Potential Malware Issue Detected By Superantispyware

mark59 · Jan 5, 2024

I may have a malware issue on a computer.

Computer: Acer Aspire XC-840 1.0
Operating System: Windows 11 Home (x64) Version 23H2

I ran a full scan with SUPERAntiSpyware (SAS). SAS said it had found 30+ adware tracking cookies. After the scan was completed I opened and saved the scan log, which I attach (SUPERAntiSpyware Scan Log - 01-04-2024 - 14-37-05.txt). After saving the scan log I allowed SAS to tackle the problem. SAS reported it had dealt with the problem.

On the advice of a malware specialist I have also downloaded and run Farbar Recover Scan Tool for 64 bit systems (FRST64). I attach the two reports generated by FRST64. In the next two posts I have pasted the two reports generated by FRST64, in the following order: FRST.txt and Addition.txt.

mark59 · Jan 5, 2024

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05.01.2024
Ran by markc (administrator) on HOME-MCJ (Acer Aspire XC-840) (05-01-2024 12:08:49)
Running from C:\Users\markc\Desktop\FRST64.exe
Loaded Profiles: markc & Jessica
Platform: Microsoft Windows 11 Home Version 23H2 22631.2861 (X64) Language: English (United Kingdom)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Acer\Quick Access Service\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAdminAgent.exe
(C:\Program Files\Acer\Quick Access Service\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAgent.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_23e9be9389950d33\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23e9be9389950d33\igfxEMN.exe
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QASvc.exe
(services.exe ->) (Glarysoft Ltd -> Glarysoft Ltd) C:\Program Files (x86)\Common Files\Glarysoft\StartupManager\1.0\GUBootService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23e9be9389950d33\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_64d7fcfcde9b9c10\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_2ca0a47853f51398\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_3d2488852c7b45a0\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7cee4436373b22ac\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_f3c201b4c28c14d0\WMIRegistrationService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe
(services.exe ->) (Qualcomm Atheros, Inc. -> ) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(services.exe ->) (RealDefense, LLC -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_baff7934ac50bab3\RtkAudUService64.exe <2>
(sihost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2302.13004.0_x64__8wekyb3d8bbwe\MicrosoftSecurityApp\MicrosoftSecurityApp.exe
(svchost.exe ->) (Acer Incorporated -> ) C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(svchost.exe ->) (Acer Incorporated -> ) C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_baff7934ac50bab3\RtkAudUService64.exe [1247064 2021-02-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowClipboardHistory] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKU\S-1-5-21-3646596974-955512312-3129206487-1001\...\Policies\Explorer: [HideSCAMeetNow] 1
HKU\S-1-5-21-3646596974-955512312-3129206487-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [180224 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3646596974-955512312-3129206487-1003\...\Run: [MicrosoftEdgeAutoLaunch_FB2851DDBC3721EA3FBA6881BD743A10] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3896768 2023-11-16] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\HP 8711 Status Monitor: C:\WINDOWS\system32\hpinksts8711LM.dll [332176 2012-09-12] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\PDF-XChange Lite Port Monitor: C:\WINDOWS\system32\pxcpmL.dll [999568 2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
Startup: C:\Users\markc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2050 J510 series.lnk [2023-09-26]
ShortcutAndArgument: Monitor Ink Alerts - HP Deskjet 2050 J510 series.lnk -> C:\WINDOWS\system32\RunDll32.exe => "C:\Program Files\HP\HP Deskjet 2050 J510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN07K2H10P05D1;CONNECTION=USB;MONITOR=1;
BootExecute: autocheck autochk *
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {FA92FEE8-C4B4-43C9-BD08-11B30C5F0C2E} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2971808 2021-12-30] (Acer Incorporated -> )
Task: {B31AB27F-DF08-46F5-8BEF-DF98CCF195D4} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41632 2021-12-30] (Acer Incorporated -> )
Task: {D2D07AF2-A678-4027-8889-A0B352ABEC6C} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4836512 2021-12-30] (Acer Incorporated -> )
Task: {7751CBF1-18AE-42F1-85A0-C300D6E092EB} - System32\Tasks\AcerCMUpdateTask2.5.22250 => C:\Program Files (x86)\Acer\Amundsen\2.5.22250\awc.exe [96904 2022-09-25] (Acer Incorporated -> )
Task: {D086004A-AC7F-47EF-A935-7BBAD356AC3B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {07880279-077A-4564-9EEE-DB9A25175744} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "573fb309-055f-4926-b2c6-089f6748b4c2" --version "6.19.10858" --silent
Task: {B3FC1EA3-9EDD-4623-8EAC-3751DA8ECAB0} - System32\Tasks\CCleanerSkipUAC - markc => C:\Program Files\CCleaner\CCleaner.exe [37458848 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {681D4404-31AC-42E0-8B1F-E61B860E6E19} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5298768 2023-12-05] (Microsoft Windows -> Microsoft Corporation)
Task: {B0C9CE02-B63F-4324-985C-E01E12DA32A8} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28175440 2023-12-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {65ACBB81-18C2-4BE4-B112-352145AB6BAF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28175440 2023-12-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {5CA6286F-D586-4CFB-AD50-6AD96AE46FA4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [306728 2023-12-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {2CC22A6A-7B10-480F-8A34-6098D74B3AD3} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [306728 2023-12-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {78D147F2-4EAD-4750-A4ED-7E3824EBE9D1} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [169144 2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {B77716E9-B3BA-4580-8452-7356764D8223} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6501C041-C1CD-48E7-96CD-4AE5920B27DC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E68556DF-AC84-4020-8D4A-9E1F6333062B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2B28D3CB-B5EC-45AC-9FC5-162DA2346E84} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9C2CE7ED-F7AA-405B-AF3D-5CFF7A7C1DA0} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [35232 2023-12-19] (Mozilla Corporation -> Mozilla Foundation)
Task: {625DAD2C-D50C-4F79-B296-AB1F541ECA43} - System32\Tasks\Oem\AcerJumpstartTask => C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe [70792 2022-08-15] (Acer Incorporated -> )
Task: {CD3B1FC0-822E-4CEB-87D0-F6345FEDCD6D} - System32\Tasks\Oem\wlanBrokerTask => C:\Program Files (x86)\Acer\ExpressVPN\wlanBroker.exe [18224 2021-03-22] (Acer Incorporated -> )
Task: {67CB5215-A706-4DE8-8B2B-1D42F89D179E} - System32\Tasks\Quick Access => C:\Program Files\Acer\Quick Access Service\QALauncher.exe [446624 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {2F84A51A-72DC-43E8-AFA2-B385A009A388} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [461472 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {1AE07928-D628-4094-BB7B-8EDC80C3B004} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program Service\Framework\TriggerFramework.exe [268520 2021-04-19] (Acer Incorporated -> Acer Incorporated)
Task: {2D594ACF-A225-4472-8D69-163FF96D9538} - System32\Tasks\UEIPInvitation => C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UEIPOOBECheck.exe [2211560 2021-04-19] (Acer Incorporated -> Acer Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 79.79.79.77 79.79.79.78
Tcpip\..\Interfaces\{768c1744-82b5-44a8-bb59-b94d1fe392a5}: [DhcpNameServer] 79.79.79.77 79.79.79.78
Tcpip\..\Interfaces\{768c1744-82b5-44a8-bb59-b94d1fe392a5}: [DhcpDomain] domain.name
Tcpip\..\Interfaces\{81ca57cd-54bf-4896-8a5c-3a009fcaa4ac}: [DhcpNameServer] 172.30.50.97 172.30.50.98

