Need a little cleanup

Tony D · Feb 8, 2021

Hi, I'm looking for some expert help to clean this machine up.
It had 360 Total Security which I uninstalled, but there are signs of it in the FRST scans.
It also had McAfee security which I deleted. Still signs in the logs. After the FRST scan I did remove the extension from Chrome.
The FRST logs show Firefox items, but FF is not on this machine.
Other ATTENTION items need to be addressed.
Thanks much,

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/8/21
Scan Time: 5:22 PM
Log File: 2ca0a3b8-6a5c-11eb-9b7b-f079594b345a.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1157
Update Package Version: 1.0.36837
License: Trial

-System Information-
OS: Windows 10 (Build 18362.1316)
CPU: x64
File System: NTFS
User: JohnDiMeglio\John

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 326920
Threats Detected: 117
Threats Quarantined: 117
Time Elapsed: 8 min, 54 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 32
PUP.Optional.eShopComp, HKU\S-1-5-21-1018448789-4025328002-866781052-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\DOMSTORAGE\eshopcomp.com, Quarantined, 6860, 259456, 1.0.36837, , ame, , ,
Adware.DNSUnlocker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DNSLOCKINGTON, Quarantined, 8234, 372694, , , , , ,
Adware.DNSUnlocker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{ADCAE204-464E-40F8-B528-5CF82325BC36}, Quarantined, 8234, 372694, , , , , ,
Adware.DNSUnlocker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\BOOT\{ADCAE204-464E-40F8-B528-5CF82325BC36}, Quarantined, 8234, 372694, , , , , ,
PUP.Optional.eShopComp, HKU\S-1-5-21-1018448789-4025328002-866781052-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\DOMSTORAGE\pstatic.eshopcomp.com, Quarantined, 6860, 259457, 1.0.36837, , ame, , ,
PUP.Optional.Revizer, HKU\S-1-5-21-1018448789-4025328002-866781052-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\DOMSTORAGE\re-markit.co, Quarantined, 193, 185488, 1.0.36837, , ame, , ,
PUP.Optional.Revizer, HKU\S-1-5-21-1018448789-4025328002-866781052-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\DOMSTORAGE\static.re-markit00.re-markit.co, Quarantined, 193, 185488, 1.0.36837, , ame, , ,
PUP.Optional.OneSystemCare.EncJob, HKU\S-1-5-21-1018448789-4025328002-866781052-500\SOFTWARE\One System Care, Quarantined, 16577, 878881, 1.0.36837, , ame, , ,
PUP.Optional.WinYahoo, HKU\S-1-5-21-1018448789-4025328002-866781052-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{A62ABDEE-78A2-4DDB-9355-1C334ABD6E43}, Quarantined, 2683, 342409, , , , , ,
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{A62ABDEE-78A2-4DDB-9355-1C334ABD6E43}, Quarantined, 2683, 342409, , , , , ,
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{a62abdee-78a2-4ddb-9355-1c334abd6e43}, Quarantined, 2683, 342409, 1.0.36837, , ame, , ,
PUP.Optional.SearchYa, HKU\S-1-5-21-1018448789-4025328002-866781052-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{D4FEE3D1-1014-4DB8-A824-573BF9AB51C7}, Quarantined, 2160, 242799, , , , , ,
PUP.Optional.SearchYa, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{D4FEE3D1-1014-4DB8-A824-573BF9AB51C7}, Quarantined, 2160, 242799, , , , , ,
PUP.Optional.SearchYa, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{d4fee3d1-1014-4db8-a824-573bf9ab51c7}, Quarantined, 2160, 242799, 1.0.36837, , ame, , ,
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, 3090, 260247, 1.0.36837, , ame, , ,
PUP.Optional.CloudScout, HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b, Quarantined, 3454, 246387, 1.0.36837, , ame, , ,
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E1527582-8509-4011-B922-29E3FB548882}_is1, Quarantined, 3090, 182290, , , , , ,
PUP.Optional.eShopComp, HKU\S-1-5-21-1018448789-4025328002-866781052-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\EDPDOMSTORAGE\eshopcomp.com, Quarantined, 6860, 259458, 1.0.36837, , ame, , ,
PUP.Optional.eShopComp, HKU\S-1-5-21-1018448789-4025328002-866781052-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\EDPDOMSTORAGE\pstatic.eshopcomp.com, Quarantined, 6860, 259459, 1.0.36837, , ame, , ,
PUP.Optional.Revizer, HKU\S-1-5-21-1018448789-4025328002-866781052-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\EDPDOMSTORAGE\re-markit.co, Quarantined, 193, 185489, 1.0.36837, , ame, , ,
PUP.Optional.Revizer, HKU\S-1-5-21-1018448789-4025328002-866781052-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\CHILDREN\001\INTERNET EXPLORER\EDPDOMSTORAGE\static.re-markit00.re-markit.co, Quarantined, 193, 185489, 1.0.36837, , ame, , ,
PUP.Optional.OneSystemCare.EncJob, HKU\S-1-5-21-1018448789-4025328002-866781052-1004\SOFTWARE\One System Care, Quarantined, 16577, 878881, 1.0.36837, , ame, , ,
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}, Quarantined, 2683, 254683, 1.0.36837, , ame, , ,
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{902FA5BC-AF2F-4DD7-AF39-BF254EB9162A}, Quarantined, 2683, 254683, 1.0.36837, , ame, , ,
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, 3090, 260247, 1.0.36837, , ame, , ,
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{ed50ab1d}, Quarantined, 3090, 260250, 1.0.36837, , ame, , ,
PUP.Optional.InstallCore, HKU\S-1-5-21-1018448789-4025328002-866781052-1001\SOFTWARE\ICSW1.18, Quarantined, 112, 239562, 1.0.36837, , ame, , ,
PUP.Optional.InstallCore, HKU\S-1-5-21-1018448789-4025328002-866781052-1001\SOFTWARE\PRODUCTSETUP, Quarantined, 112, 481004, 1.0.36837, , ame, , ,
PUP.Optional.MediaPlayAir, HKU\S-1-5-21-1018448789-4025328002-866781052-1001\SOFTWARE\UNDEFINED, Quarantined, 7773, 334354, 1.0.36837, , ame, , ,
Adware.Adposhel.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\11598763487076930564, Quarantined, 16574, 878861, 1.0.36837, , ame, , ,
PUP.Optional.CloudScout, HKLM\SOFTWARE\WOW6432NODE\5da059a482fd494db3f252126fbc3d5b, Quarantined, 3454, 246387, 1.0.36837, , ame, , ,
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E1527582-8509-4011-B922-29E3FB548882}_is1, Quarantined, 3090, 260251, 1.0.36837, , ame, , ,

Registry Value: 14
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{a62abdee-78a2-4ddb-9355-1c334abd6e43}|URL, Quarantined, 2683, 342409, 1.0.36837, , ame, , ,
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{a62abdee-78a2-4ddb-9355-1c334abd6e43}|TOPRESULTURLFALLBACK, Quarantined, 2683, 342409, 1.0.36837, , ame, , ,
PUP.Optional.SearchYa, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{d4fee3d1-1014-4db8-a824-573bf9ab51c7}|FAVICONPATH, Quarantined, 2160, 242799, 1.0.36837, , ame, , ,
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}|URL, Quarantined, 2683, 254683, 1.0.36837, , ame, , ,
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}|TOPRESULTURLFALLBACK, Quarantined, 2683, 254683, 1.0.36837, , ame, , ,
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{902FA5BC-AF2F-4DD7-AF39-BF254EB9162A}|URL, Quarantined, 2683, 254683, 1.0.36837, , ame, , ,
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{902FA5BC-AF2F-4DD7-AF39-BF254EB9162A}|TOPRESULTURLFALLBACK, Quarantined, 2683, 254683, 1.0.36837, , ame, , ,
PUP.Optional.SearchYa, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{a62abdee-78a2-4ddb-9355-1c334abd6e43}|FAVICONPATH, Quarantined, 2160, 242799, 1.0.36837, , ame, , ,
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{7d7d52bd-f337-4fdc-bbf4-00e80f30aa93}|NAMESERVER, Quarantined, 6941, 260226, 1.0.36837, , ame, , ,
Adware.DNSUnlocker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{ADCAE204-464E-40F8-B528-5CF82325BC36}|PATH, Quarantined, 8234, 372692, 1.0.36837, , ame, , ,
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{ed50ab1d}|1, Quarantined, 3090, 260250, 1.0.36837, , ame, , ,
PUP.Optional.SearchYa, HKU\S-1-5-21-1018448789-4025328002-866781052-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{a62abdee-78a2-4ddb-9355-1c334abd6e43}|FAVICONPATH, Quarantined, 2160, 242794, 1.0.36837, , ame, , ,
PUP.Optional.InstallCore, HKU\S-1-5-21-1018448789-4025328002-866781052-1001\SOFTWARE\PRODUCTSETUP|TB, Quarantined, 112, 481004, 1.0.36837, , ame, , ,
PUP.Optional.MediaPlayAir, HKU\S-1-5-21-1018448789-4025328002-866781052-1001\SOFTWARE\UNDEFINED|JAVAPLUGIN [1].EXE, Quarantined, 7773, 334354, 1.0.36837, , ame, , ,

Registry Data: 13
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Replaced, 3090, -1, 0.0.0, , action, , ,
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Replaced, 3090, -1, 0.0.0, , action, , ,
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{5d0eccd4-e224-4a92-8bfd-c96c99fdee36}|NameServer, Replaced, 3090, -1, 0.0.0, , action, , ,
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{5d0eccd4-e224-4a92-8bfd-c96c99fdee36}|DhcpNameServer, Replaced, 3090, -1, 0.0.0, , action, , ,
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{7d7d52bd-f337-4fdc-bbf4-00e80f30aa93}|NameServer, Replaced, 3090, -1, 0.0.0, , action, , ,
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{7d7d52bd-f337-4fdc-bbf4-00e80f30aa93}|DhcpNameServer, Replaced, 3090, -1, 0.0.0, , action, , ,
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{80bcd493-79d2-42e7-bb82-b5a2a52b7a7b}|NameServer, Replaced, 3090, -1, 0.0.0, , action, , ,
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{80bcd493-79d2-42e7-bb82-b5a2a52b7a7b}|DhcpNameServer, Replaced, 3090, -1, 0.0.0, , action, , ,
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}|NameServer, Replaced, 3090, -1, 0.0.0, , action, , ,
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{d09ddbdc-a921-49d0-8914-bc2117ce4028}|NameServer, Replaced, 3090, -1, 0.0.0, , action, , ,
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{d1c6cdbe-08c4-4abf-9b14-5a76000d1cbb}|NameServer, Replaced, 3090, -1, 0.0.0, , action, , ,
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{dab27916-27b4-4bb1-b61d-a564766ae6dd}|NameServer, Replaced, 3090, -1, 0.0.0, , action, , ,
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{f79db2d5-6bd5-4059-9c9b-ca4dbcf4869a}|NameServer, Replaced, 3090, -1, 0.0.0, , action, , ,

Data Stream: 0
(No malicious items detected)

Folder: 11
PUP.Optional.WinYahoo.TskLnk, C:\Users\John\AppData\Local\{0B1F3D43-2FB7-51FB-422F-74136647888B}\HowToRemove, Quarantined, 9191, 484244, , , , , ,
PUP.Optional.WinYahoo.TskLnk, C:\USERS\JOHN\APPDATA\LOCAL\{0B1F3D43-2FB7-51FB-422F-74136647888B}, Quarantined, 9191, 484244, 1.0.36837, , ame, , ,
PUP.Optional.WinYahoo.TskLnk, C:\USERS\JOHN\APPDATA\LOCAL\{9FA2A9FE-BB0A-C546-D692-E0AEF2FA1C36}, Quarantined, 9191, 484244, 1.0.36837, , ame, , ,
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAM FILES (X86)\DNS UNLOCKER, Quarantined, 3090, 182290, 1.0.36837, , ame, , ,
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{00377128-612c-1}, Quarantined, 8996, 407180, 1.0.36837, , ame, , ,
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{0260686c-612c-0}, Quarantined, 8996, 407180, 1.0.36837, , ame, , ,
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{13c3fcb9-212c-0}, Quarantined, 8996, 407180, 1.0.36837, , ame, , ,
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\{1f87ac9d-712c-1}, Quarantined, 8996, 407180, 1.0.36837, , ame, , ,
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\7495b64f-03a3-0, Quarantined, 8996, 407181, 1.0.36837, , ame, , ,
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\9a0fa19d-1463-0, Quarantined, 8996, 407181, 1.0.36837, , ame, , ,
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\9a0fa19d-2547-1, Quarantined, 8996, 407181, 1.0.36837, , ame, , ,

