxe (HKLM-x32\...\WT088300) (Version: 2.2.0.95 - WildTangent) Hidden
    Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
    Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Blackhawk Striker 2 (HKLM-x32\...\WT088373) (Version: 2.2.0.95 - WildTangent) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
    Build-a-lot 2 (HKLM-x32\...\WT088310) (Version: 2.2.0.95 - WildTangent) Hidden
    Chuzzle Deluxe (HKLM-x32\...\WT088312) (Version: 2.2.0.95 - WildTangent) Hidden
    CNET TechTracker (HKU\S-1-5-21-2458775785-876129533-827410088-1000\...\CNET TechTracker) (Version: 2.1.0 - CBS Interactive)
    CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)
    CyberLink PowerDVD 9 (HKLM-x32\...\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.) Hidden
    CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT088318) (Version: 2.2.0.95 - WildTangent) Hidden
    Dora's Carnival Adventure (HKLM-x32\...\WT088393) (Version: 2.2.0.95 - WildTangent) Hidden
    eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
    ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.)
    FATE (HKLM-x32\...\WT088413) (Version: 2.2.0.95 - WildTangent) Hidden
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
    HP ENVY 4500 series Basic Device Software (HKLM\...\{38A08516-1847-43E4-8076-9540B60EC43B}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
    HP ePrint (HKLM-x32\...\{2794875B-6CCF-48B8-84A5-5B10DB98BEE6}) (Version: 12.0.13351.1658 - Hewlett-Packard)
    HP Postscript Converter (HKLM\...\{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}) (Version: 4.6.12747 - Hewlett-Packard) Hidden
    HP Unified IO (HKLM\...\{5C76ED0D-0F6F-4985-8B34-F9AE7834848F}) (Version: 2.0.0.434 - HP) Hidden
    HP Unified IO (HKLM-x32\...\{F1390872-2500-4408-A46C-CD16C960C661}) (Version: 2.0.0.434 - HP) Hidden
    iCloud (HKLM\...\{28ABC5D7-AF47-4476-A6AA-C2DD822ED40F}) (Version: 7.9.0.9 - Apple Inc.)
    Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel® Driver Update Utility (HKLM-x32\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
    Jewel Quest - Heritage (HKLM-x32\...\WT088653) (Version: 2.2.0.95 - WildTangent) Hidden
    Jewel Quest Solitaire 2 (HKLM-x32\...\WT088350) (Version: 2.2.0.95 - WildTangent) Hidden
    John Deere Drive Green (HKLM-x32\...\WT088445) (Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
    LUMIX Simple Viewer (HKLM-x32\...\{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}) (Version: 0.99.0000 - )
    Malwarebytes version 4.5.17.221 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.17.221 - Malwarebytes)
    Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    MetaFrame Presentation Server Web Client for Win32 (HKLM-x32\...\MetaFrame Presentation Server Web Client for Win32) (Version: - )
    Microsoft .NET Framework 4.5.2 (HKLM\...\{26784146-6E05-3FF9-9335-786C7C0FB5BE}) (Version: 4.5.51209 - Microsoft Corporation) Hidden
    Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x64) (HKLM\...\{25E80DAA-FD87-DCE5-202C-CC02F6673002}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
    Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 107.0.1418.35 - Microsoft Corporation)
    Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 107.0.1418.35 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2458775785-876129533-827410088-1000\...\OneDriveSetup.exe) (Version: 22.212.1009.0004 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2458775785-876129533-827410088-1007\...\OneDriveSetup.exe) (Version: 22.217.1016.0002 - Microsoft Corporation)
    Microsoft Security Client (HKLM\...\{D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6}) (Version: 4.8.0204.0 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (HKLM-x32\...\{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2005 Tools Express Edition (HKLM-x32\...\{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
    Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
    MSVCRT (HKLM-x32\...\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}) (Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (HKLM-x32\...\{D0B44725-3666-492D-BEF6-587A14BD9BD9}) (Version: 15.4.2862.0708 - Microsoft) Hidden
    MyWinLocker (HKLM-x32\...\{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}) (Version: 3.1.212.0 - Egis Technology Inc.) Hidden
    MyWinLocker Suite (HKLM-x32\...\{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.) Hidden
    MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
    NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
    NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
    OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
    Penguins! (HKLM-x32\...\WT088449) (Version: 2.2.0.95 - WildTangent) Hidden
    Plants vs. Zombies (HKLM-x32\...\WT088364) (Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (HKLM-x32\...\WT088453) (Version: 2.2.0.95 - WildTangent) Hidden
    Polar Golfer (HKLM-x32\...\WT088457) (Version: 2.2.0.95 - WildTangent) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
    ShopAtHome.com Toolbar (HKU\S-1-5-21-2458775785-876129533-827410088-1000\...\ShopAtHome.com Toolbar) (Version: 7.10.6.17 - ShopAtHome.com)
    Shredder (HKLM-x32\...\{C2695E83-CF1D-43D1-84FE-B3BEC561012A}) (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
    Shutterfly Express Uploader (HKLM-x32\...\{2B005610-B725-8D14-0C4B-40E0339F6E8D}) (Version: 1.1.1 - Shutterfly, Inc.) Hidden
    Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.1.1.0 - Shutterfly, Inc.)
    Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
    Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
    Times Reader (HKLM-x32\...\{491ADA37-04EE-2ECE-9F86-DDC0106047AC}) (Version: 2.055 - The New York Times Company) Hidden
    Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
    Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
    UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
    VC 9.0 Runtime (HKLM-x32\...\{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
    Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WT088553) (Version: 2.2.0.95 - WildTangent) Hidden
    Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3102 - Acer Incorporated)
    Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22395 - Microsoft Corporation)
    Windows Live Communications Platform (HKLM-x32\...\{D45240D3-B6B3-4FF9-B243-54ECE3E10066}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live ID Sign-in Assistant (HKLM\...\{1B8ABA62-74F0-47ED-B18C-A43128E591B8}) (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
    Windows Live Installer (HKLM-x32\...\{0B0F231F-CE6A-483D-AA23-77B364F75917}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (HKLM\...\{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mail (HKLM-x32\...\{9D56775A-93F3-44A3-8092-840E3826DE30}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mail (HKLM-x32\...\{C66824E4-CBB3-4851-BB3F-E8CFD6350923}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh (HKLM-x32\...\{A0C91188-C88F-4E86-93E6-CD7C9A266649}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh (HKLM-x32\...\{DECDCB7C-58CC-4865-91AF-627F9798FE48}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Messenger (HKLM-x32\...\{80956555-A512-4190-9CAD-B000C36D6B6B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Messenger (HKLM-x32\...\{EB4DF488-AAEF-406F-A341-CB2AAA315B90}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (HKLM\...\{DA54F80E-261C-41A2-A855-549A144F2F59}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (HKLM-x32\...\{19BA08F7-C728-469C-8A35-BFBD3633BE08}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (HKLM-x32\...\{92EA4134-10D1-418A-91E1-5A0453131A38}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (HKLM-x32\...\{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (HKLM-x32\...\{D436F577-1695-4D2F-8B44-AC76C99E0002}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (HKLM-x32\...\{3336F667-9049-4D46-98B6-4C743EEBC5B1}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (HKLM-x32\...\{34F4D9A4-42C2-4348-BEF4-E553C84549E7}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (HKLM-x32\...\{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Remote Client (HKLM\...\{DF6D988A-EEA0-4277-AAB8-158E086E439B}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Client Resources (HKLM\...\{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service (HKLM\...\{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service Resources (HKLM\...\{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live SOXE (HKLM-x32\...\{682B3E4F-696A-42DE-A41C-4C07EA1678B4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (HKLM-x32\...\{200FEC62-3C34-4D60-9CE8-EC372E01C08F}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (HKLM-x32\...\{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (HKLM-x32\...\{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer (HKLM-x32\...\{A726AE06-AAA3-43D1-87E3-70F510314F04}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer (HKLM-x32\...\{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer (HKLM-x32\...\{AAF454FC-82CA-4F29-AB31-6A109485E76E}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (HKLM-x32\...\{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
    Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
    Zoom (HKU\S-1-5-21-2458775785-876129533-827410088-1007\...\ZoomUMX) (Version: 5.5.2 (12494.0204) - Zoom Video Communications, Inc.)
    Zuma's Revenge (HKLM-x32\...\WT088517) (Version: 2.2.0.95 - WildTangent) Hidden