Edge:
=======
Edge Profile: C:\Users\markc\AppData\Local\Microsoft\Edge\User Data\Default [2024-01-04]
Edge Extension: (Google Docs Offline) - C:\Users\markc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-25]
Edge Extension: (Edge relevant text changes) - C:\Users\markc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-25]

FireFox:
========
FF DefaultProfile: 697kz9cd.default
FF ProfilePath: C:\Users\markc\AppData\Roaming\Mozilla\Firefox\Profiles\697kz9cd.default [2023-01-23]
FF ProfilePath: C:\Users\markc\AppData\Roaming\Mozilla\Firefox\Profiles\50mltxw0.default-release [2024-01-05]
FF DownloadDir: C:\Users\markc\Desktop
FF Homepage: Mozilla\Firefox\Profiles\50mltxw0.default-release -> hxxps://www.google.co.uk/
FF Extension: (Playmaker – Balanced) - C:\Users\markc\AppData\Roaming\Mozilla\Firefox\Profiles\50mltxw0.default-release\Extensions\playmaker-balanced-colorway@mozilla.org.xpi [2023-03-16]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\markc\AppData\Roaming\Mozilla\Firefox\Profiles\50mltxw0.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2023-12-19]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3646596974-955512312-3129206487-1001: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3646596974-955512312-3129206487-1001: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3646596974-955512312-3129206487-1001: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [177392 2023-09-13] (RealDefense, LLC -> SUPERAntiSpyware.com)
R2 ACCSvc; C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe [259232 2021-12-30] (Acer Incorporated -> Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13233744 2023-11-24] (Microsoft Corporation -> Microsoft Corporation)
R3 GUBootService; C:\Program Files (x86)\Common Files\Glarysoft\StartupManager\1.0\GUBootService.exe [888216 2023-11-20] (Glarysoft Ltd -> Glarysoft Ltd)
S3 GUMemfilesService; C:\Program Files (x86)\Glary Utilities\x64\MemfilesService.exe [427928 2023-12-22] (Glarysoft Ltd -> Glarysoft Ltd)
S3 GUPMService; C:\Program Files (x86)\Glary Utilities\GUPMService.exe [76696 2023-12-22] (Glarysoft Ltd -> Glarysoft Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-01-03] (Malwarebytes Inc. -> Malwarebytes)
R3 QASvc; C:\Program Files\Acer\Quick Access Service\QASvc.exe [504480 2022-01-03] (Acer Incorporated -> Acer Incorporated)
R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [188736 2021-07-30] (Qualcomm Atheros, Inc. -> )
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UBTService.exe [343272 2021-04-19] (Acer Incorporated -> Acer Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.)
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-10-26] (Microsoft Corporation) [File not signed]
R3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [136688 2021-12-02] (GENESYS LOGIC, INC. -> Genesys Logic)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [23568 2023-07-17] (Microsoft Windows Hardware Compatibility Publisher -> Glarysoft Ltd)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-10-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-01-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [18160 2023-08-25] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [15600 2023-08-25] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2023-12-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [594304 2023-12-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-06] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-01-05 12:08 - 2024-01-05 12:09 - 000022482 _____ C:\Users\markc\Desktop\FRST.txt
2024-01-05 12:08 - 2024-01-05 12:09 - 000000000 ____D C:\FRST
2024-01-05 12:06 - 2024-01-05 12:06 - 002388480 _____ (Farbar) C:\Users\markc\Desktop\FRST64.exe
2024-01-04 17:16 - 2024-01-04 17:16 - 000000000 ____D C:\Users\markc\AppData\Roaming\Microsoft\MMC
2024-01-04 16:12 - 2024-01-04 16:12 - 002361579 ____R C:\Users\markc\Downloads\pdfcoffee.com-english-romanian-dictionary.pdf
2024-01-04 12:48 - 2024-01-04 12:48 - 001679548 ____R C:\Users\markc\Downloads\Faith vs Fact Why Science and Religion Are Incompatible.pdf