File: 47
PUP.Optional.WinYahoo, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOWTOREMOVE.HTML.LNK, Quarantined, 2683, 254335, 1.0.36837, , ame, , 09F114D7646AFBD59ABC8DF0EE734C6B, 1DC059D236E33913E3E71959676B3FF6A0DFA3630C7E4AE7914A48275EB8F465
Adware.DNSUnlocker, C:\WINDOWS\SYSTEM32\TASKS\DNSLOCKINGTON, Quarantined, 8234, 372694, 1.0.36837, , ame, , 2D981E6F59ED14346380E11317AC1D97, 1F24C740022887BCA6AFF20E5D54A9DFD364967C5BFFE8787C0230F7D4B8DAE0
PUP.Optional.WinYahoo.TskLnk, C:\USERS\JOHN\APPDATA\LOCAL\{0B1F3D43-2FB7-51FB-422F-74136647888B}\lene, Quarantined, 9191, 484244, 1.0.36837, , ame, , 444790EEA1DCE7F188AFD963E05FDC94, C0E43AF215C67E910626CC26B2E416DD96B2F82561F7909F4CCA6E91D64D0BDC
PUP.Optional.WinYahoo.TskLnk, C:\Users\John\AppData\Local\{0B1F3D43-2FB7-51FB-422F-74136647888B}\HowToRemove\chromium-min.jpg, Quarantined, 9191, 484244, , , , , 63BC75E5CF5CBA301C0A333A493C1E6C, AECF7E9F8EA60035CF8E255B99ADDBC4739C357BC9773273B682B06073AE2BBC
PUP.Optional.WinYahoo.TskLnk, C:\Users\John\AppData\Local\{0B1F3D43-2FB7-51FB-422F-74136647888B}\HowToRemove\control panel-min-min.JPG, Quarantined, 9191, 484244, , , , , D3317C08A7FD5C68AF7607B56365D7EF, E0DF11EDFC606871F3FA3E825D0A346D895CF2246372E1919F3F6B6F823855EA
PUP.Optional.WinYahoo.TskLnk, C:\Users\John\AppData\Local\{0B1F3D43-2FB7-51FB-422F-74136647888B}\HowToRemove\down.png, Quarantined, 9191, 484244, , , , , BD28C167E200A3B28D65FAD11067F767, 782AEE35F1473A0818E85C7888276AB1A92A2C6650420A6914C11D4A87017959
PUP.Optional.WinYahoo.TskLnk, C:\Users\John\AppData\Local\{0B1F3D43-2FB7-51FB-422F-74136647888B}\HowToRemove\ff menu.JPG, Quarantined, 9191, 484244, , , , , 0ACF64A62398FD3E28C0F776E080E02E, A7E228427AFE421EE317EECF714464E5ED346B2032C98F4076B01EB61D92F11F
PUP.Optional.WinYahoo.TskLnk, C:\Users\John\AppData\Local\{0B1F3D43-2FB7-51FB-422F-74136647888B}\HowToRemove\ff search engine-min.png, Quarantined, 9191, 484244, , , , , 98167327578F423AD62775F9C0DA1C08, 95E4B167F0173DB00F6BCDDE9864CC2E5DDED171506F8AB8E7B9F7863D913680
PUP.Optional.WinYahoo.TskLnk, C:\Users\John\AppData\Local\{0B1F3D43-2FB7-51FB-422F-74136647888B}\HowToRemove\HowToRemove.html, Quarantined, 9191, 484244, , , , , 92A56BD431B8EC678C73844C916017CA, 47BFA64B49B9ABF0C2DCA4F400E0137E1C29211CE6ED4196EDE1560149D13FF2
PUP.Optional.WinYahoo.TskLnk, C:\Users\John\AppData\Local\{0B1F3D43-2FB7-51FB-422F-74136647888B}\HowToRemove\hp-min ff.png, Quarantined, 9191, 484244, , , , , AFE6FD269F10B4FB4055028CE2E0F70C, F0403DEBED00E906EE26EFE1463A63347D5B7CD6EB60BB38AE0E3C3460F71693
PUP.Optional.WinYahoo.TskLnk, C:\Users\John\AppData\Local\{0B1F3D43-2FB7-51FB-422F-74136647888B}\HowToRemove\hp-min ie.png, Quarantined, 9191, 484244, , , , , C76F780F7CDEDA6D63A72E00719EAE53, 0A53A6F7C61B73B40061A401ED4C5D1E520C1D1DEC270617C5C25C8EE64A95C6
PUP.Optional.WinYahoo.TskLnk, C:\Users\John\AppData\Local\{0B1F3D43-2FB7-51FB-422F-74136647888B}\HowToRemove\search engine.gif, Quarantined, 9191, 484244, , , , , D2665D24334093AFB3D3E64E22346AC4, E5CA26785BDB836C3C234A67E991BF1C70D4E87CAA75EC43747619E64DECAA57
PUP.Optional.WinYahoo.TskLnk, C:\Users\John\AppData\Local\{0B1F3D43-2FB7-51FB-422F-74136647888B}\HowToRemove\setup pages.gif, Quarantined, 9191, 484244, , , , , D8957AB88B51AC3D91DB06AC96369BE4, 6BB5388E49AAB90AB7C85A736EAABDEB9A78CDCCA4D7A4138B00DBC1C657C8D5
PUP.Optional.WinYahoo.TskLnk, C:\Users\John\AppData\Local\{0B1F3D43-2FB7-51FB-422F-74136647888B}\HowToRemove\sp-min.png, Quarantined, 9191, 484244, , , , , C4A8846B0AAC9BEF78F6A001514ECFF5, 4E9A05BDB43137235913F0BBB1F21C35DF34E62D33F2A4F4FC9C0F15FA1346E3
PUP.Optional.WinYahoo.TskLnk, C:\Users\John\AppData\Local\{0B1F3D43-2FB7-51FB-422F-74136647888B}\HowToRemove\start-min.jpg, Quarantined, 9191, 484244, , , , , 7A52610FBA6935C9ACF2A2F38CA86F6A, 677001B0CFD9F6C824E422C5EBBC5C042ABB0CF156990064DD3170CF6F3379C8
PUP.Optional.WinYahoo.TskLnk, C:\Users\John\AppData\Local\{0B1F3D43-2FB7-51FB-422F-74136647888B}\HowToRemove\up.png, Quarantined, 9191, 484244, , , , , 45B1D3F523A38E29419DC26AE6BDD253, 892E25F7363B1C4EFA5FFACD5F4CDADD01833F49EF5CEF335676D84DA871EBA0
PUP.Optional.WinYahoo.TskLnk, C:\USERS\JOHN\APPDATA\LOCAL\{9FA2A9FE-BB0A-C546-D692-E0AEF2FA1C36}\nosa, Quarantined, 9191, 484244, 1.0.36837, , ame, , 408FCC1909C3025232FC44FEAFCBFE1B, 4BF0544AC82E40E7AA7449D56CB534C55E22C71EFEB6FFF2E692C56C59AA3A7B
PUP.Optional.WinYahoo.TskLnk, C:\Users\John\AppData\Local\{9FA2A9FE-BB0A-C546-D692-E0AEF2FA1C36}\info.dat, Quarantined, 9191, 484244, , , , , B3D059FD62E915B6C0595999058B6064, BF9478FC4B9152B7DFE2B997BC15E5B158DA91F3FFFB25D15810F52574544962
PUP.Optional.WinYahoo.TskLnk, C:\Users\John\AppData\Local\{9FA2A9FE-BB0A-C546-D692-E0AEF2FA1C36}\install.log, Quarantined, 9191, 484244, , , , , 314B1D418B057F3444D0C47822901035, 436360F073415A4C1E4D80365515BEC7FF7358000CC333E97A4B9F0E6CA27C89
PUP.Optional.WinYahoo.TskLnk, C:\Users\John\AppData\Local\{9FA2A9FE-BB0A-C546-D692-E0AEF2FA1C36}\Sqlite3.dll, Quarantined, 9191, 484244, , , , , 5F09D271B8F4A62FC087E0D5452D2EC8, 0E8850DA3B89EA0342CA57A9058BA1C9F515305A44E3BF7161448F63835AE577
PUP.Optional.WinYahoo.TskLnk, C:\Users\John\AppData\Local\{9FA2A9FE-BB0A-C546-D692-E0AEF2FA1C36}\tane, Quarantined, 9191, 484244, , , , , 07FC9B29E1085685847C6D807BDA1E05, 1D6D43D0DA0BC9180515788BE9417710968EBA4B61A74D48BDFB520BFCE27C95
PUP.Optional.WinYahoo.TskLnk, C:\Users\John\AppData\Local\{9FA2A9FE-BB0A-C546-D692-E0AEF2FA1C36}\temp.flt, Quarantined, 9191, 484244, , , , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\John\AppData\Local\{9FA2A9FE-BB0A-C546-D692-E0AEF2FA1C36}\uninst.dat, Quarantined, 9191, 484244, , , , , FEA97ADC1F29C038E668613994AA5477, 09924E7BF32D26B7B2CF6FF9F4B01163B9484E3408DD9F99B1EAC669F0FCE564
PUP.Optional.DNSUnlocker.ACMB2, C:\Program Files (x86)\DNS Unlocker\config.ini, Quarantined, 3090, 182290, , , , , 9E661B4ACE4F5F3026D945CF7A4356AE, B5CA3E31153AF772199F19D75FCED2AAD70FB4C013E09D83F1DDF5667AB2EB8B
PUP.Optional.DNSUnlocker.ACMB2, C:\Program Files (x86)\DNS Unlocker\DNSLOCKINGTON.cer, Quarantined, 3090, 182290, , , , , 5FBB11485CD05D8986488D11EB22FEDD, C17861B640492388D50FF5DAC282ED502AEC9AD1AA4AA07DD977FA9AB2567C30
PUP.Optional.DNSUnlocker.ACMB2, C:\Program Files (x86)\DNS Unlocker\Info.rtf, Quarantined, 3090, 182290, , , , , 04EB90C33B03E877B60C8DD0D34E7AB4, 1EA2DAD7F5731ED8745AC15847C17F54638697CBD067E1E72579863CB566AB17
PUP.Optional.DNSUnlocker.ACMB2, C:\Program Files (x86)\DNS Unlocker\License.rtf, Quarantined, 3090, 182290, , , , , 4C88115E916D2D03C9ABFD53FAF22C57, 56343BB3E80F5F7E8D309B7611660E34F40ABB719C94E1A68048AECA5ECC610B
PUP.Optional.DNSUnlocker.ACMB2, C:\Program Files (x86)\DNS Unlocker\LogoBlack.ico, Quarantined, 3090, 182290, , , , , 1F072815CBF36866E24CA59D03280CB8, 7938095996481E9A9B969F1596484560D517C155657EFEBEC76955CB53B5B9BC
PUP.Optional.DNSUnlocker.ACMB2, C:\Program Files (x86)\DNS Unlocker\LogoGreen.ico, Quarantined, 3090, 182290, , , , , BC5F8AE04234C784FBE5BDC33DA35A37, A56A90292A6A51A845D345E4DE8F18AF330D513771070F49EA200E413C08F80A
PUP.Optional.DNSUnlocker.ACMB2, C:\Program Files (x86)\DNS Unlocker\LogoYellow.ico, Quarantined, 3090, 182290, , , , , 442F69BF674C47C404964B59487B97C5, FC70BEA12C1541859997B27DB9CD6748DC904E60C17F7E223B41DED5A1121836
PUP.Optional.DNSUnlocker.ACMB2, C:\Program Files (x86)\DNS Unlocker\Microsoft.Win32.TaskScheduler.dll, Quarantined, 3090, 182290, , , , , C1CBA22A0D2E49A17809BD565E93FDC5, 31B3BE692639116F163C5AA594297D97759BCCBC297A6E29E649281A8F6DD3AB
PUP.Optional.DNSUnlocker.ACMB2, C:\Program Files (x86)\DNS Unlocker\settings.ini, Quarantined, 3090, 182290, , , , , F0CD7A01C075F01AE6194FE00A91F80D, B8D9B21B033A083CCE7A053AB3061486ED5E25EA10344B13D6982A223BAA02DC
PUP.Optional.DNSUnlocker.ACMB2, C:\Program Files (x86)\DNS Unlocker\unins000.dat, Quarantined, 3090, 182290, , , , , 1B73D0582F357A6B2044AB9038245B90, B8F2E804C6847AE528517FEAF27CF594B2FCE6AFB4B5CF6D2CA8BCC07FD451A8
PUP.Optional.DNSUnlocker.ACMB2, C:\Program Files (x86)\DNS Unlocker\unins000.exe, Quarantined, 3090, 182290, , , , , 0E3C0AB19EA68F26FF8CE54DC94EA5A4, 26DBA9BD0B11345B2A08ED6FE1BBC32BB886A89582DE286FB0265FAC151EC7D7
PUP.Optional.DNSUnlocker.ACMB2, C:\Program Files (x86)\DNS Unlocker\ZonaTools.XPlorerBar.dll, Quarantined, 3090, 182290, , , , , B030405B3CC610567EB1C4796487E8D8, 2E5B61ADF41B6DF3D21400794F47713DAFD3BE21A9FC1A0EBDDA0E3AA22A917B
Malware.AI.769894175, C:\USERS\JOHN\APPDATA\ROAMING\SETUP36033.EXE, Quarantined, 1000000, 0, 1.0.36837, AC0926BB4B83BC462DE3A71F, dds, 01108459, B3DCF676DCC263F17876231DABC55C2B, 4DC1A26041F2933288CFBC3EAE5FFBA353A427C7011259418F02EB36CDFCBFD8
Malware.AI.331222135, C:\USERS\JOHN\APPDATA\ROAMING\SETUP33326.EXE, Quarantined, 1000000, 0, 1.0.36837, C87BCEE710B7E69613BE0C77, dds, 01108459, EBA0DE9F6600536F193C04A266C0A4C3, F4D99817377A0BA9474BA1856EB2368E733DD4F5034A37B11B8161BA3F990516
Malware.AI.1704946302, C:\USERS\JOHN\APPDATA\ROAMING\SETUP35910.EXE, Quarantined, 1000000, 0, 1.0.36837, 39A05A31AAB58FFF659F6A7E, dds, 01108459, 296383EC13EB2B08B32409B2EAE85356, 49017A9461C46995F8C915A50955B31DB4B9BC036F177EAE1BBC57333C2D477D
Adware.DealPly, C:\USERS\JOHN\APPDATA\ROAMING\SETUP57914.EXE, Quarantined, 47, 323141, 1.0.36837, 43DEFE3D8A4A9C78F121FC26, dds, 01108459, 2D271E9E1F7A46919C8FE25C22F8EF21, 7DD29D5AB7305AC1D3396D9E28F5C56937380E6F2B08F404850CB0573F29AD3B
PUP.Optional.InstallCore, C:\USERS\JOHN\DOWNLOADS\JAVAPLUGIN (2).EXE, Quarantined, 112, 323797, 1.0.36837, 34B97094ED07758CF81EA631, dds, 01108459, 21DE53CBB19617E0DFE018F3ADAB8C5A, A2E5BDA80F90B4C77AB7EF6170EA9D5952758E7519FDF119CDE1F0B48EA23847
PUP.Optional.InstallCore, C:\USERS\JOHN\DOWNLOADS\MEDIADOWNLOADERSETUP (2).EXE, Quarantined, 112, 320933, 1.0.36837, , ame, , C3EEC0344906F9C3485B59FBFA31107C, A74FC200B1C3BBCF8CE2FD58A28378ED3F5DACD07FF6EC291B73977BDD053A9B
PUP.Optional.InstallCore, C:\USERS\JOHN\DOWNLOADS\MEDIADOWNLOADERSETUP.EXE, Quarantined, 112, 320933, 1.0.36837, , ame, , C3EEC0344906F9C3485B59FBFA31107C, A74FC200B1C3BBCF8CE2FD58A28378ED3F5DACD07FF6EC291B73977BDD053A9B
PUP.Optional.InstallCore, C:\USERS\JOHN\DOWNLOADS\MEDIADOWNLOADERSETUP (1).EXE, Quarantined, 112, 320933, 1.0.36837, , ame, , C3EEC0344906F9C3485B59FBFA31107C, A74FC200B1C3BBCF8CE2FD58A28378ED3F5DACD07FF6EC291B73977BDD053A9B
PUP.Optional.InstallCore, C:\USERS\JOHN\DOWNLOADS\MEDIADOWNLOADERSETUP (3).EXE, Quarantined, 112, 320933, 1.0.36837, , ame, , C3EEC0344906F9C3485B59FBFA31107C, A74FC200B1C3BBCF8CE2FD58A28378ED3F5DACD07FF6EC291B73977BDD053A9B
PUP.Optional.MediaDownloader, C:\USERS\JOHN\DOWNLOADS\MEDIADOWNLOADER.EXE, Quarantined, 2781, 445346, 1.0.36837, , ame, , 6143C6761D236CD3EA1EB34283715C01, 6153F429C0CEDC721846E60255834AE0F43829CC6A387B766DE6F301DAB54ECA
PUP.Optional.InstallCore, C:\USERS\JOHN\DOWNLOADS\JAVAPLUGIN (1).EXE, Quarantined, 112, 323797, 1.0.36837, 34B97094ED07758CF81EA631, dds, 01108459, 3B869A221D580F49B8E6C12963D98586, F5CE8A32A3BEB1E18223BA02EF7D5B360A23BFFDA794B5E95AFF1E605CB1B306
PUP.Optional.InstallCore, C:\USERS\JOHN\DOWNLOADS\MEDIADOWNLOADERSETUP (4).EXE, Quarantined, 112, 320933, 1.0.36837, , ame, , C3EEC0344906F9C3485B59FBFA31107C, A74FC200B1C3BBCF8CE2FD58A28378ED3F5DACD07FF6EC291B73977BDD053A9B