    Packages:
    =========
    HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_140.1.307.0_x64__v10z8vjag6ke6 [2022-11-07] (HP Inc.)
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.14.9130.0_x64__8wekyb3d8bbwe [2022-11-07] (Microsoft Studios) [MS Ad]
    Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-11-07] (Microsoft Corporation)
    WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2022-11-07] (Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-26] (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
    ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-26] (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
    ContextMenuHandlers1: [EDSshellExt] -> {29FF7AB0-BE34-4992-A30B-53A9D86EE239} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\mwlshellext.dll [2010-05-26] (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
    ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-12-03] (Apple Inc. -> Apple Inc.)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-11-09] (Malwarebytes Inc. -> Malwarebytes)
    ContextMenuHandlers3: [ShredderContextMenu] -> {521065F1-DE6C-4E46-BBCB-89B0D0BE860D} => C:\Program Files (x86)\EgisTec Shredder\x64\ShredderContextMenu.dll [2010-04-02] (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
    ContextMenuHandlers4: [EDSshellExt] -> {29FF7AB0-BE34-4992-A30B-53A9D86EE239} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\mwlshellext.dll [2010-05-26] (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
    ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-11-09] (Malwarebytes Inc. -> Malwarebytes)

    ==================== Codecs (Whitelisted) ====================

    ==================== Shortcuts & WMI ========================

    ==================== Loaded Modules (Whitelisted) =============

    2012-08-10 15:51 - 2012-08-10 15:51 - 000985088 _____ () [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
    2011-03-10 12:25 - 2010-03-03 01:37 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 000705536 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\basegfx.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 001048064 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\comphelpMSC.dll
    2012-08-10 15:50 - 2012-08-10 15:50 - 000375808 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\configmgr.uno.dll
    2012-08-13 09:51 - 2012-08-13 09:51 - 000139776 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\deploymentmisc.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 000148480 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\emser.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 000407552 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\fwe.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 000159232 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\fwi.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 001777664 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\fwk.dll
    2012-08-10 15:50 - 2012-08-10 15:50 - 000027136 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\i18nisolang1MSC.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 000029696 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\i18npaper.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 001317376 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\i18npool.uno.dll
    2012-08-10 15:50 - 2012-08-10 15:50 - 000067072 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\i18nutilMSC.dll
    2012-08-10 15:50 - 2012-08-10 15:50 - 000024064 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\localebe1.uno.dll
    2012-08-10 15:50 - 2012-08-10 15:50 - 000286720 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\oleautobridge.uno.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 000086528 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\sax.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 001772032 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\sb.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 002995200 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\sfx.dll
    2012-08-13 09:51 - 2012-08-13 09:51 - 000271872 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\sofficeapp.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 000257536 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\sot.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 000835072 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\svl.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 003118592 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\svt.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 002364416 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\tk.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 000589312 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\tl.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 000210944 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\ucb1.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 000358400 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\ucbhelper4MSC.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 000258560 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\ucpfile1.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 000952320 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\utl.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 003496960 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\vcl.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 000094720 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\vos3MSC.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 000531968 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\xcr.dll
    2012-08-10 15:50 - 2012-08-10 15:50 - 000499712 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\bootstrap.uno.dll
    2012-08-10 15:50 - 2012-08-10 15:50 - 000152064 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppu3.dll
    2012-08-10 15:50 - 2012-08-10 15:50 - 000439808 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll
    2012-08-10 15:50 - 2012-08-10 15:50 - 000093696 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\jvmfwk3.dll
    2012-08-10 15:50 - 2012-08-10 15:50 - 000052224 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\msci_uno.dll
    2012-08-10 15:50 - 2012-08-10 15:50 - 000093184 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\reg3.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 001742848 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\sal3.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 000013824 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\salhelper3MSC.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 000092672 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stocservices.uno.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 000053760 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\store3.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 000085504 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\uwinapi.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 000035328 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\xmlreader.dll
    2009-09-16 17:44 - 2009-09-16 17:44 - 000153088 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hptcpmib.dll
    2009-09-16 17:45 - 2009-09-16 17:45 - 000331264 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\HpTcpMon.dll
    2009-09-16 10:44 - 2009-09-16 10:44 - 000132096 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hpzjrd01.dll
    2012-08-10 15:50 - 2012-08-10 15:50 - 013914112 _____ (IBM Corporation and others) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\icudt40.dll
    2012-08-10 15:50 - 2012-08-10 15:50 - 001071616 _____ (IBM Corporation and others) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\icuin40.dll
    2012-08-10 15:50 - 2012-08-10 15:50 - 000951808 _____ (IBM Corporation and others) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\icuuc40.dll
    2011-03-10 12:25 - 2010-03-03 01:37 - 000077824 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\DTMessageLib.dll
    2011-03-10 12:25 - 2010-03-03 01:32 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
    2009-09-16 17:45 - 2009-09-16 17:45 - 000317440 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\HPTcpMUI.dll
    2020-09-02 21:54 - 2020-09-02 21:54 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
    2020-09-02 21:54 - 2020-09-02 21:54 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
    2012-08-13 09:57 - 2012-08-13 09:57 - 010368512 _____ (OpenOffice.org) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    2017-11-01 21:58 - 2017-11-01 21:58 - 001141248 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Adguard\SQLite.Interop.dll
    2012-08-10 15:51 - 2012-08-10 15:51 - 000597504 _____ (STLport Consulting, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stlport_vc7145.dll

    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) =================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*

    ==================== Internet Explorer (Whitelisted) ==========

    HKU\S-1-5-21-2458775785-876129533-827410088-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
    URLSearchHook: HKU\S-1-5-21-2458775785-876129533-827410088-1000 - (No Name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No File
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation -> Microsoft Corporation.)
    BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL => No File
    BHO: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll => No File
    BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation -> Microsoft Corporation.)
    BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll => No File
    BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
    BHO-x32: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll => No File
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File
    Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
    Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation -> Microsoft Corporation.)
    Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
    Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation -> Microsoft Corporation.)
    Toolbar: HKU\S-1-5-21-2458775785-876129533-827410088-1000 -> ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
    Toolbar: HKU\S-1-5-21-2458775785-876129533-827410088-1000 -> No Name - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Software Sarl -> Skype Technologies)