2024-01-04 12:48 - 2024-01-04 12:48 - 001679548 _____ C:\Users\markc\Desktop\Faith vs Fact Why Science and Religion Are Incompatible.pdf
2024-01-02 19:34 - 2024-01-02 19:34 - 000410485 _____ C:\Users\markc\Desktop\Mums-authorisation-to-Lloyds-for-me-to-act.pdf
2024-01-02 17:54 - 2024-01-02 17:54 - 028961459 _____ C:\Users\markc\Desktop\clinical-biochemistry-made-ridiculously-simple.pdf
2024-01-02 11:26 - 2024-01-03 10:38 - 000000000 ____D C:\Users\Jessica\AppData\Local\Malwarebytes
2024-01-02 03:20 - 2024-01-02 03:20 - 350464028 _____ C:\Users\markc\Desktop\Monastic Diurnal (1952).pdf
2024-01-02 03:06 - 2024-01-02 03:06 - 000140007 _____ C:\Users\markc\Desktop\instructions-anglican-breviary.pdf
2024-01-02 03:02 - 2024-01-02 03:02 - 000148546 _____ C:\Users\markc\Desktop\The_General_Rubrics_of_the_Missal.pdf
2023-12-31 12:28 - 2023-12-31 12:28 - 000277060 _____ C:\Users\markc\Downloads\Singing The Psalterium Monasticum.pdf
2023-12-30 09:50 - 2023-12-30 09:50 - 000559442 _____ C:\WINDOWS\system32\perfh008.dat
2023-12-30 09:50 - 2023-12-30 09:50 - 000094080 _____ C:\WINDOWS\system32\perfc008.dat
2023-12-29 17:22 - 2023-12-29 17:22 - 001429859 _____ C:\Users\markc\Desktop\Pontificio_Ateneo_Sant’_Anselmrdo_Anni_Academici_2023-24.pdf
2023-12-29 17:20 - 2023-12-29 17:20 - 001429859 ____R C:\Users\markc\Downloads\Ordo 2023-24.pdf
2023-12-29 14:42 - 2023-12-29 17:06 - 000009390 _____ C:\Users\markc\Documents\Chippy Tea 29 12 2023.xlsx
2023-12-29 12:36 - 2023-12-29 12:36 - 016122052 ____R C:\Users\markc\Downloads\Full-8.pdf
2023-12-29 12:31 - 2023-12-29 12:35 - 033082786 ____R C:\Users\markc\Downloads\Full-7.pdf
2023-12-29 11:55 - 2023-12-29 11:58 - 058230616 ____R C:\Users\markc\Downloads\Full-6.pdf
2023-12-29 11:19 - 2023-12-29 11:20 - 043972021 ____R C:\Users\markc\Downloads\Full-2.pdf
2023-12-28 14:47 - 2023-12-28 14:51 - 079296299 ____R C:\Users\markc\Downloads\Full-5.pdf
2023-12-28 14:41 - 2023-12-28 14:46 - 123180544 ____R C:\Users\markc\Downloads\Full-4.pdf
2023-12-28 14:39 - 2023-12-28 14:41 - 037740929 ____R C:\Users\markc\Downloads\Full-3.pdf
2023-12-28 14:20 - 2023-12-28 14:25 - 057456429 ____R C:\Users\markc\Downloads\Full-1.pdf
2023-12-28 14:09 - 2023-12-28 14:11 - 052330098 ____R C:\Users\markc\Downloads\Full.pdf
2023-12-28 11:47 - 2023-12-28 11:47 - 000088480 _____ C:\Users\markc\Documents\Birmingham_Heartlands_NHS_FT_Organisation.pptx
2023-12-27 11:15 - 2023-12-27 11:15 - 001049376 _____ C:\Users\markc\Desktop\PA002_-_Pathway_for_HIV_Testing_in_Services_Other_Than_Primary_Care_v5_Mar-21.pdf
2023-12-26 14:56 - 2023-12-26 14:56 - 000286342 ____R C:\Users\markc\Downloads\Newsletter-24-31-12-2023.pdf
2023-12-26 14:56 - 2023-12-26 14:56 - 000286342 _____ C:\Users\markc\Desktop\Arundel Cathedral.pdf
2023-12-26 14:54 - 2023-12-26 14:54 - 002043756 _____ C:\Users\markc\Desktop\Plymouth Cathedral.pdf
2023-12-26 12:45 - 2023-12-26 12:45 - 000001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2023-12-26 12:45 - 2023-12-26 12:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2023-12-26 12:44 - 2023-12-28 20:57 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2023-12-26 12:10 - 2023-12-26 12:10 - 000998706 ____R C:\Users\markc\Downloads\PewSheet-Christmas2023FINAL.pdf
2023-12-26 03:34 - 2023-12-26 03:34 - 000126803 _____ C:\Users\markc\Desktop\Emergency_Department-v1.pdf
2023-12-26 03:29 - 2023-12-26 03:29 - 000325099 _____ C:\Users\markc\Desktop\5135_endoscopic_retrograde_cholangio-pancreatography_ercp_pisu109_preview.pdf
2023-12-26 03:29 - 2023-12-26 03:29 - 000186085 _____ C:\Users\markc\Desktop\9088_ercp_endoscopic_retrograde_cholangio_pancreatogram_-_post_procedure_pisu1074_preview.pdf
2023-12-26 03:19 - 2023-12-26 03:19 - 000197384 ____R C:\Users\markc\Downloads\Job Description and Person Specification-1.pdf
2023-12-26 03:13 - 2023-12-26 03:52 - 000199410 _____ C:\Users\markc\Desktop\Oxford Oratory Newsletter 24 Dec 23.pdf
2023-12-24 17:13 - 2023-12-24 17:13 - 000077944 _____ C:\Users\markc\Desktop\yorkmissal.pdf
2023-12-23 11:18 - 2023-12-23 11:18 - 099310849 _____ C:\Users\markc\Desktop\Animal Physiology From Genes to Organisms.pdf