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.1
# -------------------------------
# Build: 01-20-2021
# Database: 2021-01-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-08-2021
# Duration: 00:00:09
# OS: Windows 10 Home
# Cleaned: 34
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Yahoo!\yset
Deleted C:\ProgramData\ED50AB1D
Deleted C:\Users\John\AppData\Local\YSearchUtil

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bestpriceninja.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\coupontime.co
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\land.pckeeper.software
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pckeeper.software
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pcspeeduppro.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pricepeep.net
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.coupontime00.coupontime.co
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.pricepeep00.pricepeep.net
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\utop.it
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bestpriceninja.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\coupontime.co
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\land.pckeeper.software
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pckeeper.software
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pcspeeduppro.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pricepeep.net
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pstatic.bestpriceninja.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.coupontime00.coupontime.co
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.pricepeep00.pricepeep.net
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\utop.it
Deleted HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|WeatherBug.exe
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|WeatherBug
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [15170 octets] - [08/02/2021 17:57:07]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-02-2021 01
Ran by John (administrator) on JOHNDIMEGLIO (ASUSTeK COMPUTER INC. X551MA) (08-02-2021 19:14:31)
Running from C:\Users\John\Desktop
Loaded Profiles: John
Platform: Windows 10 Home Version 1909 18363.1316 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.3.0.595\ASUSWSLoader.exe [63968 2017-12-12] (ASUS Cloud Corporation -> ASUS Cloud Corporation)
HKU\S-1-5-21-1018448789-4025328002-866781052-1001\...\Run: [Chromium] => "c:\users\john\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-1018448789-4025328002-866781052-1001\...\Run: [BingSvc] => C:\Users\John\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-03-11] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-1018448789-4025328002-866781052-1004\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1018448789-4025328002-866781052-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\PDF995 Monitor: C:\WINDOWS\system32\pdf995mon64.dll [40448 2014-03-05] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.150\Installer\chrmstp.exe [2021-02-08] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {023D5096-39DC-4741-8D42-5CF83CD453AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-05] (Google LLC -> Google LLC)
Task: {08EE50E6-60E5-49D3-BC09-0A91A3B48546} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116584 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {0CC553D9-BD4B-4312-BEBD-81152BC7D124} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [109880 2014-01-14] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {1289F0EE-B461-44C0-8080-07A35F155DD4} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116584 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {16AF80D4-066F-4480-ACB7-FFFFDDD90D6B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-05] (Google LLC -> Google LLC)
Task: {1AD4B3E1-8CE5-4B2F-9AE6-026C5605A046} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1271424 2014-09-02] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
Task: {1D9FE816-0B21-482E-A920-AA27C32F1155} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {20FEB2A3-9103-4B22-AA03-4493FDA29FC5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {21CB0DCD-5909-4DB8-8BEE-1811395929AA} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2998552 2015-03-23] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {21DB1DE9-FA48-4327-84FC-887EE8231E0D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {260BD459-1991-45B3-9019-E7D0AB701BC7} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {2F5CCED8-B947-43B6-AA4C-1B81C15756B2} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19723888 2014-03-27] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {2F7083A1-EA47-43AE-BE95-761255D0956D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {49CD1C47-BB3B-4353-9D6F-F42213DB73A8} - \WPD\SqmUpload_S-1-5-21-1018448789-4025328002-866781052-1001 -> No File <==== ATTENTION
Task: {4C5107DE-0D25-4E4D-904A-FCAFC6ED56B9} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {5276C849-81A4-4368-8BCA-33FFB08C7A0D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {58BBADAA-3968-4BBA-9DC6-0CA274DFBDAD} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [18400 2017-03-09] (ASUSTeK Computer Inc. -> AsusTek)
Task: {5A4A67A6-33A6-44E6-A4A8-A1CC01E9C9D6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4071336 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {647458F6-96F2-45FF-A027-BBCF6E2BE703} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6D091EAB-DD57-4217-9536-304A38EEB6CA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {7DD29336-A4D5-49BD-8B53-513FC17981D8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23062920 2021-01-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8C2BB374-9233-4E10-9081-0EFEF2DF4D3B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {92A4E816-4B8F-4C51-9309-811794BAA74B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {92CFA6F4-6657-4EF6-BCD6-2E0572242489} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {9A3FD0B0-ECE4-4E2E-A6F6-46710B0DCF5B} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671640 2014-04-10] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {9C622236-F075-420C-8664-C22286ED6F2C} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [12288 2015-02-12] () [File not signed]
Task: {A62B4600-F9A4-4042-BD8C-86DE58A8F942} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A7E7AE3D-0ADE-47B6-8880-E44673F20641} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-15] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {AA5EC423-8962-409A-BA50-2E1FDC091943} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [58440 2014-04-02] (ASUSTeK Computer Inc. -> ASUS)
Task: {C8E56950-585D-49EF-80FB-D2EA9D99124F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4071336 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {C8FE8A1F-D258-465A-A90C-20CEAC39B051} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2998552 2015-03-23] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D67FEE68-0486-4D51-A096-F0D94847584F} - \{5FB778CC-EBFC-81CE-4EB6-957429887A55} -> No File <==== ATTENTION
Task: {DB26F34F-0D0B-4628-AF69-101CF09A3FB6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23062920 2021-01-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {EC148BC2-AD53-4C9F-A105-5A2E715177A8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F3E63767-5F33-4DC4-83BA-1AD26F4FFF2C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F51B607D-8BBA-4685-B104-261E6233437F} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [1957040 2013-11-04] (ASUSTeK Computer Inc. -> ) [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5d0eccd4-e224-4a92-8bfd-c96c99fdee36}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5d0eccd4-e224-4a92-8bfd-c96c99fdee36}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7d7d52bd-f337-4fdc-bbf4-00e80f30aa93}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{7d7d52bd-f337-4fdc-bbf4-00e80f30aa93}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{80bcd493-79d2-42e7-bb82-b5a2a52b7a7b}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{80bcd493-79d2-42e7-bb82-b5a2a52b7a7b}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a3b80229-7c03-11e6-9553-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{d09ddbdc-a921-49d0-8914-bc2117ce4028}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{d1c6cdbe-08c4-4abf-9b14-5a76000d1cbb}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{dab27916-27b4-4bb1-b61d-a564766ae6dd}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{f79db2d5-6bd5-4059-9c9b-ca4dbcf4869a}: [NameServer] 8.8.8.8

Edge:
=======
Edge Profile: C:\Users\John\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-08]
Edge StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=arh&hsimp=yhs-001&type=xy_5e6f625a&param1=ArFaIWxoNqArQGMVIDImAHFbMnMqQGMVwCNoNqAdBHFaIUoeATVoNqAqAXFaIWQBvmE4ICILNopcGWUIvmFdImIVvFQ3vCoVvmo4IGYXwVU4ICoVNVVdJqYTNVNdJmILNVJdESk8NUM9J6oWwVU3vmILNFdbDSk8wVU9ImIXwVI9ImIVwVA9ISILNFdcJ6k8NoFcFGUMwVQ9JmITwVM9ImIVwV5cGWUSNFRcEqULNopcGWUIvmFbF6IVwVM4J6IYvmk4ISoVwVQ9I6IVwVNdJmk3wVxdJ6oXwVVdImISvFFdIqYVwVU9I6IVwVI3vqYVvFFdIqYVvmk9JGYYNVM4IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGwVVdIWYXwVJdIWYUvFQ4ICISNVM9J6k3vFQ9I6oUNVE9Jmk3wVw3vCIYwVI9JCISvFI3vqYYNVNdIWYTNVU4IGYXwVQ9JaYVNoU9GqYYNVc3wCIXQGR7B6RoN9JbMat4NWFdNGVoNqAsQGMVvDIlC6MuNGAuNqEuy6QmyndoNqAex807ACRoN9JcNX5dQGR7y6NoN9ICzD4py6waQGQXNGZoNpQRy78o&param2=NGx9MaN4NWt8"
Edge DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=xy_5e6f625a&param1=ArFaIWJoNqArQGMVIDImAHFbMnMqQGMVwCNoNqAdBHFaIUoeATVoNqAqAXFaIWQBvmE4ICILNopcGWUIvmFdImIVvFQ3vCoVvmo4IGYXwVU4ICoVNVVdJqYTNVNdJmILNVJdESk8NUM9J6oWwVU3vmILNFdbDSk8wVU9ImIXwVI9ImIVwVA9ISILNFdcJ6k8NoFcFGUMwVQ9JmITwVM9ImIVwV5cGWUSNFRcEqULNopcGWUIvmFbF6IVwVM4J6IYvmk4ISoVwVQ9I6IVwVNdJmk3wVxdJ6oXwVVdImISvFFdIqYVwVU9I6IVwVI3vqYVvFFdIqYVvmk9JGYYNVM4IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGwVVdIWYXwVJdIWYUvFQ4ICISNVM9J6k3vFQ9I6oUNVE9Jmk3wVw3vCIYwVI9JCISvFI3vqYYNVNdIWYTNVU4IGYXwVQ9JaYVNoU9GqYYNVc3wCIXQGR7B6RoN9JbMat4NWFdNGVoNqAsQGMVvDIlC6MuNGAuNqEuy6QmyndoNqAex807ACRoN9JcNX5dQGR7y6NoN9ICzD4py6waQGQXNGZoNpQRy78o&param2=NGZ9NGx8Nax4NZ%3D%3D&p={searchTerms}
Edge DefaultSearchKeyword: Default -> us.search.yahoo.com
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\John\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-02-08]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi => not found
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] (Foxit Corporation -> )
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] (Foxit Corporation -> )
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-01-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-11-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2017-05-16] (WildTangent Inc -> )
FF Plugin HKU\S-1-5-21-1018448789-4025328002-866781052-1001: @citrixonline.com/appdetectorplugin -> C:\Users\John\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-22] (Citrix Online -> Citrix Online)