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2022-11-09 17:27 - 000002103 _____ C:\WINDOWS\system32\drivers\etc\hosts
    0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
    0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
    0.0.0.0 media.opencandy.com
    0.0.0.0 cdn.opencandy.com
    0.0.0.0 tracking.opencandy.com
    0.0.0.0 api.opencandy.com
    0.0.0.0 api.recommendedsw.com
    0.0.0.0 rp.yefeneri2.com
    0.0.0.0 os.yefeneri2.com
    0.0.0.0 os2.yefeneri2.com
    0.0.0.0 installer.betterinstaller.com
    0.0.0.0 installer.filebulldog.com
    0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
    0.0.0.0 inno.bisrv.com
    0.0.0.0 nsis.bisrv.com
    0.0.0.0 cdn.file2desktop.com
    0.0.0.0 cdn.goateastcach.us
    0.0.0.0 cdn.guttastatdk.us
    0.0.0.0 cdn.inskinmedia.com
    0.0.0.0 cdn.insta.oibundles2.com
    0.0.0.0 cdn.insta.playbryte.com
    0.0.0.0 cdn.llogetfastcach.us
    0.0.0.0 cdn.montiera.com
    0.0.0.0 cdn.msdwnld.com
    0.0.0.0 cdn.mypcbackup.com
    0.0.0.0 cdn.ppdownload.com
    0.0.0.0 cdn.riceateastcach.us
    0.0.0.0 cdn.shyapotato.us
    0.0.0.0 cdn.solimba.com
    0.0.0.0 cdn.tuto4pc.com

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\EgisTec MyWinLocker\x86;C:\Program Files (x86)\EgisTec MyWinLocker\x64;C:\Program Files (x86)\Windows Live\Shared;c:\Program Files (x86)\Microsoft SQL Server\90\Tools\binn\;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\
    HKU\S-1-5-21-2458775785-876129533-827410088-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\theme1\img13.jpg
    HKU\S-1-5-21-2458775785-876129533-827410088-1007\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    HKLM\...\StartupApproved\StartupFolder: => "LUMIX Simple Viewer.lnk"
    HKLM\...\StartupApproved\Run32: => "BackupManagerTray"
    HKLM\...\StartupApproved\Run32: => "EgisUpdate"
    HKLM\...\StartupApproved\Run32: => "LManager"
    HKLM\...\StartupApproved\Run32: => "Adguard"
    HKU\S-1-5-21-2458775785-876129533-827410088-1000\...\StartupApproved\StartupFolder: => "Amazon Cloud Drive.lnk"
    HKU\S-1-5-21-2458775785-876129533-827410088-1000\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
    HKU\S-1-5-21-2458775785-876129533-827410088-1000\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-2458775785-876129533-827410088-1000\...\StartupApproved\Run: => "Skype"
    HKU\S-1-5-21-2458775785-876129533-827410088-1000\...\StartupApproved\Run: => "Adguard"
    HKU\S-1-5-21-2458775785-876129533-827410088-1000\...\StartupApproved\Run: => "Quick Maps And Directions"
    HKU\S-1-5-21-2458775785-876129533-827410088-1007\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_7FFB7A304D69CCAE889E81CE3CDD8F98"
    HKU\S-1-5-21-2458775785-876129533-827410088-1007\...\StartupApproved\Run: => "OneDrive"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{CD68BE42-BAA1-42F7-8365-5CB4C387F610}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{D57524CD-7F69-4605-9F0D-81078EE8D04F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE (CyberLink -> CyberLink Corp.)
    FirewallRules: [{EB87C75C-5D7F-48C1-9B66-5DA094D2ABDE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{501357FD-1C22-4F45-AA01-8CFA4A354CA9}] => (Allow) LPort=2869
    FirewallRules: [{126D783C-2193-4E18-BFE4-FB0E64CE5147}] => (Allow) LPort=1900
    FirewallRules: [{CD504F97-676E-4EAD-8A62-458F29CA9FCD}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{4FA65ECB-862B-44B2-9AEA-6F76FA63AF3C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{A30E82D9-32D4-4AEC-834B-B01B9256102C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe => No File
    FirewallRules: [{D311FDB5-FB9E-4E9D-92E6-587A1458D2AC}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe => No File
    FirewallRules: [{5039E3A5-49CB-4957-92E7-8E3302D92163}] => (Allow) C:\Users\Marie\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => No File
    FirewallRules: [{AB2AB604-AE91-4C2E-AEB5-66C44BE4AA9D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{7C805C03-EE3C-4264-9A97-4B8565D5A4B0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{8E591EEE-3537-4843-83BB-DA70F39E8580}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{CBAD0DB4-5992-47EA-8857-81CB29FEF17E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{4F97EC1A-0A6D-432C-B3D2-F8876E0859D9}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{D578929E-6EC0-4123-9BE4-2916A6EBCF13}] => (Allow) LPort=5357
    FirewallRules: [{E694DC4A-B910-4399-8802-9DFF3CD50C45}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{EDA5A299-D84B-4DAB-844D-30627398ED74}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{D83CD249-E0AD-4F9F-AFD7-B581ED4324E0}] => (Allow) C:\Program Files (x86)\Adguard\AdguardSvc.exe (Adguard Software Limited -> Adguard Software Ltd)
    FirewallRules: [{2D9765C5-C012-4BFF-B9D0-6DFAD1CCC020}] => (Allow) C:\Users\Wayne\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
    FirewallRules: [{2F864B6F-F562-4127-A469-2287A7366696}] => (Allow) C:\Users\Wayne\AppData\Roaming\Zoom\bin\airhost.exe => No File
    FirewallRules: [{C1C5CAE0-4556-474A-8614-BA8146C4E78D}] => (Allow) C:\Users\Wayne\AppData\Roaming\Zoom\bin\airhost.exe => No File
    FirewallRules: [{52620466-045D-4760-B2A2-9EBA3D93C21D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{96101E8B-1EFD-4C4A-9208-DB3795ED9E92}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{CC3173A5-E87F-4F9B-B66F-68E48216C444}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{830E90F3-A9B3-4C3B-B55C-DEF49232F311}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{D1F44C2E-F5F9-4D5E-8D0B-32A2C99E21E2}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.35\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

    ==================== Restore Points =========================

    09-11-2022 18:12:35 Windows Modules Installer

    ==================== Faulty Device Manager Devices ============


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (11/09/2022 09:54:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Cortana.exe version 4.2204.13303.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 208

    Start Time: 01d8f4af85bcd6ed

    Termination Time: 4294967295

    Application Path: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe

    Report Id: d124faab-ace8-4b4d-9359-551ffda83154

    Faulting package full name: Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: App

    Hang type: Quiesce

    Error: (11/09/2022 09:47:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 15625

    Error: (11/09/2022 09:47:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 15625

    Error: (11/09/2022 09:47:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (11/09/2022 08:01:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 62610

    Error: (11/09/2022 08:01:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 62610

    Error: (11/09/2022 08:01:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (11/09/2022 08:01:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 46985


    System errors:
    =============
    Error: (11/09/2022 09:57:54 PM) (Source: DCOM) (EventID: 10010) (User: Marie-PC)
    Description: The server Microsoft.Windows.Photos_2022.30070.26007.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.

    Error: (11/09/2022 09:46:56 PM) (Source: DCOM) (EventID: 10010) (User: Marie-PC)
    Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

    Error: (11/09/2022 09:46:56 PM) (Source: DCOM) (EventID: 10010) (User: Marie-PC)
    Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

    Error: (11/09/2022 09:46:56 PM) (Source: DCOM) (EventID: 10010) (User: Marie-PC)
    Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

    Error: (11/09/2022 09:46:56 PM) (Source: DCOM) (EventID: 10010) (User: Marie-PC)
    Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

    Error: (11/09/2022 09:46:56 PM) (Source: DCOM) (EventID: 10010) (User: Marie-PC)
    Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

    Error: (11/09/2022 09:46:56 PM) (Source: DCOM) (EventID: 10010) (User: Marie-PC)
    Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

    Error: (11/09/2022 08:10:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Adguard Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


    Windows Defender:
    ================
    Date: 2022-11-06 18:41:42
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2022-11-03 19:33:27
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2022-11-02 21:34:15
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2022-11-02 15:28:03
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2022-11-02 14:35:59
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan
    Event[0]:

    Date: 2022-11-09 14:25:02
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.379.97.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.19800.4
    Error code: 0x80070102
    Error description: The wait operation timed out.