2023-12-23 10:59 - 2023-12-23 11:03 - 099310849 ____R C:\Users\markc\Downloads\Animal Physiology From Genes to Organisms.pdf
2023-12-23 10:15 - 2023-12-23 10:15 - 010830754 _____ C:\Users\markc\Desktop\GMC_Annual_Report_2022.pdf
2023-12-21 19:12 - 2023-12-21 19:12 - 000213623 _____ C:\Users\markc\Desktop\General_Surgery_Fact_File.pdf
2023-12-21 18:57 - 2023-12-21 18:57 - 000671460 ____R C:\Users\markc\Downloads\426-497-23SS-B_Job Description and Personal Specification.pdf
2023-12-21 18:48 - 2023-12-21 18:48 - 000289655 _____ C:\Users\markc\Desktop\Non-elective_Surgery_Policy.pdf
2023-12-21 17:29 - 2023-12-21 17:29 - 002384489 _____ C:\Users\markc\Desktop\Emergency-General-Surgery-FINAL-7.2.17.pdf
2023-12-21 14:13 - 2023-12-21 14:13 - 000396574 ____R C:\Users\markc\Downloads\Staff Nurse - Surgical Triage Unit F5-F6.pdf
2023-12-21 10:59 - 2023-12-21 10:59 - 001436607 _____ C:\Users\markc\Desktop\junior_doctors_new_starters_handbook.pdf
2023-12-21 10:58 - 2023-12-21 10:58 - 005436911 _____ C:\Users\markc\Desktop\BSG-Trainees-Gastroenterology-Handbook-2015.pdf
2023-12-21 10:56 - 2023-12-21 10:56 - 015045504 ____R C:\Users\markc\Downloads\Emergency Medicine Handbook.pdf
2023-12-21 10:56 - 2023-12-21 10:56 - 015045504 _____ C:\Users\markc\Desktop\Emergency Medicine Handbook.pdf
2023-12-21 10:35 - 2023-12-21 10:35 - 000469885 ____R C:\Users\markc\Downloads\emergency general surgeon ( 2)-1.pdf
2023-12-21 10:35 - 2023-12-21 10:35 - 000469885 _____ C:\Users\markc\Desktop\emergency general surgeon ( 2)-1.pdf
2023-12-21 10:23 - 2023-12-21 10:23 - 000509260 _____ C:\Users\markc\Desktop\A_Consultant_Surgeon_CV.pdf
2023-12-21 10:18 - 2023-12-21 10:18 - 000236519 ____R C:\Users\markc\Downloads\Handbook_of_General_Surgical_Emergencies.pdf
2023-12-20 22:05 - 2023-12-20 22:05 - 001183721 _____ C:\Users\markc\Desktop\ERCP.pdf
2023-12-19 18:08 - 2023-12-19 18:08 - 000623705 ____R C:\Users\markc\Downloads\17thDecember2023.pdf
2023-12-19 17:19 - 2023-12-19 17:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2023-12-19 13:50 - 2023-12-19 13:51 - 000000000 ____D C:\Users\markc\Desktop\Photos from mum's house
2023-12-18 17:17 - 2023-12-18 17:17 - 001047471 _____ C:\Users\markc\Desktop\Journal Article Breathing.pdf
2023-12-18 17:16 - 2023-12-18 17:16 - 001047471 ____R C:\Users\markc\Downloads\journal.pone.0295157.pdf
2023-12-18 16:44 - 2023-12-18 16:44 - 002604442 _____ C:\Users\markc\Desktop\Good_Medical_Practice_2024.pdf
2023-12-18 09:57 - 2023-12-18 09:57 - 003528171 ____R C:\Users\markc\Downloads\terms-and-conditions-for-full-details-of-what-is-and-isn't-covered.pdf
2023-12-17 15:05 - 2023-12-17 15:05 - 000583007 ____R C:\Users\markc\Downloads\3rd_Sunday_of_Advent_2023.pdf
2023-12-17 13:43 - 2023-12-17 13:43 - 000618338 _____ C:\Users\markc\Desktop\add2.1.ecl.print.pdf
2023-12-12 21:13 - 2023-12-12 21:13 - 000829650 _____ C:\Users\markc\Desktop\St_George's_Cathedral_Southwark_Christmas_2023.pdf
2023-12-12 20:57 - 2023-12-12 20:57 - 015020735 _____ C:\Users\markc\Desktop\Evolution’s Witness How Eyes Evolved.pdf
2023-12-09 16:41 - 2023-12-09 16:41 - 001322615 _____ C:\Users\markc\Desktop\St-Margaret_Marys_Christmas_Services.pdf
2023-12-09 16:21 - 2023-12-09 16:21 - 000152416 _____ C:\Users\markc\Desktop\Visual_stress_SLD.pdf
2023-12-09 16:07 - 2023-12-09 16:07 - 000701016 _____ C:\Users\markc\Desktop\St_Silas_Newsletter_Week_I_Advent.pdf
2023-12-08 12:25 - 2023-12-08 12:25 - 004115666 _____ C:\Users\markc\Desktop\Dinosaurs A Very Short Introduction.pdf
2023-12-07 18:48 - 2023-12-07 18:48 - 178653089 _____ C:\Users\markc\Desktop\Ritual_Notes.pdf
2023-12-07 18:34 - 2023-12-07 18:34 - 001738608 _____ C:\Users\markc\Desktop\The_Server_vol_06_no_07.pdf
2023-12-07 18:33 - 2023-12-07 18:33 - 003751163 _____ C:\Users\markc\Desktop\Anglican_Services.pdf
2023-12-07 18:08 - 2023-12-07 18:08 - 000430817 _____ C:\Users\markc\Desktop\The_Calendar_&_Liturgical_Year_of_the_Church_of_England.pdf
2023-12-07 15:12 - 2023-12-07 15:12 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2023-12-06 13:06 - 2023-12-13 22:20 - 000009584 _____ C:\Users\markc\Desktop\The_English_Liturgy.xlsx