Chrome:
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default [2021-02-08]
CHR Extension: (Slides) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-07-05]
CHR Extension: (Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-07-05]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-17]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-05]
CHR Extension: (Sheets) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-07-05]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-01-11]
CHR Extension: (Google Docs Offline) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-31]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-02-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-08]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-17]
CHR Extension: (Chrome Media Router) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-08]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ASUSGiftBoxDekstop; C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe [315704 2015-07-20] (ASUSTeK Computer Inc. -> ASUS)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8960384 2021-01-19] (Microsoft Corporation -> Microsoft Corporation)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [399216 2017-05-16] (WildTangent Inc -> WildTangent)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-08] (Malwarebytes Inc -> Malwarebytes)
S2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2020-07-02] (Reason Software Company Inc. -> Reason Software Company Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2021-02-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2021-02-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 McAfee WebAdvisor; "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [128024 2017-03-09] (ASUSTeK Computer Inc. -> ASUS Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-02-08] (Malwarebytes Corporation -> Malwarebytes)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32680 2019-08-07] (ASUSTek Computer Inc. -> ASUS)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [17280 2012-08-05] (ASUSTeK Computer Inc. -> )
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220600 2021-02-08] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-02-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-02-08] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-02-08] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-02-08] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [142440 2021-02-08] (Malwarebytes Inc -> Malwarebytes)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2021-02-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2021-02-08] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2021-02-08] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-08 18:51 - 2021-02-08 19:13 - 000034985 _____ C:\Users\John\Desktop\Addition.txt
2021-02-08 18:51 - 2021-02-08 19:13 - 000034985 _____ C:\Users\John\Desktop\Addition.txt
2021-02-08 18:51 - 2021-02-08 19:13 - 000034985 _____ C:\Users\John\Desktop\Addition.txt
2021-02-08 18:40 - 2021-02-08 19:17 - 000020638 _____ C:\Users\John\Desktop\FRST.txt
2021-02-08 18:40 - 2021-02-08 19:17 - 000020638 _____ C:\Users\John\Desktop\FRST.txt
2021-02-08 18:40 - 2021-02-08 19:17 - 000020638 _____ C:\Users\John\Desktop\FRST.txt
2021-02-08 18:40 - 2021-02-08 19:16 - 000000000 ____D C:\FRST
2021-02-08 17:55 - 2021-02-08 18:09 - 000000000 ____D C:\AdwCleaner
2021-02-08 17:51 - 2021-02-08 18:11 - 000000000 ____D C:\GVTS
2021-02-08 17:41 - 2021-02-08 17:41 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-02-08 17:41 - 2021-02-08 17:41 - 000142440 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-02-08 17:41 - 2021-02-08 17:41 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-02-08 17:21 - 2021-02-08 17:21 - 000000000 ____D C:\Users\John\AppData\Local\mbam
2021-02-08 17:21 - 2021-02-08 17:21 - 000000000 ____D C:\Users\John\AppData\Local\mbam
2021-02-08 17:21 - 2021-02-08 17:21 - 000000000 ____D C:\Users\John\AppData\Local\mbam
2021-02-08 17:20 - 2021-02-08 17:41 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-02-08 17:20 - 2021-02-08 17:20 - 000220600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-02-08 17:20 - 2021-02-08 17:20 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-02-08 17:20 - 2021-02-08 17:20 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-02-08 17:20 - 2021-02-08 17:20 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-02-08 17:20 - 2021-02-08 16:21 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-02-08 17:14 - 2021-02-08 18:01 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-02-08 17:14 - 2021-02-08 18:01 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-02-08 17:14 - 2021-02-08 18:01 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-02-08 17:13 - 2021-02-08 17:54 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-08 17:13 - 2021-02-08 17:54 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-08 16:51 - 2021-02-08 16:51 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2021-02-08 16:21 - 2021-02-08 16:21 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-02-08 16:20 - 2021-02-08 16:20 - 000000000 ____D C:\Program Files\Malwarebytes
2021-02-08 16:00 - 2021-02-08 16:00 - 000001102 _____ C:\Users\John\Desktop\Welcome to ASUS Product Registration.lnk
2021-02-08 16:00 - 2021-02-08 16:00 - 000001102 _____ C:\Users\John\Desktop\Welcome to ASUS Product Registration.lnk
2021-02-08 16:00 - 2021-02-08 16:00 - 000001102 _____ C:\Users\John\Desktop\Welcome to ASUS Product Registration.lnk
2021-02-08 15:50 - 2021-02-08 15:50 - 008457584 _____ (Malwarebytes) C:\Users\John\Downloads\adwcleaner_8.0.9.1.exe
2021-02-08 15:50 - 2021-02-08 15:50 - 008457584 _____ (Malwarebytes) C:\Users\John\Downloads\adwcleaner_8.0.9.1.exe
2021-02-08 15:50 - 2021-02-08 15:50 - 008457584 _____ (Malwarebytes) C:\Users\John\Downloads\adwcleaner_8.0.9.1.exe
2021-02-08 15:48 - 2021-02-08 15:48 - 002297344 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2021-02-08 15:48 - 2021-02-08 15:48 - 002297344 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2021-02-08 15:48 - 2021-02-08 15:48 - 002297344 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2021-02-08 15:43 - 2021-02-08 15:44 - 002086424 _____ (Malwarebytes) C:\Users\John\Downloads\MBSetup.exe
2021-02-08 15:43 - 2021-02-08 15:44 - 002086424 _____ (Malwarebytes) C:\Users\John\Downloads\MBSetup.exe
2021-02-08 15:43 - 2021-02-08 15:44 - 002086424 _____ (Malwarebytes) C:\Users\John\Downloads\MBSetup.exe
2021-02-08 09:22 - 2021-02-08 15:25 - 000000000 ____D C:\Users\John\AppData\Local\D3DSCache
2021-02-08 09:22 - 2021-02-08 15:25 - 000000000 ____D C:\Users\John\AppData\Local\D3DSCache
2021-02-08 09:22 - 2021-02-08 15:25 - 000000000 ____D C:\Users\John\AppData\Local\D3DSCache
2021-01-29 19:59 - 2021-01-29 19:59 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-29 19:59 - 2021-01-29 19:59 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-29 19:59 - 2021-01-29 19:59 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-29 19:59 - 2021-01-29 19:59 - 000094720 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-29 19:59 - 2021-01-29 19:59 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-29 19:58 - 2021-01-29 19:58 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-29 19:58 - 2021-01-29 19:58 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-29 19:58 - 2021-01-29 19:58 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-29 19:58 - 2021-01-29 19:58 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-29 19:58 - 2021-01-29 19:58 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-29 19:58 - 2021-01-29 19:58 - 000053248 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-29 19:57 - 2021-01-29 19:57 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-29 19:57 - 2021-01-29 19:57 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-29 19:56 - 2021-01-29 19:56 - 000696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-29 19:56 - 2021-01-29 19:56 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-29 19:56 - 2021-01-29 19:56 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-29 19:56 - 2021-01-29 19:56 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-29 19:56 - 2021-01-29 19:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2021-01-29 19:56 - 2021-01-29 19:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2021-01-29 19:56 - 2021-01-29 19:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2021-01-29 19:56 - 2021-01-29 19:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2021-01-29 19:56 - 2021-01-29 19:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2021-01-29 19:56 - 2021-01-29 19:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2021-01-29 19:56 - 2021-01-29 19:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2021-01-29 19:56 - 2021-01-29 19:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2021-01-29 19:56 - 2021-01-29 19:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin
2021-01-29 19:56 - 2021-01-29 19:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin
2021-01-29 19:56 - 2021-01-29 19:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin
2021-01-29 19:56 - 2021-01-29 19:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin
2021-01-29 19:56 - 2021-01-29 19:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2021-01-29 19:56 - 2021-01-29 19:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2021-01-29 19:56 - 2021-01-29 19:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2021-01-29 19:56 - 2021-01-29 19:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2021-01-29 19:55 - 2021-01-29 19:55 - 000458240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-29 19:55 - 2021-01-29 19:55 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-29 19:54 - 2021-01-29 19:54 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-29 19:53 - 2021-01-29 19:53 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-29 19:53 - 2021-01-29 19:53 - 000331264 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-29 19:53 - 2021-01-29 19:53 - 000208384 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-29 19:53 - 2021-01-29 19:53 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-29 19:52 - 2021-01-29 19:52 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-29 19:51 - 2021-01-29 19:51 - 002590720 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-29 19:51 - 2021-01-29 19:51 - 000549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-29 19:51 - 2021-01-29 19:51 - 000186368 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-29 19:49 - 2021-01-29 19:49 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-29 19:49 - 2021-01-29 19:49 - 000266752 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-29 19:48 - 2021-01-29 19:48 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-29 19:48 - 2021-01-29 19:48 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-29 19:47 - 2021-01-29 19:47 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-29 19:47 - 2021-01-29 19:47 - 000453632 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-29 19:47 - 2021-01-29 19:47 - 000061440 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-29 19:25 - 2021-01-29 21:19 - 000080127 _____ C:\Users\John\Desktop\VOM Accounting.xlsx
2021-01-29 19:25 - 2021-01-29 21:19 - 000080127 _____ C:\Users\John\Desktop\VOM Accounting.xlsx
2021-01-29 19:25 - 2021-01-29 21:19 - 000080127 _____ C:\Users\John\Desktop\VOM Accounting.xlsx
2021-01-28 11:17 - 2021-01-28 11:17 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-01-28 11:16 - 2021-01-28 11:16 - 000000000 ____D C:\Program Files\UNP
2021-01-27 08:00 - 2021-01-27 08:12 - 000000000 ____D C:\Users\John\AppData\Local\PlaceholderTileLogoFolder
2021-01-27 08:00 - 2021-01-27 08:12 - 000000000 ____D C:\Users\John\AppData\Local\PlaceholderTileLogoFolder
2021-01-27 08:00 - 2021-01-27 08:12 - 000000000 ____D C:\Users\John\AppData\Local\PlaceholderTileLogoFolder
2021-01-27 07:57 - 2021-01-27 07:57 - 000000000 ___HD C:\Users\John\MicrosoftEdgeBackups
2021-01-27 07:57 - 2021-01-27 07:57 - 000000000 ___HD C:\Users\John\MicrosoftEdgeBackups
2021-01-27 07:57 - 2021-01-27 07:57 - 000000000 ___HD C:\Users\John\MicrosoftEdgeBackups
2021-01-27 07:54 - 2021-02-08 09:10 - 000000000 ___RD C:\Users\John\3D Objects
2021-01-27 07:54 - 2021-02-08 09:10 - 000000000 ___RD C:\Users\John\3D Objects
2021-01-27 07:54 - 2021-02-08 09:10 - 000000000 ___RD C:\Users\John\3D Objects
2021-01-27 07:53 - 2021-01-27 07:53 - 000000020 ___SH C:\Users\John\ntuser.ini
2021-01-27 07:53 - 2021-01-27 07:53 - 000000020 ___SH C:\Users\John\ntuser.ini
2021-01-27 07:53 - 2021-01-27 07:53 - 000000020 ___SH C:\Users\John\ntuser.ini
2021-01-27 07:49 - 2021-02-08 17:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-27 07:49 - 2021-02-08 16:36 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-01-27 07:49 - 2021-02-08 15:33 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-01-27 07:49 - 2021-02-08 15:33 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-27 07:49 - 2021-02-08 15:30 - 000003544 _____ C:\WINDOWS\system32\Tasks\ASUS Live Update1
2021-01-27 07:49 - 2021-02-08 15:30 - 000003534 _____ C:\WINDOWS\system32\Tasks\ASUS Live Update2
2021-01-27 07:49 - 2021-02-08 15:29 - 000004158 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{DEB55065-510B-4DA7-8919-0924778C0F7F}
2021-01-27 07:49 - 2021-02-08 15:29 - 000003370 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1018448789-4025328002-866781052-1001
2021-01-27 07:49 - 2021-01-27 07:51 - 000002810 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1018448789-4025328002-866781052-1001
2021-01-27 07:49 - 2021-01-27 07:50 - 000002782 _____ C:\WINDOWS\system32\Tasks\ATK Package 36D18D69AFC3
2021-01-27 07:49 - 2021-01-27 07:50 - 000002748 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1018448789-4025328002-866781052-500
2021-01-27 07:49 - 2021-01-27 07:49 - 000002866 _____ C:\WINDOWS\system32\Tasks\ASUS Smart Gesture Launcher
2021-01-27 07:49 - 2021-01-27 07:49 - 000002428 _____ C:\WINDOWS\system32\Tasks\Update Checker
2021-01-27 07:49 - 2021-01-27 07:49 - 000002198 _____ C:\WINDOWS\system32\Tasks\AsusVibeSchedule
2021-01-27 07:49 - 2021-01-27 07:49 - 000002188 _____ C:\WINDOWS\system32\Tasks\ASUS USB Charger Plus
2021-01-27 07:49 - 2021-01-27 07:49 - 000002180 _____ C:\WINDOWS\system32\Tasks\RtHDVBg
2021-01-27 07:49 - 2021-01-27 07:49 - 000002174 _____ C:\WINDOWS\system32\Tasks\RTKCPL
2021-01-27 07:49 - 2021-01-27 07:49 - 000002054 _____ C:\WINDOWS\system32\Tasks\ASUS Splendid ACMON
2021-01-27 07:49 - 2021-01-27 07:49 - 000000000 ____D C:\WINDOWS\system32\Tasks\WPD
2021-01-27 07:49 - 2021-01-27 07:49 - 000000000 ____D C:\WINDOWS\system32\Tasks\ASUS
2021-01-26 17:49 - 2021-01-26 17:59 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-01-26 17:46 - 2021-01-26 17:49 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-01-26 17:45 - 2021-01-26 17:45 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-01-26 17:26 - 2021-01-26 17:26 - 000249856 _____ (Gracenote, Inc.) C:\WINDOWS\SysWOW64\gnsdk_fp.dll
2021-01-26 17:26 - 2021-01-26 17:26 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2021-01-26 17:24 - 2021-01-26 17:24 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-01-26 17:24 - 2021-01-26 17:24 - 000421376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-01-26 17:24 - 2021-01-26 17:24 - 000386048 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\SysWOW64\curl.exe
2021-01-26 17:24 - 2021-01-26 17:24 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-01-26 17:23 - 2021-01-26 17:23 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-01-26 17:23 - 2021-01-26 17:23 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-01-26 17:23 - 2021-01-26 17:23 - 002045952 _____ C:\WINDOWS\system32\rdpnano.dll
2021-01-26 17:23 - 2021-01-26 17:23 - 001282872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-01-26 17:23 - 2021-01-26 17:23 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-01-26 17:23 - 2021-01-26 17:23 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-01-26 17:23 - 2021-01-26 17:23 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-01-26 17:23 - 2021-01-26 17:23 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-01-26 17:23 - 2021-01-26 17:23 - 000421376 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\system32\curl.exe
2021-01-26 17:23 - 2021-01-26 17:23 - 000259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-01-26 17:23 - 2021-01-26 17:23 - 000171008 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-01-26 17:23 - 2021-01-26 17:23 - 000110080 _____ C:\WINDOWS\system32\ResBParser.dll
2021-01-26 17:23 - 2021-01-26 17:23 - 000059221 _____ C:\WINDOWS\system32\srms.dat
2021-01-26 17:23 - 2021-01-26 17:23 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-01-26 17:23 - 2021-01-26 17:23 - 000000357 _____ C:\WINDOWS\system32\DrtmAuth14.bin
2021-01-26 17:23 - 2021-01-26 17:23 - 000000357 _____ C:\WINDOWS\system32\DrtmAuth13.bin
2021-01-26 17:22 - 2021-01-26 17:22 - 001893888 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-01-26 17:22 - 2021-01-26 17:22 - 000217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-01-26 17:22 - 2021-01-26 17:22 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-01-26 17:22 - 2021-01-26 17:22 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-01-26 17:21 - 2021-01-26 17:21 - 000860160 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-26 17:21 - 2021-01-26 17:21 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-01-26 17:20 - 2021-01-26 17:20 - 000811160 _____ C:\WINDOWS\SysWOW64\locale.nls
2021-01-26 17:20 - 2021-01-26 17:20 - 000811160 _____ C:\WINDOWS\system32\locale.nls
2021-01-26 17:20 - 2021-01-26 17:20 - 000059392 _____ C:\WINDOWS\system32\runexehelper.exe
2021-01-26 17:20 - 2021-01-26 17:20 - 000047616 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-01-26 17:20 - 2021-01-26 17:20 - 000035840 _____ C:\WINDOWS\system32\deploymentcsphelper.exe
2021-01-26 17:20 - 2021-01-26 17:20 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-01-26 17:19 - 2021-01-26 17:19 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-01-26 17:19 - 2021-01-26 17:19 - 001756600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-01-26 17:19 - 2021-01-26 17:19 - 001366144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-01-26 17:19 - 2021-01-26 17:19 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-01-26 17:19 - 2021-01-26 17:19 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-01-26 17:19 - 2021-01-26 17:19 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-01-26 17:19 - 2021-01-26 17:19 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-01-26 17:19 - 2021-01-26 17:19 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-01-26 17:19 - 2021-01-26 17:19 - 000037888 _____ C:\WINDOWS\system32\usocoreps.dll
2021-01-26 17:18 - 2021-01-26 17:18 - 002321408 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-01-26 17:18 - 2021-01-26 17:18 - 000237880 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-01-26 17:18 - 2021-01-26 17:18 - 000053248 _____ C:\WINDOWS\system32\Drivers\UsbPmApi.sys
2021-01-26 17:18 - 2021-01-26 17:18 - 000047616 _____ C:\WINDOWS\system32\UsbPmApi.dll
2021-01-26 17:17 - 2021-01-26 17:17 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-01-26 17:17 - 2021-01-26 17:17 - 000200704 _____ C:\WINDOWS\system32\IHDS.dll
2021-01-26 17:17 - 2021-01-26 17:17 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-01-26 17:00 - 2019-03-01 20:33 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2021-01-26 17:00 - 2018-08-09 17:53 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2021-01-26 16:59 - 2021-01-26 16:59 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-01-26 16:59 - 2021-01-26 16:59 - 000000000 ____D C:\Program Files\MSBuild
2021-01-26 16:59 - 2021-01-26 16:59 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-01-26 16:59 - 2021-01-26 16:59 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-01-26 15:40 - 2021-01-27 07:49 - 000015243 _____ C:\WINDOWS\diagwrn.xml
2021-01-26 15:40 - 2021-01-27 07:49 - 000015243 _____ C:\WINDOWS\diagerr.xml
2021-01-26 15:24 - 2021-02-08 16:32 - 000840852 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-26 15:09 - 2021-02-08 17:33 - 000000000 ____D C:\Users\marge_000
2021-01-26 15:09 - 2021-02-08 17:33 - 000000000 ____D C:\Users\Administrator
2021-01-26 15:09 - 2021-02-08 15:28 - 000002362 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-01-26 15:09 - 2021-02-08 15:28 - 000002362 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-01-26 15:09 - 2021-02-08 15:28 - 000002362 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-01-26 15:09 - 2021-01-27 07:57 - 000000000 ____D C:\Users\John
2021-01-26 15:09 - 2019-03-18 23:46 - 000001105 _____ C:\Users\marge_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-01-26 15:09 - 2019-03-18 23:46 - 000001105 _____ C:\Users\marge_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-01-26 15:09 - 2019-03-18 23:46 - 000001105 _____ C:\Users\marge_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-01-26 15:09 - 2019-03-18 23:46 - 000001105 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-01-26 15:09 - 2019-03-18 23:46 - 000001105 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-01-26 15:09 - 2019-03-18 23:46 - 000001105 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-01-26 15:07 - 2021-01-26 15:07 - 000001373 _____ C:\Users\Public\Desktop\AudioWizard.lnk
2021-01-26 15:07 - 2021-01-26 15:07 - 000001373 _____ C:\Users\Public\Desktop\AudioWizard.lnk
2021-01-26 15:07 - 2021-01-26 15:07 - 000001373 _____ C:\Users\Public\Desktop\AudioWizard.lnk
2021-01-26 15:06 - 2016-05-03 22:30 - 000081416 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2021-01-26 15:06 - 2016-05-03 22:30 - 000077832 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2021-01-26 15:00 - 2021-02-08 18:55 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-26 15:00 - 2021-01-29 23:03 - 000459088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-26 11:21 - 2021-01-26 12:58 - 000000000 ___HD C:\$GetCurrent
2021-01-23 15:23 - 2021-01-23 15:27 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2021-01-21 13:54 - 2021-02-08 09:26 - 000000000 ___DC C:\WINDOWS\Panther
2021-01-20 10:48 - 2021-01-20 10:48 - 000000000 ____D C:\Users\John\AppData\Roaming\360DrvMgr
2021-01-20 10:48 - 2021-01-20 10:48 - 000000000 ____D C:\Users\John\AppData\Roaming\360DrvMgr
2021-01-20 10:48 - 2021-01-20 10:48 - 000000000 ____D C:\Users\John\AppData\Roaming\360DrvMgr
2021-01-11 16:41 - 2021-01-11 16:41 - 000001930 _____ C:\Users\John\Desktop\Zoom.lnk
2021-01-11 16:41 - 2021-01-11 16:41 - 000001930 _____ C:\Users\John\Desktop\Zoom.lnk
2021-01-11 16:41 - 2021-01-11 16:41 - 000001930 _____ C:\Users\John\Desktop\Zoom.lnk
2021-01-11 16:05 - 2021-01-26 15:15 - 000000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-01-11 16:05 - 2021-01-26 15:15 - 000000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-01-11 16:05 - 2021-01-26 15:15 - 000000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-01-11 16:03 - 2021-01-11 16:04 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\John\Downloads\Zoom_cm_ds_mvUTet+QTUP354UegYwOWiiPCOlVChNvhqBk@+X7lXROocBX6n4eR_k0da2e3a2c7747a25_.exe
2021-01-11 16:03 - 2021-01-11 16:04 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\John\Downloads\Zoom_cm_ds_mvUTet+QTUP354UegYwOWiiPCOlVChNvhqBk@+X7lXROocBX6n4eR_k0da2e3a2c7747a25_.exe
2021-01-11 16:03 - 2021-01-11 16:04 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\John\Downloads\Zoom_cm_ds_mvUTet+QTUP354UegYwOWiiPCOlVChNvhqBk@+X7lXROocBX6n4eR_k0da2e3a2c7747a25_.exe
2021-01-11 16:03 - 2021-01-11 16:04 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\John\Downloads\Zoom_cm_ds_mu61dvlSXaKfdMhxaoimwmLTv6wpFUlX94iI@J6M4bD7jmXvvRvR-_k0da2e3a2c7747a25_.exe
2021-01-11 16:03 - 2021-01-11 16:04 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\John\Downloads\Zoom_cm_ds_mu61dvlSXaKfdMhxaoimwmLTv6wpFUlX94iI@J6M4bD7jmXvvRvR-_k0da2e3a2c7747a25_.exe
2021-01-11 16:03 - 2021-01-11 16:04 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\John\Downloads\Zoom_cm_ds_mu61dvlSXaKfdMhxaoimwmLTv6wpFUlX94iI@J6M4bD7jmXvvRvR-_k0da2e3a2c7747a25_.exe
2021-01-11 16:01 - 2021-01-11 16:01 - 014779520 _____ (Zoom Video Communications, Inc.) C:\Users\John\Downloads\ZoomInstaller (2).exe
2021-01-11 16:01 - 2021-01-11 16:01 - 014779520 _____ (Zoom Video Communications, Inc.) C:\Users\John\Downloads\ZoomInstaller (2).exe
2021-01-11 16:01 - 2021-01-11 16:01 - 014779520 _____ (Zoom Video Communications, Inc.) C:\Users\John\Downloads\ZoomInstaller (2).exe
2021-01-11 15:50 - 2021-01-11 16:05 - 000000000 ____D C:\Users\John\AppData\Roaming\Zoom
2021-01-11 15:50 - 2021-01-11 16:05 - 000000000 ____D C:\Users\John\AppData\Roaming\Zoom
2021-01-11 15:50 - 2021-01-11 16:05 - 000000000 ____D C:\Users\John\AppData\Roaming\Zoom
2021-01-11 15:49 - 2021-01-11 15:50 - 014779520 _____ (Zoom Video Communications, Inc.) C:\Users\John\Downloads\ZoomInstaller.exe
2021-01-11 15:49 - 2021-01-11 15:50 - 014779520 _____ (Zoom Video Communications, Inc.) C:\Users\John\Downloads\ZoomInstaller.exe
2021-01-11 15:49 - 2021-01-11 15:50 - 014779520 _____ (Zoom Video Communications, Inc.) C:\Users\John\Downloads\ZoomInstaller.exe
2021-01-11 15:49 - 2021-01-11 15:50 - 014779520 _____ (Zoom Video Communications, Inc.) C:\Users\John\Downloads\ZoomInstaller (1).exe
2021-01-11 15:49 - 2021-01-11 15:50 - 014779520 _____ (Zoom Video Communications, Inc.) C:\Users\John\Downloads\ZoomInstaller (1).exe
2021-01-11 15:49 - 2021-01-11 15:50 - 014779520 _____ (Zoom Video Communications, Inc.) C:\Users\John\Downloads\ZoomInstaller (1).exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-08 18:55 - 2019-03-18 23:50 - 000000000 ____D C:\WINDOWS\INF
2021-02-08 18:14 - 2019-03-18 23:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-08 18:14 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-08 18:09 - 2015-12-16 11:41 - 000000000 ____D C:\Program Files (x86)\Yahoo!
2021-02-08 17:43 - 2015-07-23 07:27 - 000000093 _____ C:\Users\John\AppData\Roaming\sp_data.sys
2021-02-08 17:43 - 2015-07-23 07:27 - 000000093 _____ C:\Users\John\AppData\Roaming\sp_data.sys
2021-02-08 17:43 - 2015-07-23 07:27 - 000000093 _____ C:\Users\John\AppData\Roaming\sp_data.sys
2021-02-08 17:42 - 2016-04-15 13:13 - 000000000 __SHD C:\Users\John\IntelGraphicsProfiles
2021-02-08 17:42 - 2016-04-15 13:13 - 000000000 __SHD C:\Users\John\IntelGraphicsProfiles
2021-02-08 17:42 - 2016-04-15 13:13 - 000000000 __SHD C:\Users\John\IntelGraphicsProfiles
2021-02-08 17:40 - 2019-03-18 23:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-02-08 17:20 - 2019-03-18 23:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-02-08 17:09 - 2015-05-28 09:56 - 000000000 ____D C:\Users\John\Desktop\John
2021-02-08 17:09 - 2015-05-28 09:56 - 000000000 ____D C:\Users\John\Desktop\John
2021-02-08 17:09 - 2015-05-28 09:56 - 000000000 ____D C:\Users\John\Desktop\John
2021-02-08 17:07 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2021-02-08 17:07 - 2019-03-18 23:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-08 16:54 - 2016-01-18 18:28 - 000000000 ____D C:\Program Files (x86)\McAfee
2021-02-08 16:51 - 2019-03-18 23:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-02-08 16:49 - 2015-10-30 01:28 - 000000000 ____D C:\Users\Default.migrated
2021-02-08 16:38 - 2016-03-10 11:02 - 000000000 ____D C:\Program Files (x86)\360
2021-02-08 16:35 - 2019-03-18 23:52 - 000000000 ____D C:\Program Files\Windows Defender
2021-02-08 16:34 - 2016-03-11 15:56 - 000000000 __SHD C:\$360Section
2021-02-08 15:54 - 2020-07-05 19:55 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-02-08 15:54 - 2020-07-05 19:55 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-02-08 15:54 - 2020-07-05 19:55 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-02-08 15:47 - 2015-04-07 09:54 - 000000000 ____D C:\Users\John\AppData\Local\Packages
2021-02-08 15:47 - 2015-04-07 09:54 - 000000000 ____D C:\Users\John\AppData\Local\Packages
2021-02-08 15:47 - 2015-04-07 09:54 - 000000000 ____D C:\Users\John\AppData\Local\Packages
2021-02-08 15:29 - 2015-04-07 10:02 - 000000000 __RDO C:\Users\John\OneDrive
2021-02-08 15:29 - 2015-04-07 10:02 - 000000000 __RDO C:\Users\John\OneDrive
2021-02-08 15:29 - 2015-04-07 10:02 - 000000000 __RDO C:\Users\John\OneDrive
2021-02-08 09:10 - 2015-04-08 00:47 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-02-08 09:10 - 2015-04-08 00:47 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-02-08 09:10 - 2015-04-08 00:47 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-01-29 22:57 - 2019-03-18 23:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-29 22:57 - 2019-03-18 23:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-29 22:57 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-29 22:57 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-29 22:57 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-29 22:57 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-29 22:57 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-29 22:56 - 2019-03-18 23:52 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-29 22:56 - 2019-03-18 23:52 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-29 22:56 - 2019-03-18 23:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-29 22:56 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-29 22:56 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-29 22:56 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-29 22:56 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-29 22:56 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-29 22:56 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-29 22:56 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-01-29 22:56 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-29 22:56 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-29 22:56 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-29 22:55 - 2019-03-19 01:20 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-29 22:55 - 2019-03-19 01:20 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-29 22:55 - 2019-03-18 23:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-29 22:55 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-29 22:55 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-29 22:55 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-29 22:55 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\IME
2021-01-29 22:55 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-29 20:17 - 2019-03-18 23:37 - 000000000 ____D C:\WINDOWS\servicing
2021-01-28 11:26 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-01-28 11:16 - 2020-07-15 13:51 - 000000000 ____D C:\Program Files\rempl
2021-01-28 11:16 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\appcompat
2021-01-27 08:18 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\ServiceState
2021-01-27 07:53 - 2016-09-19 15:34 - 000000000 ____D C:\Users\John\AppData\Local\ConnectedDevicesPlatform
2021-01-27 07:53 - 2016-09-19 15:34 - 000000000 ____D C:\Users\John\AppData\Local\ConnectedDevicesPlatform
2021-01-27 07:53 - 2016-09-19 15:34 - 000000000 ____D C:\Users\John\AppData\Local\ConnectedDevicesPlatform
2021-01-27 07:53 - 2016-04-15 13:12 - 000000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2021-01-26 17:59 - 2019-03-18 23:56 - 000000000 ____D C:\WINDOWS\Setup
2021-01-26 17:59 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2021-01-26 17:59 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2021-01-26 17:59 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\spool
2021-01-26 17:59 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-01-26 17:59 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2021-01-26 17:59 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2021-01-26 17:59 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\Registration
2021-01-26 17:59 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-01-26 17:59 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\InputMethod
2021-01-26 17:59 - 2019-03-18 23:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-01-26 17:59 - 2019-03-18 23:49 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-01-26 17:59 - 2016-09-16 05:53 - 000000000 ____D C:\Program Files\Intel
2021-01-26 17:59 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-01-26 17:59 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-01-26 17:59 - 2013-08-22 10:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-01-26 17:59 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2021-01-26 17:59 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2021-01-26 17:58 - 2019-03-18 23:52 - 000000000 __RHD C:\Users\Public\Libraries
2021-01-26 17:58 - 2019-03-18 23:52 - 000000000 __RHD C:\Users\Public\Libraries
2021-01-26 17:58 - 2019-03-18 23:52 - 000000000 __RHD C:\Users\Public\Libraries
2021-01-26 17:58 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\InfusedApps
2021-01-26 17:52 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-01-26 17:52 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-01-26 17:52 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-01-26 17:52 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-01-26 17:52 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-01-26 17:52 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-01-26 17:52 - 2014-03-18 05:00 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-es
2021-01-26 17:52 - 2014-03-18 05:00 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-es
2021-01-26 17:52 - 2014-03-18 05:00 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-es
2021-01-26 17:52 - 2014-03-18 05:00 - 000000000 ____D C:\WINDOWS\system32\gl-es
2021-01-26 17:52 - 2014-03-18 05:00 - 000000000 ____D C:\WINDOWS\system32\eu-es
2021-01-26 17:49 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\Resources
2021-01-26 17:49 - 2016-09-16 05:53 - 000000000 ____D C:\Program Files\Realtek
2021-01-26 17:49 - 2014-03-18 05:00 - 000000000 ____D C:\WINDOWS\system32\ca-es
2021-01-26 17:38 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\TextInput
2021-01-26 17:38 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-26 17:38 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-01-26 17:38 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-26 17:38 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-01-26 17:38 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-01-26 17:38 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-26 17:38 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-01-26 17:38 - 2019-03-18 23:52 - 000000000 ____D C:\Program Files\Common Files\System
2021-01-26 17:38 - 2019-03-18 23:52 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-01-26 17:38 - 2019-03-18 23:52 - 000000000 ____D C:\PerfLogs
2021-01-26 17:35 - 2019-03-19 01:20 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-01-26 17:35 - 2019-03-19 01:20 - 000018903 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-01-26 17:00 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-01-26 15:28 - 2019-03-18 23:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-26 15:15 - 2020-07-30 14:32 - 000000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation
2021-01-26 15:15 - 2020-07-30 14:32 - 000000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation
2021-01-26 15:15 - 2020-07-30 14:32 - 000000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation
2021-01-26 15:14 - 2014-10-01 23:33 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2021-01-26 15:14 - 2014-10-01 23:33 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2021-01-26 15:14 - 2014-10-01 23:33 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2021-01-26 15:10 - 2015-06-13 17:23 - 000000000 ____D C:\Users\marge_000\AppData\Local\Packages
2021-01-26 15:10 - 2015-06-13 17:23 - 000000000 ____D C:\Users\marge_000\AppData\Local\Packages
2021-01-26 15:10 - 2015-06-13 17:23 - 000000000 ____D C:\Users\marge_000\AppData\Local\Packages
2021-01-26 15:07 - 2016-09-16 05:54 - 000171084 _____ C:\WINDOWS\system32\Drivers\RTWAVES40.dat
2021-01-26 15:07 - 2016-09-16 05:54 - 000006786 _____ C:\WINDOWS\system32\Drivers\rtwavesEFX.dat
2021-01-26 15:07 - 2016-09-16 05:54 - 000002626 _____ C:\WINDOWS\system32\Drivers\rtwavesMFX.dat
2021-01-26 15:07 - 2016-09-16 05:54 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2021-01-26 15:06 - 2016-09-16 05:53 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2021-01-26 12:57 - 2020-08-07 12:23 - 000000036 _____ C:\WINDOWS\progress.ini
2021-01-26 12:47 - 2020-07-30 12:20 - 000000000 ____D C:\Windows10Upgrade
2021-01-26 11:14 - 2014-10-01 23:10 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-01-23 16:09 - 2016-01-18 18:19 - 000799104 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-01-21 13:59 - 2020-07-27 18:19 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2021-01-18 14:37 - 2014-10-01 23:13 - 000000000 ____D C:\Program Files (x86)\ASUS
2021-01-18 14:11 - 2016-04-15 13:19 - 000000000 ____D C:\Users\John\AppData\Local\Publishers
2021-01-18 14:11 - 2016-04-15 13:19 - 000000000 ____D C:\Users\John\AppData\Local\Publishers
2021-01-18 14:11 - 2016-04-15 13:19 - 000000000 ____D C:\Users\John\AppData\Local\Publishers
2021-01-18 13:55 - 2015-08-06 11:52 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-18 13:48 - 2015-08-06 11:52 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories ========