    Date: 2022-11-07 16:21:49
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
    Security intelligence Attempted: Current
    Error Code: 0x80070003
    Error description: The system cannot find the path specified.
    Security intelligence Version: 0.0.0.0;0.0.0.0
    Engine Version: 0.0.0.0

    Date: 2022-11-06 16:11:47
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.377.1303.0
    Update Source: Microsoft Malware Protection Center
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.19700.3
    Error code: 0x80070102
    Error description: The wait operation timed out.

    Date: 2022-11-03 22:30:29
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.377.1272.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.19700.3
    Error code: 0x80070102
    Error description: The wait operation timed out.

    Date: 2022-10-29 20:10:45
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.377.895.0
    Update Source: Microsoft Malware Protection Center
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.19700.3
    Error code: 0x80070102
    Error description: The wait operation timed out.

    CodeIntegrity:
    ===============
    Date: 2022-11-09 21:25:44
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2022-06-20 12:27:39
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    BIOS: Acer V1.21 04/25/2011
    Motherboard: Acer Aspire 5742
    Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
    Percentage of memory in use: 75%
    Total physical RAM: 3766.7 MB
    Available physical RAM: 915.06 MB
    Total Virtual: 7606.7 MB
    Available Virtual: 4305.8 MB

    ==================== Drives ================================

    Drive c: (Acer) (Fixed) (Total:282.99 GB) (Free:170.6 GB) (Model: WDC WD3200BPVT-22ZEST0) NTFS

    \\?\Volume{08a53d33-85c1-11e0-b709-806e6f6e6963}\ (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
    \\?\Volume{08a53d32-85c1-11e0-b709-806e6f6e6963}\ (PQSERVICE) (Fixed) (Total:15 GB) (Free:0.96 GB) NTFS

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 85182099)
    Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt =======================
    Ran by Wayne (administrator) on MARIE-PC (Acer Aspire 5742) (09-11-2022 22:03:27)
    Running from C:\Users\Wayne\Desktop
    Loaded Profiles: Wayne
    Platform: Microsoft Windows 10 Home Version 21H2 19044.2130 (X64) Language: English (United States)
    Default browser: Edge
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
    (C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe ->) (OpenOffice.org) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    (C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe ->) (Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
    (C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    (C:\Program Files\Elantech\ETDCtrl.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (EGIS TECHNOLOGY INC. -> Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    (explorer.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    (explorer.exe ->) (EGIS TECHNOLOGY INC. -> Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    (explorer.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (explorer.exe ->) (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
    (explorer.exe ->) (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
    (explorer.exe ->) (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
    (explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SrTasks.exe
    (OpenOffice.org) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    (services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    (services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    (services.exe ->) (Adguard Software Limited -> Adguard Software Ltd) C:\Program Files (x86)\Adguard\AdguardSvc.exe
    (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    (services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (services.exe ->) (Dritek System Inc. -> Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (services.exe ->) (Microsoft Corporation -> Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
    (services.exe ->) (NewTech Infosystems, Inc -> NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    (services.exe ->) (Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
    (svchost.exe ->) (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxext.exe
    (svchost.exe ->) (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22092.211.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.2180_none_7e328fe47c714aab\TiWorker.exe <2>

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronics Corporation -> ELAN Microelectronic Corp.)
    HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
    HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2011-01-05] (Acer Incorporated -> Acer Incorporated)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
    HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-26] (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
    HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
    HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
    HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc -> NewTech Infosystems, Inc.)
    HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc. -> Dritek System Inc.)
    HKLM-x32\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [6315480 2022-03-05] (Adguard Software Limited -> Adguard Software Ltd)
    HKLM Group Policy restriction on software: %userprofile%\*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.js <==== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.js <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.js <==== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <==== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.js <==== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.com <==== ATTENTION
    HKLM Group Policy restriction on software: vssadmin.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.png*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <==== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.js <==== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.js <==== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.js <==== ATTENTION
    HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <==== ATTENTION
    HKLM Group Policy restriction on software: lsassw86s.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.com <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.js <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.js <==== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.com <==== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.js <==== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.js <==== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: scsvserv.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: *.png*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.js <==== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: *.png*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <==== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: *.png*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.js <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.com <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.js <==== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.js <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <==== ATTENTION
    HKLM Group Policy restriction on software: *.png*.js <==== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.com <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.js <==== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.js <==== ATTENTION
    HKLM Group Policy restriction on software: ** <==== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.js <==== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.js <==== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.com <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.js <==== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.png*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.com <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <==== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.js <==== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.js <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <==== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.js <==== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.com <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.js <==== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin <==== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: *.png*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.com <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <==== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.com <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: lsassvrtdbks.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.com <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.com <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.js <==== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.com <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: cipher.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.js <==== ATTENTION
    HKLM Group Policy restriction on software: syskey.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.js <==== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.com <==== ATTENTION
    HKLM Group Policy restriction on software: *.png*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.js <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.com <==== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.js <==== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <==== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <==== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.jse <==== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <==== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.js <==== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.pif <==== ATTENTION
    HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <==== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.bat <==== ATTENTION
    HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
    HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
    HKU\S-1-5-21-2458775785-876129533-827410088-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett Packard -> Hewlett-Packard Co.)
    HKU\S-1-5-21-2458775785-876129533-827410088-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [52142720 2016-04-29] (Skype Software Sarl -> Skype Technologies S.A.)
    HKU\S-1-5-21-2458775785-876129533-827410088-1000\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [6315480 2022-03-05] (Adguard Software Limited -> Adguard Software Ltd)
    HKU\S-1-5-21-2458775785-876129533-827410088-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-12-03] (Apple Inc. -> Apple Inc.)
    HKU\S-1-5-21-2458775785-876129533-827410088-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [68408 2018-12-03] (Apple Inc. -> Apple Inc.)
    HKU\S-1-5-21-2458775785-876129533-827410088-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-12-03] (Apple Inc. -> Apple Inc.)
    HKU\S-1-5-21-2458775785-876129533-827410088-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2018-12-03] (Apple Inc. -> Apple Inc.)
    HKU\S-1-5-21-2458775785-876129533-827410088-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-12-03] (Apple Inc. -> Apple Inc.)
    HKU\S-1-5-21-2458775785-876129533-827410088-1000\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Marie\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
    HKU\S-1-5-21-2458775785-876129533-827410088-1000\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Marie\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
    HKU\S-1-5-21-2458775785-876129533-827410088-1000\...\RunOnce: [Uninstall 22.176.0821.0003] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Marie\AppData\Local\Microsoft\OneDrive\22.176.0821.0003" (No File)
    HKU\S-1-5-21-2458775785-876129533-827410088-1007\...\Run: [MicrosoftEdgeAutoLaunch_7FFB7A304D69CCAE889E81CE3CDD8F98] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3891624 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
    HKLM\...\Print\Monitors\HP C511 Status Monitor: C:\WINDOWS\system32\hpinkstsC511LM.dll [333496 2012-12-15] (Hewlett Packard -> Hewlett-Packard Co.)
    HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP ENVY 4500 series): C:\WINDOWS\system32\HPDiscoPMC511.dll [763912 2014-03-06] (Hewlett Packard -> Hewlett-Packard Co.)
    HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\WINDOWS\system32\HpTcpMon.dll [331264 2009-09-16] (Hewlett Packard) [File not signed]
    HKLM\...\Print\Monitors\HP Universal Port Monitor: C:\WINDOWS\system32\hpbprtmon.dll [419328 2013-12-06] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
    HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk [2013-02-09]
    ShortcutTarget: LUMIX Simple Viewer.lnk -> C:\Program Files (x86)\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsu****a Electric Industrial Co., Ltd.) [File not signed]
    Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk [2016-06-24]
    ShortcutTarget: Amazon Cloud Drive.lnk -> C:\Users\Wayne\AppData\Local\Apps\2.0\EAADCHM9.1X6\7NEM64X2.PQA\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe (No File)
    Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2012-09-18]
    ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () [File not signed]
    Startup: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2020-09-13]
    ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () [File not signed]