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-01-05 12:07 - 2022-10-25 11:36 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-01-05 12:01 - 2023-04-24 15:51 - 000000000 ____D C:\Users\markc\AppData\Local\Malwarebytes
2024-01-05 12:00 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-01-05 11:56 - 2022-05-07 05:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-01-05 11:36 - 2022-10-25 11:46 - 000000000 ____D C:\Users\markc\AppData\Roaming\Microsoft\Word
2024-01-05 11:02 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-01-05 11:01 - 2022-10-25 09:35 - 000000000 __SHD C:\Users\markc\IntelGraphicsProfiles
2024-01-04 18:39 - 2022-10-27 11:34 - 000000000 ____D C:\Program Files\CCleaner
2024-01-04 18:38 - 2023-11-01 14:45 - 000000000 ____D C:\Program Files (x86)\Glary Utilities
2024-01-04 14:38 - 2022-10-26 19:41 - 000000000 ____D C:\Users\markc\AppData\Roaming\Microsoft\Excel
2024-01-04 13:02 - 2022-10-27 11:38 - 000000000 ____D C:\ProgramData\TEMP
2024-01-04 13:02 - 2022-10-27 11:38 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2024-01-04 12:53 - 2022-05-07 05:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-01-04 11:27 - 2022-05-07 05:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-01-04 11:26 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2024-01-03 18:26 - 2023-11-19 14:45 - 000239576 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2024-01-03 10:37 - 2023-05-06 21:03 - 000000000 __SHD C:\Users\Jessica\IntelGraphicsProfiles
2024-01-03 10:37 - 2022-10-26 21:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-01-02 11:26 - 2023-05-06 21:03 - 000000000 ____D C:\Users\Jessica\AppData\Local\ConnectedDevicesPlatform
2024-01-01 23:05 - 2023-05-06 21:04 - 000000000 ____D C:\Users\Jessica\AppData\Local\D3DSCache
2024-01-01 20:56 - 2023-05-06 21:04 - 000000000 ____D C:\Users\Jessica\AppData\Local\Packages
2024-01-01 20:54 - 2023-05-06 21:03 - 000000000 ____D C:\Users\Jessica\AppData\Roaming\GlarySoft
2023-12-31 16:44 - 2022-07-27 21:58 - 000000000 ____D C:\Program Files\Microsoft Office
2023-12-30 09:50 - 2022-10-26 21:08 - 001478874 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-12-30 09:50 - 2022-05-07 05:22 - 000000000 ____D C:\WINDOWS\INF
2023-12-30 09:46 - 2022-10-26 21:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-12-30 09:46 - 2022-07-27 21:08 - 000000000 ___HD C:\Intel
2023-12-30 09:46 - 2022-07-27 20:56 - 000012288 ___SH C:\DumpStack.log.tmp
2023-12-30 09:46 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-12-30 09:45 - 2022-10-28 12:00 - 000001607 _____ C:\WINDOWS\system32\config\VSMIDK
2023-12-29 12:38 - 2022-11-22 15:17 - 000000000 ____D C:\Users\markc\Documents\Medicine
2023-12-29 12:18 - 2022-05-07 05:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-12-29 12:14 - 2023-10-17 14:44 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2023-12-29 12:12 - 2022-10-26 20:44 - 000000000 ____D C:\Users\markc
2023-12-28 13:32 - 2023-04-23 12:53 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2023-12-28 12:00 - 2022-10-25 09:35 - 000000000 ____D C:\Users\markc\AppData\Local\Packages
2023-12-26 20:08 - 2022-11-01 14:54 - 000000000 ____D C:\Users\markc\AppData\Local\CrashDumps
2023-12-26 20:03 - 2023-08-14 12:54 - 000077824 _____ C:\WINDOWS\system32\config\SAM.gu
2023-12-26 20:03 - 2023-05-06 21:03 - 000000000 ____D C:\Users\Jessica
2023-12-26 20:03 - 2023-05-05 11:30 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY.gu
2023-12-26 20:03 - 2022-12-21 16:34 - 000000000 ____D C:\Users\Craig
2023-12-26 20:03 - 2022-05-07 05:17 - 102760448 _____ C:\WINDOWS\system32\config\SOFTWARE.gu.bak
2023-12-26 20:03 - 2022-05-07 05:17 - 018612224 _____ C:\WINDOWS\system32\config\SYSTEM.gu.bak
2023-12-26 20:02 - 2022-05-07 05:17 - 001048576 _____ C:\WINDOWS\system32\config\DEFAULT.gu.bak
2023-12-26 13:00 - 2023-11-01 14:45 - 000001151 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities.lnk
2023-12-26 12:16 - 2022-10-25 09:35 - 000000000 ____D C:\Users\markc\AppData\Local\D3DSCache
2023-12-22 07:57 - 2023-05-05 11:29 - 000043928 _____ (Glarysoft Ltd) C:\WINDOWS\system32\RegBootDefrag.exe
2023-12-21 11:39 - 2022-10-25 11:46 - 000000000 ____D C:\Users\markc\AppData\Roaming\Microsoft\Office
2023-12-20 08:28 - 2023-03-15 18:11 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-12-20 08:28 - 2023-01-12 12:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-12-19 18:21 - 2023-01-12 12:37 - 000001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-12-19 18:20 - 2023-12-02 11:20 - 000561700 _____ C:\Users\markc\Desktop\bookmarks.html
2023-12-19 17:19 - 2023-08-03 16:11 - 000000000 ____D C:\Program Files\Calibre2
2023-12-19 14:13 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-12-13 17:15 - 2022-05-07 05:24 - 000000000 ____D C:\ProgramData\USOPrivate
2023-12-13 16:59 - 2022-10-27 11:34 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2023-12-13 16:59 - 2022-10-26 21:03 - 000473976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-12-13 16:57 - 2023-09-29 12:13 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2023-12-13 16:57 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-12-13 16:54 - 2022-10-27 11:34 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2023-12-13 16:54 - 2022-10-27 11:34 - 000003380 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2023-12-13 11:16 - 2022-05-07 05:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-12-13 11:08 - 2022-10-26 21:06 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-12-12 20:56 - 2023-12-03 17:44 - 000000000 ____D C:\Users\markc\Desktop\TEMP
2023-12-07 15:12 - 2022-05-07 05:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-12-06 11:46 - 2022-07-27 20:56 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