2020-11-20 12:00 - 2020-11-20 12:00 - 000000426 _____ () C:\Program Files (x86)\LMIR0EA0C001.tmp.bat
2020-11-20 12:00 - 2020-11-20 12:00 - 000000351 _____ () C:\Program Files (x86)\LMIR0EA0C001.tmp_r.bat
2016-06-14 08:59 - 2016-06-14 08:59 - 003203604 _____ () C:\Users\John\AppData\Roaming\sb281.dat
2016-09-09 15:07 - 2016-09-09 15:07 - 002261011 _____ () C:\Users\John\AppData\Roaming\sb296.dat
2016-06-26 08:57 - 2016-06-26 08:57 - 002049556 _____ () C:\Users\John\AppData\Roaming\sb421.dat
2016-05-30 08:13 - 2016-05-30 08:13 - 003056660 _____ () C:\Users\John\AppData\Roaming\sb46.dat
2016-08-11 11:23 - 2016-08-11 11:23 - 002240532 _____ () C:\Users\John\AppData\Roaming\sb860.dat
2015-07-23 07:27 - 2021-02-08 17:43 - 000000093 _____ () C:\Users\John\AppData\Roaming\sp_data.sys
2016-03-10 11:56 - 2016-09-09 15:00 - 000000132 _____ () C:\Users\John\AppData\Roaming\WB.CFG