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0CAB757D-D36B-4210-A857-F38C0B32C1D8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {0FA242E6-8ABE-437A-8258-7A656373B02D} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe /RestartRecording (No File)
    Task: {15936E85-BB44-42DF-ABB2-454EFF615EFD} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
    Task: {1AE608A1-90E1-4995-84C0-97E04243A63C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
    Task: {1FDECFB3-700E-4E33-B988-353C89E4413B} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
    Task: {206BFCDA-A43C-4311-93FB-12ADF44DE268} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (No File)
    Task: {21FC4F88-39B6-4BED-A49F-8A11D51D6CA0} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe -IdleTask -TaskName MpIdleTask (No File)
    Task: {229EB6D5-73FB-4D9C-8CF0-053F8DC7D48E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {2B38EF60-90FA-4B7C-92EC-98D3E50CCC9E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
    Task: {2C5348BE-F988-4E6E-AF2E-39BCF255E3D8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {2EB99741-314D-4D02-8EDF-580E67CAF145} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
    Task: {33B7E2ED-2C58-489D-B935-28217D1700D3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {3C42F5E9-1F41-4538-A3CB-1AA066B232AA} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges (No File)
    Task: {3EDB92D0-A19B-462C-9E8D-D3D6312A99F3} - System32\Tasks\{6987EA5E-5211-41FE-B9DA-6B9FE935A5DA} => C:\Windows\system32\pcalua.exe -a C:\Users\Marie\Downloads\ica32t.exe -d C:\Users\Marie\Desktop
    Task: {44641218-AF3E-496F-A2D5-D8DE4D9B141B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
    Task: {46DCA372-4D09-409C-AC3A-B8656C31344E} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
    Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
    Task: {525B3DAD-D1A8-42B4-9B4A-FB89C2E1F45B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {544B5DBF-7B83-4401-A098-E35B51DDEEEA} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [22392 2012-04-05] (Acer Incorporated -> Acer Incorporated)
    Task: {5903FF1B-8231-4678-9AD0-C215FFDD0E3F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (No File)
    Task: {5ADD3837-FF07-4F55-882A-8C5F4A3F3E3C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
    Task: {5B6DDDF0-DF70-4578-9995-56C92C547AEF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
    Task: {68C88261-B72D-4101-86BD-B951236C3B41} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
    Task: {6B48963A-C928-4DCA-B3CE-A178FCD45184} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
    Task: {6E6CA6E8-2091-42D9-9381-1B99BD8C1FF9} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
    Task: {789B6387-5F92-47C3-8F4E-F832B1112579} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (No File)
    Task: {78A9E7C4-B922-4C87-A978-2256D9C3E716} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe /StartRecording (No File)
    Task: {891A86F1-35CC-4D6C-BD83-CB7E37F9CBE0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {95ED43E6-FD70-4268-90FB-163D3124665A} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [1741576 2016-03-17] (Intel(R) Software -> Intel Corporation)
    Task: {982E2082-1E92-4B03-A7D2-9417260A1719} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [269000 2015-08-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    Task: {9A9BBC35-D726-4448-B0B4-2591E06ED691} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
    Task: {A068D20F-156E-4A4B-B685-1A87D20AECAF} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (No File)
    Task: {A65A7BFE-860A-432E-AAC3-24C80DFAC3DF} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
    Task: {AD0127F8-7D58-49D2-B62D-46BF90CF4627} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
    Task: {AD0B4750-1138-4F90-AE55-AAC918929C08} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
    Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
    Task: {B6DDAD1B-95EA-45AE-866C-2E7CB64F2C45} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {B9A0B62C-4EAD-415E-8FAB-C7DAF06C1E3C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {B9A85D7E-3233-4A8E-92F9-BE7631AC3801} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {BAA9EF5E-E172-4C26-AF6B-68C5B2633575} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {BE63E055-437B-4957-A126-21C792BA7723} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
    Task: {C05F885E-B955-4C43-8D94-B7005BAD91D5} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
    Task: {C4851C5D-E607-4652-A351-D489F551B275} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (No File)
    Task: {C7044D2B-0557-49F2-A7BA-BD7A4A045FAC} - System32\Tasks\{EE0C9767-819A-49F0-9B8C-623785A83795} => "C:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/5.0.0.152.367/en/privacy
    Task: {C8831B74-ED49-4E84-BA16-7DBAC8CBBA57} - System32\Tasks\{4949DDB3-A421-4721-AFDB-CED05E3F1A39} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Marie\AppData\Local\Microsoft\Windows\INetCache\IE\25T6UH6I\adguardInstaller.exe -d C:\Users\Marie\Desktop
    Task: {CC4C538A-A6A7-42AF-A95F-167B089C6C08} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
    Task: {CEAA6854-4CA7-450E-BE4A-0FCB17C72F26} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe -crl -hms -pscn 15 (No File)
    Task: {CFF407BC-C954-4A62-A33A-B7C9F60F2B82} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (No File)
    Task: {D646C058-2F83-46E8-A512-B2F052C4ACAF} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
    Task: {DB258092-9F1E-44E6-B0D1-9CFA463555E5} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
    Task: {DD05E0F4-DD13-40CB-A7E5-7B5DDC78737F} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
    Task: {E60B72D5-32B1-4B6E-800B-585934831A40} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe $(Arg0) (No File)
    Task: {EAC1B782-7532-4F5C-B28C-9DDCB98072F7} - System32\Tasks\{5854EAB4-C7CE-4E89-9993-11592A1787E8} => "C:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/5.0.0.152.367/en/privacy
    Task: {FB5B6404-6936-4047-967A-0E60C8665754} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{04d97e2e-63f5-478f-9f52-a81280ce9c88}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{3fbd3684-8ab0-47fb-a027-f6376bc95b69}: [DhcpNameServer] 192.168.1.1

    Edge:
    =======
    Edge DefaultProfile: Default
    Edge Profile: C:\Users\Wayne\AppData\Local\Microsoft\Edge\User Data\Default [2022-11-09]
    Edge Notifications: Default -> hxxps://higedgene.com
    Edge StartupUrls: Default -> "hxxps://www.msn.com/?ocid=mailsignout&pfr=1"
    Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
    Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]