mark59 · Jan 5, 2024

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05.01.2024
Ran by markc (05-01-2024 12:11:20)
Running from C:\Users\markc\Desktop
Microsoft Windows 11 Home Version 23H2 22631.2861 (X64) (2022-10-26 21:13:17)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3646596974-955512312-3129206487-500 - Administrator - Disabled)
Craig (S-1-5-21-3646596974-955512312-3129206487-1002 - Limited - Enabled) => C:\Users\Craig
DefaultAccount (S-1-5-21-3646596974-955512312-3129206487-503 - Limited - Disabled)
Guest (S-1-5-21-3646596974-955512312-3129206487-501 - Limited - Disabled)
Jessica (S-1-5-21-3646596974-955512312-3129206487-1003 - Limited - Enabled) => C:\Users\Jessica
markc (S-1-5-21-3646596974-955512312-3129206487-1001 - Administrator - Enabled) => C:\Users\markc
WDAGUtilityAccount (S-1-5-21-3646596974-955512312-3129206487-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Configuration Manager (HKLM-x32\...\{8CB1A03C-9849-4744-AD56-341A18F9E3E2}) (Version: 2.5.22250 - Acer)
Acer Jumpstart (HKLM-x32\...\{0C5ED25A-B8D1-4E71-BFCB-6B370A4EA19C}) (Version: 3.5.22220.20 - Acer)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: 1.35.0.64251 - Amazon)
Amazon Kindle (HKU\S-1-5-21-3646596974-955512312-3129206487-1001\...\Amazon Kindle) (Version: 2.1.0.70471 - Amazon)
App Explorer (HKU\S-1-5-19\...\Host App Service) (Version: 0.273.4.240 - SweetLabs) <==== ATTENTION
App Explorer (HKU\S-1-5-20\...\Host App Service) (Version: 0.273.4.240 - SweetLabs) <==== ATTENTION
App Explorer (HKU\S-1-5-21-3646596974-955512312-3129206487-1001\...\Host App Service) (Version: 0.273.4.677 - SweetLabs) <==== ATTENTION
App Explorer (HKU\S-1-5-21-3646596974-955512312-3129206487-1002\...\Host App Service) (Version: 0.273.4.677 - SweetLabs) <==== ATTENTION
App Explorer (HKU\S-1-5-21-3646596974-955512312-3129206487-1003\...\Host App Service) (Version: 0.273.4.677 - SweetLabs) <==== ATTENTION
Belarc Advisor 11.5a (HKLM-x32\...\Belarc Advisor) (Version: 11.5.1.0 - Belarc, Inc.)
calibre 64bit (HKLM\...\{31998FF7-0A0A-4B25-9BDA-20B12F109278}) (Version: 7.2.0 - Kovid Goyal)
Care Center Service (HKLM\...\{AFB52E98-7597-4484-9202-58F0FD3512ED}) (Version: 4.00.3042 - Acer Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 6.19 - Piriform)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3026 - Acer Incorporated)
Dynamic Application Loader Host Interface Service (HKLM\...\{03F35F80-14A6-4E30-8E33-BCA7F7C570F7}) (Version: 1.0.0.0 - Intel Corporation) Hidden
ExpressVPN (HKLM-x32\...\{72B1757E-2E76-49C5-A31E-BA29DD7FA5F6}) (Version: 2.4.22135.2 - Acer)
Glary Utilities 5.212 (HKLM-x32\...\Glary Utilities 5) (Version: 5.212.0.241 - Glarysoft Ltd)
Glary Utilities 6.4 (HKLM-x32\...\Glary Utilities) (Version: 6.4.0.7 - Glarysoft Ltd)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{FEE24FD1-6AEC-4FBC-8AF6-B869566262FC}) (Version: 28.1.1328.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Deskjet 2050 J510 series Product Improvement Study (HKLM\...\{A9929521-69C8-4C9D-92F3-BB4FCE439CDE}) (Version: 28.1.1328.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Intel(R) Chipset Device Software (HKLM\...\{C83A9D76-02D0-4032-8C96-2CE7BC6ECBC8}) (Version: 10.1.18536.8242 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{e8186846-4645-4766-93b8-361f50976fa7}) (Version: 10.1.18536.8242 - Intel(R) Corporation)
Intel(R) Icls (HKLM\...\{82C7B87D-EAA6-46AE-BD99-F7472FB83205}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2048.15.0.2027 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{5B77C458-C037-4F0E-84D0-154B48C05F07}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{C82B390A-0208-4754-AB60-B7A3D949D9C6}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{5EAE55E3-564C-4B34-BC60-0BF7B72F39E1}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{5E76D344-147E-4FE7-B8E0-83DA43C292C2}) (Version: 30.100.2026.14 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.2026.14 - Intel Corporation)
Kurso de Esperanto Kape (HKLM-x32\...\{79E9CF35-FED4-482F-BA4C-9140E3311576}_is1) (Version: 5.1 - Kurso de Esperanto)
Malwarebytes version 4.6.8.311 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.8.311 - Malwarebytes)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.17029.20108 - Microsoft Corporation)
Microsoft 365 - en-gb (HKLM\...\O365HomePremRetail - en-gb) (Version: 16.0.17029.20108 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 119.0.2151.72 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 119.0.2151.72 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3646596974-955512312-3129206487-1001\...\OneDriveSetup.exe) (Version: 23.221.1024.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3646596974-955512312-3129206487-1002\...\OneDriveSetup.exe) (Version: 22.012.0117.0003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3646596974-955512312-3129206487-1003\...\OneDriveSetup.exe) (Version: 22.012.0117.0003 - Microsoft Corporation)
Microsoft OneNote - de-de (HKLM\...\OneNoteFreeRetail - de-de) (Version: 16.0.17029.20108 - Microsoft Corporation)
Microsoft OneNote - en-gb (HKLM\...\OneNoteFreeRetail - en-gb) (Version: 16.0.17029.20108 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 (HKLM-x32\...\{0FA68574-690B-4B00-89AA-B28946231449}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 (HKLM-x32\...\{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-GB) (HKLM\...\Mozilla Firefox 121.0 (x64 en-GB)) (Version: 121.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 108.0.2 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17029.20000 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17029.20068 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.17029.20000 - Microsoft Corporation) Hidden
PDF-XChange Editor (HKLM\...\{4814BD0F-544C-4B83-8007-396FFE09C21E}) (Version: 10.1.3.383 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Editor (HKLM-x32\...\{ef5b79ef-2607-4b32-934c-ff492ce76a6e}) (Version: 10.1.3.383 - Tracker Software Products (Canada) Ltd.)
Quick Access Service (HKLM\...\{AB25551C-74EF-4BAB-9989-891517FCF9FF}) (Version: 3.00.3038 - Acer Incorporated)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9123.1 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
Roblox Player for Jessica (HKU\S-1-5-21-3646596974-955512312-3129206487-1003\...\roblox-player) (Version: - Roblox Corporation)
SpywareBlaster 6.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 6.0.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1260 - SUPERAntiSpyware.com)
TomTom MyDrive Connect 4.2.13.4365 (HKLM-x32\...\MyDriveConnect) (Version: 4.2.13.4365 - TomTom)
User Experience Improvement Program Service (HKLM\...\{323EA05D-046D-449D-9D7C-89243C957CCE}) (Version: 5.00.3012 - Acer Incorporated)