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2021 01
Ran by John (08-02-2021 19:29:30)
Running from C:\Users\John\Desktop
Windows 10 Home Version 1909 18363.1316 (X64) (2021-01-27 12:51:54)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1018448789-4025328002-866781052-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1018448789-4025328002-866781052-503 - Limited - Disabled)
Guest (S-1-5-21-1018448789-4025328002-866781052-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1018448789-4025328002-866781052-1003 - Limited - Enabled)
John (S-1-5-21-1018448789-4025328002-866781052-1001 - Administrator - Enabled) => C:\Users\John
marge_000 (S-1-5-21-1018448789-4025328002-866781052-1004 - Limited - Enabled) => C:\Users\marge_000
WDAGUtilityAccount (S-1-5-21-1018448789-4025328002-866781052-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: 360 Total Security (Enabled - Up to date) {91AD8F88-E316-BC3A-E0A3-9F4C5B36A8D0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ASUS GIFTBOX Desktop (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 1.1.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS)
Bing Search Engine (HKLM-x32\...\bingeng) (Version: - )
Citrix Online Launcher (HKLM-x32\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.18 - ASUSTek Computer Inc.)
Foxit PhantomPDF (HKLM-x32\...\{FC76E6BB-7CBB-4CD6-8178-3BCADC0526C3}) (Version: 6.0.62.801 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.150 - Google LLC)
H&R Block Deluxe + Efile + State 2015 (HKLM-x32\...\{E7BFC29A-9459-4534-9E35-BF1D66A18BAA}) (Version: 15.05.8101 - HRB Technology, LLC.)
H&R Block Pennsylvania 2015 (HKLM-x32\...\{C6689514-3971-4A22-B45B-6C45289B87C5}) (Version: 1.15.5301 - HRB Technology, LLC.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.63 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1018448789-4025328002-866781052-1001\...\OneDriveSetup.exe) (Version: 21.002.0104.0005 - Microsoft Corporation)
Microsoft Support and Recovery Assistant (HKU\S-1-5-21-1018448789-4025328002-866781052-1001\...\339020b868450372) (Version: 17.0.5057.4 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version: 15.0s - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version: - )
Pluto TV version 0.1.5 (HKLM-x32\...\Pluto TV_is1) (Version: 0.1.5 - Pluto TV)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.27040 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7235 - Realtek Semiconductor Corp.)
Search the Web (Yahoo) (HKLM-x32\...\a92e2408) (Version: - ) <==== ATTENTION
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{6753CC12-A884-47B2-9270-F5CD31B6F256}) (Version: 2.67.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
UpdateAssistant (HKLM\...\{76A22428-2400-4521-96AF-7AC4A6174CA5}) (Version: 1.25.0.0 - Microsoft Corporation) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.3.0.595 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.1.1.30 - WildTangent)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23214 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24101}) (Version: 20.0.11659 - WinZip Computing, S.L. )
Zoho Assist (HKLM-x32\...\Zoho Assist) (Version: 1.0 - Zoho Corp Pvt Ltd.)
Zoom (HKU\S-1-5-21-1018448789-4025328002-866781052-1001\...\ZoomUMX) (Version: 5.4.9 (59931.0110) - Zoom Video Communications, Inc.)