    FireFox:
    ========
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 -> C:\Windows\SysWOW64\npdeployJava1.dll [2012-05-09] (Sun Microsystems, Inc. -> Sun Microsystems, Inc.)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
    CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [467928 2022-03-05] (Adguard Software Limited -> Adguard Software Ltd)
    R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
    S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [269000 2015-08-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    S2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] (Intel(R) Software Development Products -> )
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8879024 2022-11-09] (Malwarebytes Inc. -> Malwarebytes)
    R2 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation -> Microsoft Corporation)
    S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
    S2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] (Intel(R) Software Development Products -> )
    R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-04-11] (Reason Software Company Inc. -> Reason Software Company Inc.)
    S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] (Intel(R) Software Development Products -> )
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\NisSrv.exe [3191224 2022-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)
    S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\MsMpEng.exe [133560 2022-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 adgnetworktdidrv; C:\WINDOWS\System32\drivers\adgnetworktdidrv.sys [64112 2016-07-21] (Microsoft Windows Hardware Compatibility Publisher -> )
    S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
    S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-11-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-11-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-11-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193992 2022-11-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [75216 2022-11-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-11-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-11-09] (Malwarebytes Inc. -> Malwarebytes)
    S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49584 2022-11-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [14464 2015-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
    S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [469248 2022-11-07] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95528 2022-11-07] (Microsoft Windows -> Microsoft Corporation)
    U3 idsvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) (Whitelisted) =========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2022-11-09 22:11 - 2022-11-09 22:11 - 000000000 ____D C:\Users\Wayne\AppData\LocalLow\IGDump
    2022-11-09 22:03 - 2022-11-09 22:08 - 000054056 _____ C:\Users\Wayne\Desktop\FRST.txt
    2022-11-09 22:00 - 2022-11-09 22:06 - 000000000 ____D C:\FRST
    2022-11-09 21:58 - 2022-11-09 20:24 - 002375168 _____ (Farbar) C:\Users\Wayne\Desktop\FRST64.exe
    2022-11-09 19:45 - 2022-11-09 19:45 - 000075216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2022-11-09 19:44 - 2022-11-09 19:44 - 000193992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2022-11-09 19:44 - 2022-11-09 19:44 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2022-11-09 19:42 - 2022-11-09 19:42 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2022-11-09 19:42 - 2022-11-09 19:42 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2022-11-09 19:42 - 2022-11-09 19:42 - 000002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
    2022-11-09 19:42 - 2022-11-09 19:42 - 000002025 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2022-11-09 19:42 - 2022-11-09 19:42 - 000000000 ____D C:\Users\Wayne\AppData\Local\mbam
    2022-11-09 19:41 - 2022-11-09 19:39 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2022-11-09 19:41 - 2022-11-09 19:39 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
    2022-11-09 19:38 - 2022-11-09 19:38 - 000000000 ____D C:\Program Files\Malwarebytes
    2022-11-09 18:46 - 2022-11-09 18:46 - 000000000 ___HD C:\$WinREAgent
    2022-11-04 12:31 - 2022-11-04 12:31 - 000014442 _____ C:\Users\Wayne\Downloads\Inquirer Letter other Does God care about Phillies winning.odt
    2022-10-27 18:57 - 2022-10-27 19:00 - 000008655 _____ C:\Users\Wayne\Downloads\Search texts for Google.odt
    2022-10-27 00:12 - 2022-10-27 00:12 - 000036359 _____ C:\Users\Wayne\Downloads\Simon and Garfunkel part 2 of 2.odt
    2022-10-11 19:16 - 2022-10-11 19:16 - 000012253 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
    2022-10-11 19:15 - 2022-10-11 19:15 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
    2022-10-11 19:15 - 2022-10-11 19:15 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2022-10-11 19:14 - 2022-10-11 19:14 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
    2022-10-11 19:14 - 2022-10-11 19:14 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2022-10-11 19:12 - 2022-10-11 19:12 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
    2022-10-11 19:12 - 2022-10-11 19:12 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2022-11-09 22:09 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
    2022-11-09 22:09 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
    2022-11-09 22:03 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2022-11-09 21:58 - 2016-09-14 07:38 - 000000000 ____D C:\ProgramData\Adguard
    2022-11-09 21:53 - 2020-09-02 22:05 - 001038846 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2022-11-09 21:53 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
    2022-11-09 21:43 - 2020-09-02 21:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2022-11-09 21:43 - 2020-09-02 19:36 - 000000000 ____D C:\Users\Marie
    2022-11-09 21:43 - 2018-08-29 19:32 - 000000000 ____D C:\Users\Marie\AppData\Local\Quick Maps And Directions
    2022-11-09 21:09 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
    2022-11-09 19:41 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2022-11-09 19:38 - 2014-07-17 11:33 - 000000000 ____D C:\ProgramData\Malwarebytes
    2022-11-09 19:29 - 2020-09-02 19:36 - 000000000 ____D C:\Users\Wayne
    2022-11-09 18:12 - 2013-08-16 07:42 - 000000000 ____D C:\WINDOWS\system32\MRT
    2022-11-09 17:47 - 2012-01-27 11:22 - 146960040 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2022-11-09 17:27 - 2020-09-02 22:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2022-11-09 17:26 - 2020-09-02 21:45 - 000008192 ___SH C:\DumpStack.log.tmp
    2022-11-09 17:26 - 2019-12-07 04:03 - 001310720 _____ C:\WINDOWS\system32\config\BBI
    2022-11-07 21:49 - 2018-02-02 12:08 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2022-11-07 17:08 - 2020-09-02 19:36 - 000000000 ____D C:\Users\DefaultAppPool
    2022-11-07 17:08 - 2020-09-02 15:11 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2022-11-07 15:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\registration
    2022-11-07 15:02 - 2021-12-16 18:01 - 000000000 ____D C:\Users\Wayne\AppData\Local\D3DSCache
    2022-11-02 20:54 - 2020-09-02 22:17 - 000004150 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B192C39B-55EE-482D-9196-3D7DF9B412A3}
    2022-11-02 19:10 - 2022-04-07 14:06 - 000002421 _____ C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2022-11-02 19:10 - 2021-12-16 19:23 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2458775785-876129533-827410088-1000
    2022-11-02 19:10 - 2020-09-02 22:17 - 000003362 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2458775785-876129533-827410088-1000
    2022-11-02 19:06 - 2021-12-12 09:28 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2458775785-876129533-827410088-1007
    2022-11-02 19:06 - 2021-05-24 08:17 - 000002421 _____ C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2022-11-02 19:06 - 2020-09-02 22:17 - 000003362 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2458775785-876129533-827410088-1007
    2022-10-19 06:54 - 2019-01-08 16:09 - 000000000 ___RD C:\Users\Marie\iCloudDrive
    2022-10-19 06:47 - 2017-11-04 11:09 - 000000000 ____D C:\Users\Marie\AppData\Local\ConnectedDevicesPlatform
    2022-10-16 21:42 - 2020-09-02 21:45 - 000474416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2022-10-16 21:38 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2022-10-16 21:38 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
    2022-10-16 21:38 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
    2022-10-16 21:38 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
    2022-10-16 21:38 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
    2022-10-16 21:38 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
    2022-10-16 21:38 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Provisioning
    2022-10-16 21:38 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
    2022-10-16 21:38 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
    2022-10-16 16:37 - 2020-09-02 22:17 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
    2022-10-16 16:37 - 2020-09-02 22:17 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
    2022-10-11 19:40 - 2019-12-07 04:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
    2022-10-11 19:40 - 2019-12-07 04:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
    2022-10-11 19:12 - 2020-09-02 21:50 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll

    ==================== Files in the root of some directories ========

    2016-09-14 07:38 - 2021-11-23 21:41 - 000000267 _____ () C:\ProgramData\fontcacheev1.dat

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================
     
  2. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,769
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Tony,

    Certainly some tidying up needed there.
    Mostly because the system was upgraded to Win10 from an earlier version of Windows.

    We can ignore the Group Policy restrictions because as you're aware, these are created by CryptoPrevent.

    Edge Notifications: Default -> hxxps://higedgene.com

    This has been added to the fix.

    Step 1
    Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
    NOTE.
    It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system


    Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

    [​IMG]

    The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.

    Step 2
    I would also advize that Edge and Chrome are reset back to the defaults.
    Microsoft Edge:
    To quickly reset Microsoft Edge, you can enter edge://settings/resetProfileSettings into Microsoft Edge’s address bar to go the Reset page, then click on “Reset” to restore the browser settings.