Packages:
=========
AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.52074.0_x64__8wekyb3d8bbwe [2023-05-06] (Microsoft Corporation)
Care Center S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCareCenterS_4.0.3042.0_x64__48frkmn4z8aw4 [2023-05-06] (Acer Incorporated)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_22.4.18.0_x64__xbfy0k16fey96 [2023-05-06] (Dropbox Inc.)
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_10.47.7.0_x64__q4d96b2w5wcc2 [2023-05-06] (Evernote) [Startup Task]
Hearts Deluxe -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.HeartsDeluxe_6.13.101.0_x64__kx24dqmazqk8j [2023-05-06] (Random Salad Games LLC)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt [2023-05-06] (INTEL CORP) [Startup Task]
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1650.17.91.0_x64__8xx8rvfyw5nnt [2023-05-06] (Meta) [Startup Task]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2302.13004.0_x64__8wekyb3d8bbwe [2023-05-06] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.1.28.0_x64__8wekyb3d8bbwe [2023-05-06] (Microsoft Corp.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.14.9130.0_x64__8wekyb3d8bbwe [2023-05-06] (Microsoft Studios) [MS Ad]
Microsoft.WindowsAppRuntime.CBS -> C:\WINDOWS\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-12-05] (Microsoft Corporation)
PhotoDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PhotoDirectorforacerDesktop_8.0.6428.0_x64__ypz87dpxkv292 [2023-05-06] (CYBERLINK COM CORP)
PowerDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PowerDirectorforacerDesktop_14.0.4304.0_x64__ypz87dpxkv292 [2023-05-06] (CYBERLINK COM CORP)
QuickAccess -> C:\Program Files\WindowsApps\AcerIncorporated.QuickAccess_3.0.3032.0_x64__48frkmn4z8aw4 [2023-05-06] (Acer Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.25.245.0_x64__dt26b99r8h8gj [2023-05-06] (Realtek Semiconductor Corp)
Simple Mahjong -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleMahjong_6.3.81.0_x64__kx24dqmazqk8j [2023-05-06] (Random Salad Games LLC)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.4.14.0_x64__kx24dqmazqk8j [2023-05-06] (Random Salad Games LLC)
Simple Spider Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSpiderSolitaire_3.8.35.0_x64__kx24dqmazqk8j [2023-05-06] (Random Salad Games LLC)
Spades -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.Spades_6.1.121.0_x64__kx24dqmazqk8j [2023-05-06] (Random Salad Games LLC)
User Experience Improvement Program V5 -> C:\Program Files\WindowsApps\AcerIncorporated.UserExperienceImprovementProgramV_5.0.3012.0_x64__48frkmn4z8aw4 [2023-05-06] (Acer Incorporated)
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-12-05] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-28] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-28] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [136]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKU\S-1-5-21-3646596974-955512312-3129206487-1001 -> DefaultScope {475A399D-1A63-407C-BAA2-162C53BC9214} URL =
SearchScopes: HKU\S-1-5-21-3646596974-955512312-3129206487-1001 -> {475A399D-1A63-407C-BAA2-162C53BC9214} URL =
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2022-06-15] (Belarc, Inc. -> Belarc, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-12-07] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3646596974-955512312-3129206487-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3646596974-955512312-3129206487-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3646596974-955512312-3129206487-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3646596974-955512312-3129206487-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3646596974-955512312-3129206487-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3646596974-955512312-3129206487-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3646596974-955512312-3129206487-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3646596974-955512312-3129206487-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3646596974-955512312-3129206487-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3646596974-955512312-3129206487-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3646596974-955512312-3129206487-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3646596974-955512312-3129206487-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3646596974-955512312-3129206487-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3646596974-955512312-3129206487-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3646596974-955512312-3129206487-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3646596974-955512312-3129206487-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3646596974-955512312-3129206487-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3646596974-955512312-3129206487-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3646596974-955512312-3129206487-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3646596974-955512312-3129206487-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-06-05 12:08 - 2021-06-05 12:08 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2023-05-07 17:59 - 2023-05-07 18:00 - 000000501 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3646596974-955512312-3129206487-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Acer01.jpg
HKU\S-1-5-21-3646596974-955512312-3129206487-1002\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\themeb\img24.jpg
HKU\S-1-5-21-3646596974-955512312-3129206487-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 79.79.79.77 - 79.79.79.78
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-3646596974-955512312-3129206487-1001\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - HP Deskjet 2050 J510 series.lnk"
HKU\S-1-5-21-3646596974-955512312-3129206487-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3646596974-955512312-3129206487-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3646596974-955512312-3129206487-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_2DA4B54DB19C7043267297E92F07CB28"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D51EA1D9-5E9C-4B87-8984-0057E03DA4E2}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe (HP Inc. -> Hewlett-Packard Co.)
FirewallRules: [{1C432E0D-0227-49F8-95F7-C570FD48D04E}] => (Allow) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom International B.V. -> TomTom)
FirewallRules: [{9CB374E3-F57D-438F-842E-E6FD1E748919}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{ECB73D06-6930-4621-A6A4-EAE74B9A9E1D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{54747EF6-3199-4F43-996C-16B14B4DA851}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BB92E6E1-D7DC-4AC7-87B9-98AAB06E9832}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23258.704.2395.9691_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FB33BB78-6896-4108-991A-5AA20F34171C}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23258.704.2395.9691_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B6A69604-4AFE-459E-A66C-F9681A9095EB}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.72\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

13-12-2023 11:00:58 Windows Update
23-12-2023 11:05:23 Scheduled Checkpoint
01-01-2024 11:28:16 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (01/04/2024 01:08:00 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Error: (01/03/2024 08:21:06 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (9428,R,98) WebCacheLocal: An attempt to open the file "C:\Users\markc\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/01/2024 01:07:59 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Error: (12/31/2023 01:07:59 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Error: (12/30/2023 04:16:17 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Error: (12/29/2023 01:07:59 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Error: (12/28/2023 01:07:59 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Error: (12/27/2023 01:07:59 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

System errors:
=============
Error: (01/05/2024 11:58:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SASDIFSV service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (01/05/2024 11:58:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SASKUTIL service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (01/05/2024 11:58:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SASKUTIL service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (01/05/2024 11:06:15 AM) (Source: DCOM) (EventID: 10010) (User: HOME-MCJ)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (01/04/2024 06:39:33 PM) (Source: DCOM) (EventID: 10000) (User: HOME-MCJ)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (01/04/2024 02:42:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SASDIFSV service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (01/04/2024 02:42:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SASKUTIL service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (01/04/2024 02:42:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SASKUTIL service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Windows Defender:
================
Date: 2024-01-04 13:24:48
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-01-03 13:31:44
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-01-02 12:01:07
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-01-01 12:14:55
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-12-31 13:35:29
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]

Date: 2023-12-29 12:14:23
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2023-12-26 20:12:54
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2023-12-26 19:56:04
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2023-12-05 21:26:01
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2023-11-20 14:59:11
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.401.908.0
Previous security intelligence Version: 1.401.895.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.23100.2009
Previous Engine Version: 1.1.23100.2009
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, then try to start the program again. For information on installing updates, see Help and Support.

CodeIntegrity:
===============
Date: 2024-01-05 11:58:35
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SUPERAntiSpyware\sasdifsv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2024-01-05 11:58:34
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SUPERAntiSpyware\saskutil64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. R01-A3 05/24/2023
Motherboard: Acer Aspire XC-840
Processor: Intel(R) Pentium(R) Silver N6005 @ 2.00GHz
Percentage of memory in use: 50%
Total physical RAM: 8063.34 MB
Available physical RAM: 3952.73 MB
Total Virtual: 8575.34 MB
Available Virtual: 4658.1 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:465.12 GB) (Free:259.96 GB) (Model: WDC WD10EZEX-21WN4A0) NTFS
Drive d: (DATA) (Fixed) (Total:465.12 GB) (Free:464.97 GB) (Model: WDC WD10EZEX-21WN4A0) NTFS

\\?\Volume{4bc65c36-864c-4208-98f1-d8c57ab9768c}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.33 GB) NTFS
\\?\Volume{cf2906a8-fa84-4c3a-b522-876b60b8378d}\ (ESP) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32

==================== MBR & Partition Table ====================

==================== End of Addition.txt =======================

Oh My! · Jan 5, 2024

Welcome back.