Packages:
=========
- Games App - -> C:\Program Files\WindowsApps\WildTangentGames.-GamesApp-_1.0.3.28_x86__qt5r5pa5dyg8m [2015-06-27] (WildTangent Games)
ASUS GIFTBOX -> C:\Program Files\WindowsApps\B9ECED6F.ASUSGIFTBOX_3.1.9.0_x64__qmba6cd70vzyy [2021-01-18] (ASUSTeK COMPUTER INC.)
ASUS WebStorage -> C:\Program Files\WindowsApps\ASUSCloudCorporation.MobileFileExplorer_1.0.24.190_x86__wk4d32h0cvhem [2015-05-10] (ASUS Cloud Corporation)
ASUS Welcome -> C:\Program Files\WindowsApps\B9ECED6F.ASUSWelcome_1.0.1.0_x64__qmba6cd70vzyy [2016-04-16] (ASUSTeK COMPUTER INC.)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.186.200.0_x86__kgqvnymyfvs32 [2021-02-08] (king.com)
Flipboard -> C:\Program Files\WindowsApps\Flipboard.Flipboard_2.1.3.0_neutral__3f5azkryzdbc4 [2020-08-02] (Flipboard)
Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_3.1.10383.1000_x86__8wekyb3d8bbwe [2020-08-02] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.2.830.0_x64__v10z8vjag6ke6 [2021-02-08] (HP Inc.)
iHeartRadio -> C:\Program Files\WindowsApps\ClearChannelRadioDigital.iHeartRadio_6.0.47.0_x64__a76a11dkgb644 [2021-01-18] (iHeartMedia.)
LINE -> C:\Program Files\WindowsApps\NAVER.LINEwin8_6.6.0.0_x86__8ptj331gd3tyt [2021-02-08] (LINE Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-08] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-17] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-17] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2021-01-27] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-17] (Microsoft Corporation) [MS Ad]
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2021-01-20] (MAGIX)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-08-07] (Netflix, Inc.)
Skype WiFi -> C:\Program Files\WindowsApps\Microsoft.SkypeWiFi_1.2.0.7_x86__kzf8qxf38zg5c [2015-04-09] (Skype)
TripAdvisor Hotels Flights Restaurants -> C:\Program Files\WindowsApps\TripAdvisorLLC.TripAdvisorHotelsFlightsRestaurants_1.5.10.0_x64__qj0v5chwq8f2g [2017-01-07] (TripAdvisor LLC)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2020-08-02] (Twitter Inc.)
Zinio -> C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e [2015-04-08] (Zinio LLC)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1018448789-4025328002-866781052-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1018448789-4025328002-866781052-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll () [File not signed]
ShellIconOverlayIdentifiers: [ !AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.3.0.595\ASUSWSShellExt64.dll [2017-04-20] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [ !AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.3.0.595\ASUSWSShellExt64.dll [2017-04-20] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [ !AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.3.0.595\ASUSWSShellExt64.dll [2017-04-20] (ASUS Cloud Corporation.) [File not signed]
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2013-12-18] (Foxit Corporation -> Foxit Corporation)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-12-22] (WinZip Computing LLC -> WinZip Computing, S.L.)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Program Files (x86)\Common Files\AWS\2.3.0.595\ASUSWSContextMenu.dll [2017-12-12] (ASUS Cloud Corporation -> ASUS Cloud Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-08] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-12-22] (WinZip Computing LLC -> WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-08] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-12-22] (WinZip Computing LLC -> WinZip Computing, S.L.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2016-02-10 10:18 - 2014-03-05 10:18 - 000040448 _____ () [File not signed] C:\WINDOWS\System32\pdf995mon64.dll
2017-04-20 22:06 - 2017-04-20 22:06 - 001504768 _____ (ASUS Cloud Corporation.) [File not signed] C:\Program Files (x86)\Common Files\AWS\2.3.0.595\ASUSWSShellExt64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1018448789-4025328002-866781052-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131179279718767050&GUID=9584A5FE-D72F-443E-95F7-83395130105A
HKU\S-1-5-21-1018448789-4025328002-866781052-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131179279722264538&GUID=9584A5FE-D72F-443E-95F7-83395130105A
HKU\S-1-5-21-1018448789-4025328002-866781052-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKLM -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-7426cda5&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-7426cda5&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1018448789-4025328002-866781052-1001 -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-01-11] (Microsoft Corporation -> Microsoft Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll => No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-01-11] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll => No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-11] (Microsoft Corporation -> Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2021-02-08 17:40 - 000002103 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1018448789-4025328002-866781052-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-1018448789-4025328002-866781052-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\asus\wallpapers\asus.jpg
HKU\S-1-5-21-1018448789-4025328002-866781052-500\Control Panel\Desktop\\Wallpaper -> C:\windows\asus\wallpapers\asus.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\Run: => "WebStorage"
HKU\S-1-5-21-1018448789-4025328002-866781052-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-1018448789-4025328002-866781052-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6026EE4A-BE5B-4F50-801F-A0D9764E7B6C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D159673A-E53F-4D28-BCFC-B3AFE032DF9A}] => (Allow) C:\Users\John\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{028677A5-F732-48C0-9BDC-F3BFE7EAF0B1}] => (Allow) C:\Users\John\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{684D7F4F-BB3C-45A6-A8EF-452AE5627176}] => (Allow) C:\Users\John\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{0F36AEB8-E847-4FC0-90A5-820F859E2CAE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4BCCD392-142E-4A96-BB59-6F9B44263C6E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{507E0B9C-CE07-4E23-8B8F-48563303126E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D788CE2E-7450-4FE3-B47B-AC607FCA3B77}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{42F0BCD5-BFA2-4BD5-B56E-FD3FDD90303F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{CF2FF6D3-D878-4607-8758-9B55DE286F7D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{14F8EBFD-207F-4006-8593-F0B5BCA7998F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{401E4428-6938-44F1-9D69-7969CFFDB199}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{AF331E6A-A517-431C-9FF5-90CB7DC82D49}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{C0F7ACE9-1547-485B-BA79-B97D69322B6E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{97B702DC-8348-42D6-94DC-5F46445C740B}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe => No File
FirewallRules: [{61A61E1A-90F5-4D5A-9F5B-A4015E4A594B}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe => No File
FirewallRules: [{1951BA3C-676F-4E16-BA50-71A323566B39}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe => No File
FirewallRules: [{423F0FC2-7EA0-4F20-B189-B8901EA05320}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe => No File
FirewallRules: [{119686A7-2666-48BB-9560-36AD11618C20}] => (Allow) C:\Users\John\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
FirewallRules: [{11E047A5-7816-41D1-82A5-BB9FA6AF7F71}] => (Allow) C:\Users\John\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => No File
FirewallRules: [{D4989557-9558-4681-9025-99D2AB567870}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{F831935B-EC05-421D-978C-82E492802AD3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9C3B6EE2-09C4-48DC-B298-3EFDD9E26ECD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B01DF046-70A9-4E22-98A0-25FC2F406411}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A04FE491-AF57-45AC-9C87-C80DB99DC970}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{11D04713-637E-4138-9CA2-287405DBC494}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B93D6E77-3F05-441E-AE25-AFC32765E63C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

08-02-2021 10:25:14 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (02/08/2021 07:14:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.18362.1171 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 17e4

Start Time: 01d6fe785f7c895e

Termination Time: 4294967295

Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

Report Id: a8ac128e-53cb-4071-b3d2-6d18e2352e27

Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Hang type: Quiesce

Error: (02/08/2021 06:43:49 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2296,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (02/08/2021 06:19:30 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6748,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (02/08/2021 06:03:37 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7476,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (02/08/2021 05:48:45 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1132,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (02/08/2021 05:40:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (02/08/2021 05:40:02 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (02/08/2021 05:25:38 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4216,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

System errors:
=============
Error: (02/08/2021 06:11:52 PM) (Source: DCOM) (EventID: 10010) (User: JOHNDIMEGLIO)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (02/08/2021 06:09:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Unchecky service terminated unexpectedly. It has done this 1 time(s).

Error: (02/08/2021 06:09:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (02/08/2021 06:09:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ATKGFNEX Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/08/2021 06:09:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intuit Update Service v4 service terminated unexpectedly. It has done this 1 time(s).

Error: (02/08/2021 06:09:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The GamesAppIntegrationService service terminated unexpectedly. It has done this 1 time(s).

Error: (02/08/2021 06:09:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Capability Licensing Service Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (02/08/2021 06:09:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Asus GiftBox Desktop service terminated unexpectedly. It has done this 1 time(s).

Windows Defender:
===================================
Date: 2021-02-08 17:34:48.259
Description:
Windows Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Backup
Error Code: 0x80004004
Error description: Operation aborted
Security intelligence version: 1.329.2723.0;1.329.2723.0
Engine version: 1.1.17800.5

Date: 2021-02-08 17:34:37.945
Description:
Windows Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Current
Error Code: 0x80004004
Error description: Operation aborted
Security intelligence version: 1.331.532.0;1.331.532.0
Engine version: 1.1.17800.5

CodeIntegrity:
===================================

Date: 2021-01-29 23:13:57.399
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\McAfee.com\Agent\mcupdate.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-01-29 23:13:56.303
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\McAfee.com\Agent\mcupdate.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-01-29 23:13:54.050
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\McAfee.com\Agent\mcupdate.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-01-29 23:13:52.787
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\McAfee.com\Agent\mcupdate.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-01-29 23:13:17.439
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\McAfee.com\Agent\mcupdate.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-01-29 23:13:17.050
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\McAfee.com\Agent\mcupdate.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-01-27 13:41:18.531
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\McAfee.com\Agent\mcupdate.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-01-27 13:41:18.431
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\McAfee.com\Agent\mcupdate.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. X551MA.513 09/09/2014
Motherboard: ASUSTeK COMPUTER INC. X551MA
Processor: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz
Percentage of memory in use: 78%
Total physical RAM: 3982.68 MB
Available physical RAM: 864.25 MB
Total Virtual: 6285.98 MB
Available Virtual: 646.18 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:444.65 GB) (Free:392.87 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{ffa03883-1690-42bc-9110-bda16591ed76}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.59 GB) NTFS
\\?\Volume{81edf113-8c44-4696-9cea-94ad7138c166}\ (Restore) (Fixed) (Total:20.01 GB) (Free:9.97 GB) NTFS
\\?\Volume{19dff712-b913-46b9-88cc-904cecb26ce4}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 543DAE44)

Partition: GPT.

==================== End of Addition.txt =======================

starbuck · Feb 9, 2021

Hi Tony,

It had 360 Total Security which I uninstalled, but there are signs of it in the FRST scans.
It also had McAfee security which I deleted. Still signs in the logs. After the FRST scan I did remove the extension from Chrome.
Click to expand...

No problem, the fix will take care of those.

The FRST logs show Firefox items, but FF is not on this machine.
Click to expand...

Probably a left over from the previous OS.
To completely remove Firefox leftovers take a look at:

C:\Program Files\Mozilla Firefox
C:\Program Files (x86)\Mozilla Firefox
C:\ProgramData\Mozilla

and remove the Mozilla folders.

Other ATTENTION items need to be addressed.
Click to expand...

A lot of those are the leftover nag screen entries to upgrade to Win10 from the previous OS.
The fix will take care of those.