    Google Chrome:
    • Click the Menu option button at the top right of the Google Chrome screen (3 vertical dots)
    • Select Settings.
    • Click Reset and Clean Up (left hand side).
    • In the dialogue that appears, click Restore settings to their original defaults. Note: When the "Help make Google Chrome better by reporting the current settings" tick box is selected you are anonymously sending Google your Chrome settings. Reporting these settings allows us to analyse trends and work to prevent future unwanted settings changes.
    • Click Reset Settings

    Resetting your browser settings will impact the settings below:

    Default search engine and saved search engines will be reset and to their original defaults.
    Homepage button will be hidden and the URL that you previously set will be removed.
    Default startup tabs will be cleared. The browser will show a new tab when you startup or continue where you left off if you're on a Chromebook.
    New Tab page will be empty unless you have a version of Chrome with an extension that controls it. In that case your page may be preserved.
    Pinned tabs will be unpinned.
    Content settings will be cleared and reset to their installation defaults.
    Cookies and site data will be cleared.
    Extensions and themes will be disabled.

    In your next reply, please submit:
    Fixlog
    and let me know if the problem has been solved.


    Thanks.




     

    Attached Files:

  3. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    4,712
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Thank you,
    Initially, I thought it may be an Edge notification, but Edge wasn't running. So I thought maybe it wasn't from Edge. I should have taken a photo.

    Also while looking thru the FRST logs I searched for just part of the URL (hige) thinking I would find something, but got no search results. I was using Notepad to open the FRST logs. Now that you pointed out the offending line, I opened the log file with Word. I did the search and it found higedgene. Learn everyday - Word has a better search function. You can search for just part of a word.

    I ran the fix and it restarted. On the restart, it did an update which I saw was waiting to be installed.

    Fix result of Farbar Recovery Scan Tool (x64) Version: 09-11-2022 01
    Ran by Wayne (10-11-2022 12:29:16) Run:1
    Running from C:\Users\Wayne\Desktop
    Loaded Profiles: Marie & Wayne
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:

    ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
    URLSearchHook: HKU\S-1-5-21-2458775785-876129533-827410088-1000 - (No Name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No File
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL => No File
    BHO: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll => No File
    BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll => No File
    BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
    BHO-x32: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll => No File
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File
    Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
    Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
    Toolbar: HKU\S-1-5-21-2458775785-876129533-827410088-1000 -> ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
    Toolbar: HKU\S-1-5-21-2458775785-876129533-827410088-1000 -> No Name - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File
    FirewallRules: [{A30E82D9-32D4-4AEC-834B-B01B9256102C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe => No File
    FirewallRules: [{D311FDB5-FB9E-4E9D-92E6-587A1458D2AC}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe => No File
    FirewallRules: [{5039E3A5-49CB-4957-92E7-8E3302D92163}] => (Allow) C:\Users\Marie\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => No File
    FirewallRules: [{2F864B6F-F562-4127-A469-2287A7366696}] => (Allow) C:\Users\Wayne\AppData\Roaming\Zoom\bin\airhost.exe => No File
    FirewallRules: [{C1C5CAE0-4556-474A-8614-BA8146C4E78D}] => (Allow) C:\Users\Wayne\AppData\Roaming\Zoom\bin\airhost.exe => No File
    Task: {0CAB757D-D36B-4210-A857-F38C0B32C1D8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {0FA242E6-8ABE-437A-8258-7A656373B02D} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe /RestartRecording (No File)
    Task: {15936E85-BB44-42DF-ABB2-454EFF615EFD} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
    Task: {1AE608A1-90E1-4995-84C0-97E04243A63C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
    Task: {206BFCDA-A43C-4311-93FB-12ADF44DE268} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (No File)
    Task: {21FC4F88-39B6-4BED-A49F-8A11D51D6CA0} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe -IdleTask -TaskName MpIdleTask (No File)
    Task: {229EB6D5-73FB-4D9C-8CF0-053F8DC7D48E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {2B38EF60-90FA-4B7C-92EC-98D3E50CCC9E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
    Task: {2C5348BE-F988-4E6E-AF2E-39BCF255E3D8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {2EB99741-314D-4D02-8EDF-580E67CAF145} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
    Task: {33B7E2ED-2C58-489D-B935-28217D1700D3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {3C42F5E9-1F41-4538-A3CB-1AA066B232AA} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges (No File)
    Task: {44641218-AF3E-496F-A2D5-D8DE4D9B141B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
    Task: {46DCA372-4D09-409C-AC3A-B8656C31344E} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
    Task: {525B3DAD-D1A8-42B4-9B4A-FB89C2E1F45B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {5903FF1B-8231-4678-9AD0-C215FFDD0E3F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (No File)
    Task: {5ADD3837-FF07-4F55-882A-8C5F4A3F3E3C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {5B6DDDF0-DF70-4578-9995-56C92C547AEF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
    Task: {6E6CA6E8-2091-42D9-9381-1B99BD8C1FF9} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
    Task: {789B6387-5F92-47C3-8F4E-F832B1112579} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (No File)
    Task: {78A9E7C4-B922-4C87-A978-2256D9C3E716} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe /StartRecording (No File)
    Task: {891A86F1-35CC-4D6C-BD83-CB7E37F9CBE0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {A068D20F-156E-4A4B-B685-1A87D20AECAF} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (No File)
    Task: {AD0127F8-7D58-49D2-B62D-46BF90CF4627} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
    Task: {AD0B4750-1138-4F90-AE55-AAC918929C08} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
    Task: {B6DDAD1B-95EA-45AE-866C-2E7CB64F2C45} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {B9A0B62C-4EAD-415E-8FAB-C7DAF06C1E3C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {B9A85D7E-3233-4A8E-92F9-BE7631AC3801} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {BAA9EF5E-E172-4C26-AF6B-68C5B2633575} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {BE63E055-437B-4957-A126-21C792BA7723} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
    Task: {C4851C5D-E607-4652-A351-D489F551B275} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (No File)
    Task: {CEAA6854-4CA7-450E-BE4A-0FCB17C72F26} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe -crl -hms -pscn 15 (No File)
    Task: {CFF407BC-C954-4A62-A33A-B7C9F60F2B82} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (No File)
    Task: {D646C058-2F83-46E8-A512-B2F052C4ACAF} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
    Task: {DB258092-9F1E-44E6-B0D1-9CFA463555E5} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
    Task: {E60B72D5-32B1-4B6E-800B-585934831A40} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe $(Arg0) (No File)
    Task: {FB5B6404-6936-4047-967A-0E60C8665754} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Edge Notifications: Default -> hxxps://higedgene.com
    U3 idsvc; no ImagePath