Step 1

Please uninstall the following:
Search the Web (Yahoo) (HKLM-x32\...\a92e2408) (Version: - ) <==== ATTENTION

Step 2
FRST can no longer remove Chrome extensions, so to remove the following:

CHR Extension: (McAfee® WebAdvisor) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-01-11]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>

Open Chrome....
Type chrome://extensions in the address bar and press Enter.
Click Remove under the extension you'd like to completely remove.
A confirmation dialog appears, click Remove.

Step 3
Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system

Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.

In your next reply, please submit:
Fixlog.txt
and let me know how the other steps went.

Thanks.

Tony D · Feb 9, 2021

starbuck said: ↑

To completely remove Firefox leftovers take a look at:
C:\Program Files\Mozilla Firefox
C:\Program Files (x86)\Mozilla Firefox
C:\ProgramData\Mozilla

and remove the Mozilla folders.
Click to expand...

None of those existed. Programs Files and Program Files (x86) folders are there but there isn't a C:\ProgramData folder.

starbuck said: ↑

Please uninstall the following:
Search the Web (Yahoo) (HKLM-x32\...\a92e2408) (Version: - ) <==== ATTENTION
Click to expand...

It showed up in Programs and Features. When I clicked to uninstall, it said it may have already been uninstalled. It no longer shows up in the list.

Here's the Fixlog:
Fix result of Farbar Recovery Scan Tool (x64) Version: 08-02-2021 01
Ran by John (09-02-2021 15:04:56) Run:1
Running from C:\Users\John\Desktop
Loaded Profiles: John & marge_000 & Administrator
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
Task: {1D9FE816-0B21-482E-A920-AA27C32F1155} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {20FEB2A3-9103-4B22-AA03-4493FDA29FC5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {21DB1DE9-FA48-4327-84FC-887EE8231E0D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2F7083A1-EA47-43AE-BE95-761255D0956D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {49CD1C47-BB3B-4353-9D6F-F42213DB73A8} - \WPD\SqmUpload_S-1-5-21-1018448789-4025328002-866781052-1001 -> No File <==== ATTENTION
Task: {4C5107DE-0D25-4E4D-904A-FCAFC6ED56B9} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {5276C849-81A4-4368-8BCA-33FFB08C7A0D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {647458F6-96F2-45FF-A027-BBCF6E2BE703} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6D091EAB-DD57-4217-9536-304A38EEB6CA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8C2BB374-9233-4E10-9081-0EFEF2DF4D3B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {92A4E816-4B8F-4C51-9309-811794BAA74B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {92CFA6F4-6657-4EF6-BCD6-2E0572242489} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {A62B4600-F9A4-4042-BD8C-86DE58A8F942} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D67FEE68-0486-4D51-A096-F0D94847584F} - \{5FB778CC-EBFC-81CE-4EB6-957429887A55} -> No File <==== ATTENTION
Task: {EC148BC2-AD53-4C9F-A105-5A2E715177A8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F3E63767-5F33-4DC4-83BA-1AD26F4FFF2C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
S2 McAfee WebAdvisor; "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe" [X]
2021-02-08 16:51 - 2021-02-08 16:51 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2021-02-08 16:54 - 2016-01-18 18:28 - 000000000 ____D C:\Program Files (x86)\McAfee
2021-02-08 16:38 - 2016-03-10 11:02 - 000000000 ____D C:\Program Files (x86)\360
2021-02-08 16:34 - 2016-03-11 15:56 - 000000000 __SHD C:\$360Section
C:\Program Files\McAfee
AS: 360 Total Security (Enabled - Up to date) {91AD8F88-E316-BC3A-E0A3-9F4C5B36A8D0}
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll => No File
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll => No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
FirewallRules: [{97B702DC-8348-42D6-94DC-5F46445C740B}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe => No File
FirewallRules: [{61A61E1A-90F5-4D5A-9F5B-A4015E4A594B}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe => No File
FirewallRules: [{1951BA3C-676F-4E16-BA50-71A323566B39}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe => No File
FirewallRules: [{423F0FC2-7EA0-4F20-B189-B8901EA05320}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe => No File
FirewallRules: [{D4989557-9558-4681-9025-99D2AB567870}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D9FE816-0B21-482E-A920-AA27C32F1155}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D9FE816-0B21-482E-A920-AA27C32F1155}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20FEB2A3-9103-4B22-AA03-4493FDA29FC5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20FEB2A3-9103-4B22-AA03-4493FDA29FC5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21DB1DE9-FA48-4327-84FC-887EE8231E0D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21DB1DE9-FA48-4327-84FC-887EE8231E0D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F7083A1-EA47-43AE-BE95-761255D0956D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F7083A1-EA47-43AE-BE95-761255D0956D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49CD1C47-BB3B-4353-9D6F-F42213DB73A8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49CD1C47-BB3B-4353-9D6F-F42213DB73A8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1018448789-4025328002-866781052-1001" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C5107DE-0D25-4E4D-904A-FCAFC6ED56B9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C5107DE-0D25-4E4D-904A-FCAFC6ED56B9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\McAfee Idle Detection Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5276C849-81A4-4368-8BCA-33FFB08C7A0D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5276C849-81A4-4368-8BCA-33FFB08C7A0D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{647458F6-96F2-45FF-A027-BBCF6E2BE703}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{647458F6-96F2-45FF-A027-BBCF6E2BE703}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6D091EAB-DD57-4217-9536-304A38EEB6CA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D091EAB-DD57-4217-9536-304A38EEB6CA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C2BB374-9233-4E10-9081-0EFEF2DF4D3B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C2BB374-9233-4E10-9081-0EFEF2DF4D3B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92A4E816-4B8F-4C51-9309-811794BAA74B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92A4E816-4B8F-4C51-9309-811794BAA74B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92CFA6F4-6657-4EF6-BCD6-2E0572242489}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92CFA6F4-6657-4EF6-BCD6-2E0572242489}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A62B4600-F9A4-4042-BD8C-86DE58A8F942}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A62B4600-F9A4-4042-BD8C-86DE58A8F942}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D67FEE68-0486-4D51-A096-F0D94847584F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D67FEE68-0486-4D51-A096-F0D94847584F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5FB778CC-EBFC-81CE-4EB6-957429887A55}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EC148BC2-AD53-4C9F-A105-5A2E715177A8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC148BC2-AD53-4C9F-A105-5A2E715177A8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E63767-5F33-4DC4-83BA-1AD26F4FFF2C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E63767-5F33-4DC4-83BA-1AD26F4FFF2C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
HKLM\System\CurrentControlSet\Services\McAfee WebAdvisor => removed successfully
McAfee WebAdvisor => service removed successfully
C:\WINDOWS\system32\Tasks\McAfee => moved successfully
C:\Program Files (x86)\McAfee => moved successfully
C:\Program Files (x86)\360 => moved successfully
C:\$360Section => moved successfully
"C:\Program Files\McAfee" => not found
"AS: 360 Total Security (Enabled - Up to date) {91AD8F88-E316-BC3A-E0A3-9F4C5B36A8D0}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => removed successfully
HKLM\Software\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\dssrequest => removed successfully
HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\sacore => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{97B702DC-8348-42D6-94DC-5F46445C740B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{61A61E1A-90F5-4D5A-9F5B-A4015E4A594B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1951BA3C-676F-4E16-BA50-71A323566B39}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{423F0FC2-7EA0-4F20-B189-B8901EA05320}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D4989557-9558-4681-9025-99D2AB567870}" => removed successfully

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 6578176 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 39775478 B
Java, Flash, Steam htmlcache => 1012 B
Windows/system/drivers => 5458121 B
Edge => 3185853 B
Chrome => 73663812 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 61160 B
NetworkService => 73904 B
John => 95151929 B
marge_000 => 95151929 B
Administrator => 95158171 B

RecycleBin => 0 B
EmptyTemp: => 395.1 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 15:06:46 ====

starbuck · Feb 9, 2021

Hi Tony,

If the Mozilla folders are not there it won't make any difference to the running of the system.
The FF entries may well be leftover registry items.
Nothing to worry about at all.

Was there any issue with the system or was it just a cleanup that was required?
You could always run the MB or the FRST again if you wanted to check the 2 sets of reports.

Tony D · Feb 9, 2021

Just wanted to cleanup this little Celeron. I'm running another FRST scan. It takes some time.

Tony D · Feb 9, 2021

What do you make of this? Defender is OFF, but the report shows it's Enabled.

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
Click to expand...

starbuck · Feb 9, 2021

What do you make of this? Defender is OFF, but the report shows it's Enabled.
Click to expand...

Not sure, I see these services and drivers are still active:
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2021-02-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2021-02-08] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2021-02-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2021-02-08] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2021-02-08] (Microsoft Windows -> Microsoft Corporation)

I see that MalwareBytes is showing as the security.
On this system, mine is showing.....

But Win defender is showing as disabled.
Worth looking into.

starbuck · Feb 9, 2021

Just ran FRST on this system.
The same services are drivers are showing in the report, but the Security Center is showing..

AV: ESET Security (Enabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

will see what I can find out tomorrow.

Tony D · Feb 9, 2021

Thanks, there's something going on.

starbuck · Feb 10, 2021

Hi Tony,

Only thing that I can come up with is...
Eset and most AV's are not designed to run with other Anti-malware programs so will turn them off completely.
Also MS have said that if another AV program is installed, WD will disable itself.
But ... MB is designed to run with other AV/AM programs ( apparently it scans at a different point in the malware process ).
If it's designed to run with other security programs it may well leave the settings in the security center.
The question is though ... are you going to run MB permanently on the system or are you just going to use it as the free version once the trial runs out?
Only the Pro version shows in the security center..... once I stopped MB from starting with Windows and disabled the trial ... (just going with the free version), the MB entry in the security center disappeared.
Because I hadn't run a scan before turning off the trial, I don't have a before and after report.
Will install it on another system later and get a before and after scan report and see what the difference is.

Tony D · Feb 10, 2021

Thanks Starbuck. Looking forward to your before and after scan reports.

starbuck · Feb 10, 2021

Ok.
did the install on my Win8.1 system.

First scan with only Win Defender installed and running...

=================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
-----
I didn't stop Win Defender before installing MB.
This is the 'after'.....

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

-----
So MB did disable Win Defender and altered the security center to show this.

Tony D · Feb 10, 2021

Yes and that's what I expected to see - MB shutting down Defender.

Maybe this has something to do with Defender being available on W10 just in case the user wants to run a scan.

starbuck · Feb 10, 2021

Maybe this has something to do with Defender being available on W10 just in case the user wants to run a scan.
Click to expand...

Maybe, it's hard to say for sure.
Can't find anything relating to this problem on the Malwarebytes forums or in any other search.
Obviously if you are only going to run the free version of MB, it's just a case of checking that Win Defender is running normally after the change.

Tony D · Feb 10, 2021

Sounds like a plan.

I also wonder if it's because this was an inplace W10 upgrade, rather than a clean install.

Tony D · Feb 10, 2021

After posting yesterday, I ran an ESET on-line scan. While doing so I disabled the 4 options in MBAM:
Web Protection, Malware Protection, Ransomeware Protections, and Exploit Protection.

Today I turned them all back on and ran another FRST scan. The results are different than yesterday. Here's what I got:

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

starbuck · Feb 12, 2021

So the glitch is definitely down to MB then.

Tony D · Feb 12, 2021

Whatever it was, it resolved itself.

starbuck · Feb 12, 2021

All very odd but glad it's resolved itself.

Log in or Sign up

Need a little cleanup

Tony D Administrator Administrator

starbuck Rest In Peace Pete Administrator

Attached Files:

fixlist.txt

Tony D Administrator Administrator

starbuck Rest In Peace Pete Administrator

Tony D Administrator Administrator

Tony D Administrator Administrator

starbuck Rest In Peace Pete Administrator

starbuck Rest In Peace Pete Administrator

Tony D Administrator Administrator

starbuck Rest In Peace Pete Administrator

Tony D Administrator Administrator

starbuck Rest In Peace Pete Administrator

Tony D Administrator Administrator

starbuck Rest In Peace Pete Administrator

Tony D Administrator Administrator

Tony D Administrator Administrator

starbuck Rest In Peace Pete Administrator

Tony D Administrator Administrator

starbuck Rest In Peace Pete Administrator

Share This Page

Log in or Sign up

Need a little cleanup

Tony D Administrator Administrator

starbuck Rest In Peace Pete Administrator

Attached Files:

fixlist.txt

Tony D Administrator Administrator

starbuck Rest In Peace Pete Administrator

Tony D Administrator Administrator

Tony D Administrator Administrator

starbuck Rest In Peace Pete Administrator

starbuck Rest In Peace Pete Administrator

Tony D Administrator Administrator

starbuck Rest In Peace Pete Administrator

Tony D Administrator Administrator

starbuck Rest In Peace Pete Administrator

Tony D Administrator Administrator

starbuck Rest In Peace Pete Administrator

Tony D Administrator Administrator

Tony D Administrator Administrator

starbuck Rest In Peace Pete Administrator

Tony D Administrator Administrator

starbuck Rest In Peace Pete Administrator

Share This Page

Useful Searches