    *****************

    Processes closed successfully.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.
    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully
    "HKU\S-1-5-21-2458775785-876129533-827410088-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{91da5e8a-3318-4f8c-b67e-5964de3ab546}" => removed successfully
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => removed successfully
    HKLM\Software\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => removed successfully
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} => removed successfully
    HKLM\Software\Classes\CLSID\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} => removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} => removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" => removed successfully
    HKLM\Software\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => removed successfully
    "HKU\S-1-5-21-2458775785-876129533-827410088-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" => removed successfully
    "HKU\S-1-5-21-2458775785-876129533-827410088-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A30E82D9-32D4-4AEC-834B-B01B9256102C}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D311FDB5-FB9E-4E9D-92E6-587A1458D2AC}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5039E3A5-49CB-4957-92E7-8E3302D92163}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2F864B6F-F562-4127-A469-2287A7366696}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C1C5CAE0-4556-474A-8614-BA8146C4E78D}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0CAB757D-D36B-4210-A857-F38C0B32C1D8}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CAB757D-D36B-4210-A857-F38C0B32C1D8}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{0FA242E6-8ABE-437A-8258-7A656373B02D}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FA242E6-8ABE-437A-8258-7A656373B02D}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RecordingRestart" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15936E85-BB44-42DF-ABB2-454EFF615EFD}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15936E85-BB44-42DF-ABB2-454EFF615EFD}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\SqlLiteRecoveryTask" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1AE608A1-90E1-4995-84C0-97E04243A63C}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AE608A1-90E1-4995-84C0-97E04243A63C}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW1" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{206BFCDA-A43C-4311-93FB-12ADF44DE268}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{206BFCDA-A43C-4311-93FB-12ADF44DE268}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21FC4F88-39B6-4BED-A49F-8A11D51D6CA0}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21FC4F88-39B6-4BED-A49F-8A11D51D6CA0}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\MpIdleTask" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{229EB6D5-73FB-4D9C-8CF0-053F8DC7D48E}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{229EB6D5-73FB-4D9C-8CF0-053F8DC7D48E}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B38EF60-90FA-4B7C-92EC-98D3E50CCC9E}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B38EF60-90FA-4B7C-92EC-98D3E50CCC9E}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\MediaCenterRecoveryTask" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C5348BE-F988-4E6E-AF2E-39BCF255E3D8}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C5348BE-F988-4E6E-AF2E-39BCF255E3D8}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2EB99741-314D-4D02-8EDF-580E67CAF145}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EB99741-314D-4D02-8EDF-580E67CAF145}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33B7E2ED-2C58-489D-B935-28217D1700D3}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33B7E2ED-2C58-489D-B935-28217D1700D3}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C42F5E9-1F41-4538-A3CB-1AA066B232AA}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C42F5E9-1F41-4538-A3CB-1AA066B232AA}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44641218-AF3E-496F-A2D5-D8DE4D9B141B}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44641218-AF3E-496F-A2D5-D8DE4D9B141B}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ReindexSearchRoot" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46DCA372-4D09-409C-AC3A-B8656C31344E}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46DCA372-4D09-409C-AC3A-B8656C31344E}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\InstallPlayReady" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{525B3DAD-D1A8-42B4-9B4A-FB89C2E1F45B}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{525B3DAD-D1A8-42B4-9B4A-FB89C2E1F45B}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5903FF1B-8231-4678-9AD0-C215FFDD0E3F}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5903FF1B-8231-4678-9AD0-C215FFDD0E3F}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrScheduleTask" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5ADD3837-FF07-4F55-882A-8C5F4A3F3E3C}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5ADD3837-FF07-4F55-882A-8C5F4A3F3E3C}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B6DDDF0-DF70-4578-9995-56C92C547AEF}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B6DDDF0-DF70-4578-9995-56C92C547AEF}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW2" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E6CA6E8-2091-42D9-9381-1B99BD8C1FF9}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E6CA6E8-2091-42D9-9381-1B99BD8C1FF9}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\DispatchRecoveryTasks" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{789B6387-5F92-47C3-8F4E-F832B1112579}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{789B6387-5F92-47C3-8F4E-F832B1112579}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrRecoveryTask" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78A9E7C4-B922-4C87-A978-2256D9C3E716}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78A9E7C4-B922-4C87-A978-2256D9C3E716}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\StartRecording => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\StartRecording" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{891A86F1-35CC-4D6C-BD83-CB7E37F9CBE0}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{891A86F1-35CC-4D6C-BD83-CB7E37F9CBE0}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A068D20F-156E-4A4B-B685-1A87D20AECAF}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A068D20F-156E-4A4B-B685-1A87D20AECAF}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD0127F8-7D58-49D2-B62D-46BF90CF4627}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD0127F8-7D58-49D2-B62D-46BF90CF4627}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ConfigureInternetTimeService" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD0B4750-1138-4F90-AE55-AAC918929C08}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD0B4750-1138-4F90-AE55-AAC918929C08}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6DDAD1B-95EA-45AE-866C-2E7CB64F2C45}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6DDAD1B-95EA-45AE-866C-2E7CB64F2C45}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9A0B62C-4EAD-415E-8FAB-C7DAF06C1E3C}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9A0B62C-4EAD-415E-8FAB-C7DAF06C1E3C}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9A85D7E-3233-4A8E-92F9-BE7631AC3801}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9A85D7E-3233-4A8E-92F9-BE7631AC3801}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BAA9EF5E-E172-4C26-AF6B-68C5B2633575}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAA9EF5E-E172-4C26-AF6B-68C5B2633575}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE63E055-437B-4957-A126-21C792BA7723}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE63E055-437B-4957-A126-21C792BA7723}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ActivateWindowsSearch" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4851C5D-E607-4652-A351-D489F551B275}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4851C5D-E607-4652-A351-D489F551B275}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscovery" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEAA6854-4CA7-450E-BE4A-0FCB17C72F26}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEAA6854-4CA7-450E-BE4A-0FCB17C72F26}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate_scheduled" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFF407BC-C954-4A62-A33A-B7C9F60F2B82}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFF407BC-C954-4A62-A33A-B7C9F60F2B82}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PeriodicScanRetry" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D646C058-2F83-46E8-A512-B2F052C4ACAF}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D646C058-2F83-46E8-A512-B2F052C4ACAF}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RegisterSearch" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB258092-9F1E-44E6-B0D1-9CFA463555E5}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB258092-9F1E-44E6-B0D1-9CFA463555E5}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E60B72D5-32B1-4B6E-800B-585934831A40}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E60B72D5-32B1-4B6E-800B-585934831A40}" => removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FB5B6404-6936-4047-967A-0E60C8665754}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB5B6404-6936-4047-967A-0E60C8665754}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
    "Edge Notifications" => removed successfully
    HKLM\System\CurrentControlSet\Services\idsvc => removed successfully
    idsvc => service removed successfully

    =========== EmptyTemp: ==========

    FlushDNS => completed
    BITS transfer queue => 0 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 128075114 B
    Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
    Windows/system/drivers => 8090941 B
    Edge => 0 B
    Firefox => 0 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 4212 B
    NetworkService => 930528208 B
    Marie => 1033267694 B
    Wayne => 1120288440 B
    DefaultAppPool => 1120288440 B

    RecycleBin => 0 B
    EmptyTemp: => 4 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 12:30:50 ====
     
    Last edited: Nov 10, 2022
  4. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    4,712
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    I forgot to mention that the popups are no longer showing.

    Thanks again,
     
    IJAC likes this.
  5. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    4,712
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Could this have been fixed by resetting Edge? Or maybe by deleting some registry entries?
     
    IJAC likes this.
  6. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,769
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Tony,

    Yes it could well have needed just a reset of Edge .... but there was a lot of leftovers that needed removing.
    It's a lot tidier now.
     
    IJAC likes this.
  7. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    4,712
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    It was a bit nasty. So why was I getting pop ups when Edge wasn't running? Is Edge embedded into the OS that deeply?

    Maybe this has something to do with it
     
  8. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,769
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Tony,

    For future reference .... You'll just love this..
    If you open Edge.
    • Click the three dots (...) in the upper right corner of the window.
    • Click on Settings.
    • Click on 'System' on the left hand side.
    • You will see "Start-up boost"..... If this slider is in the ON position.
    • This keeps Edge running in the background even when you close it.
    • Next, below this you will see "Continue running background apps when Microsoft Edge is closed",
    • This keeps your Edge Apps running when Edge is closed.
    Don't you just love M$ :jump:
     
    IJAC likes this.
  9. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    4,712
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Those sneaky little ....
    I think that explains it. I just disabled both on my own machine.
    I'm making a note of this.

    On behalf of my neighbor who helps me when I'm in need - THANK YOU!
     
  10. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,769
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    No problem Tony, you're more than welcome.
     
    Tony D likes this.

Share This Page