Allow me some time to review things.

mark59 · Jan 5, 2024

Oh My! said: ↑

Welcome back.
Click to expand...

Thank you!

Oh My! said: ↑

Allow me some time to review things.
Click to expand...

Of course. Reading those reports is, to me, like reading a foreign language. I'm grateful you're fluent in it.

Oh My! · Jan 5, 2024

Thank you for the reports.

I am not seeing any active malware on this computer. Tracking cookies are common and more of an annoyance to privacy than harmful.

Let's start with this.

===================================================

Uninstalling Programs Using Revo Uninstaller Free Portable

--------------------

Download Revo Uninstaller Free Portable and save it to your Desktop

Right click on the folder and select Extract All..., then click Extract

Double click on the RevoUninstaller-Portable folder

Right click on RevoUPort and select Run as administrator

Click OK on the License Agreement

From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Code:
App Explorer
If the program's uninstaller appears work through the steps to remove the program(s)

Be sure the Advanced option is selected then click Scan

For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion

Once done click Finish

Reboot your computer

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST64 icon and select Run as administrator

Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied

There is no need to paste the information anywhere, FRST64 will do it for you
Code:
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-3646596974-955512312-3129206487-1001 -> DefaultScope {475A399D-1A63-407C-BAA2-162C53BC9214} URL =
SearchScopes: HKU\S-1-5-21-3646596974-955512312-3129206487-1001 -> {475A399D-1A63-407C-BAA2-162C53BC9214} URL =
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION 
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [136] 
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
cmd: del /s /q C:\Firewall.reg
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
cmd: del C:\Windows\prefetch\*.* /q
Emptytemp:
End::
Click Fix

When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.

Note: The Emptytemp: command will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.

===================================================

Farbar Recovery Scan Tool SearchAll

--------------------

Right click on FRST and select Run as administrator

Copy/paste the following in the Search: box
Code:
SearchAll: SweetLabs;"App Explorer"
Click Search Files button

When completed click OK and a Search.txt document will open on your desktop

Copy and paste or attach the report in your reply. If the file is too large please zip and upload the file to GoFile, WeTransfer, or the file hosting site of your choice and post the download link in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

Fixlog

Search.txt

mark59 · Jan 5, 2024

I'm pleased to hear there is no malware. Thank you for this advice. I just want to check before I do the first task you recommend with Revo. I already have Revo Uninstaller on the computer. Should I use that or do you prefer I still downlaod and use Revo Uninstaller Free Portable?

Oh My! · Jan 5, 2024

Use the one you have already.

mark59 · Jan 5, 2024

I used Revo Uninstaller to uninstall App Explorer. The uninstaller was not found. I continued with Revo, used the Advanced option and selected all files and deleted them. I rebooted the computer. As the uninstaller didn’t run I hope I did the right thing. I hope the next two posts will have the Fixlog and Search pasted. If not I’ll try and attach the files; otherwise, I’ll zip them and send them to a file hosting site and give you the download link.

mark59 · Jan 5, 2024

Fix result of Farbar Recovery Scan Tool (x64) Version: 05.01.2024 01
Ran by markc (05-01-2024 20:22:28) Run:1
Running from C:\Users\markc\Desktop
Loaded Profiles: markc & Craig & Jessica
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-3646596974-955512312-3129206487-1001 -> DefaultScope {475A399D-1A63-407C-BAA2-162C53BC9214} URL =
SearchScopes: HKU\S-1-5-21-3646596974-955512312-3129206487-1001 -> {475A399D-1A63-407C-BAA2-162C53BC9214} URL =
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [136]
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
cmd: del /s /q C:\Firewall.reg
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
cmd: del C:\Windows\prefetch\*.* /q
Emptytemp:
End::
*****************

SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-3646596974-955512312-3129206487-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-3646596974-955512312-3129206487-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{475A399D-1A63-407C-BAA2-162C53BC9214} => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => could not remove, key could be protected
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => removed successfully
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ip reset resetlog.txt =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg =========

The operation completed successfully.

========= End of Reg: =========

========= del /s /q C:\Firewall.reg =========

Deleted file - C:\Firewall.reg

========= End of CMD: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

{A42ADC7B-749A-445A-8F82-9D838E79AA96} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3646596974-955512312-3129206487-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3646596974-955512312-3129206487-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3646596974-955512312-3129206487-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3646596974-955512312-3129206487-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3646596974-955512312-3129206487-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3646596974-955512312-3129206487-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully

========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= sfc /scannow =========

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.

Verification 0% complete.
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.

Windows Resource Protection found corrupt files and successfully repaired them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
repairs, details are included in the log file provided by the /OFFLOGFILE flag.

========= End of CMD: =========

========= DISM /Online /Cleanup-Image /CheckHealth =========

Deployment Image Servicing and Management tool
Version: 10.0.22621.2792

Image Version: 10.0.22631.2861

No component store corruption detected.
The operation completed successfully.

========= End of CMD: =========

========= del C:\Windows\prefetch\*.* /q =========

0

========= End of CMD: =========

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9545073 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 1849652 B
Edge => 0 B
Firefox => 42624940 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 1170 B
markc => 168634737 B
Craig => 219782641 B
Jessica => 244860243 B

RecycleBin => 12822 B
EmptyTemp: => 655.5 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 05-01-2024 20:46:06)

Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully

==== End of Fixlog 20:46:06 ====

mark59 · Jan 5, 2024

Farbar Recovery Scan Tool (x64) Version: 05.01.2024 01
Ran by markc (05-01-2024 20:50:57)
Running from C:\Users\markc\Desktop
Boot Mode: Normal

================== Search Files: "SearchAll: SweetLabs;"App Explorer"" =============

File:
========

folder:
========

Registry:
========

===================== Search result for "SweetLabs" ==========

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service]
"Publisher"="SweetLabs"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service]
"Publisher"="SweetLabs"

===================== Search result for ""App Explorer"" ==========

====== End of Search ======

Oh My! · Jan 5, 2024

You did it perfectly.

Now run these please.

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST64 icon and select Run as administrator

Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied

There is no need to paste the information anywhere, FRST64 will do it for you
Code:
Start::
DeleteKey: HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
End::
Click Fix

When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

ESET Online Scanner

--------------------

Note: You can expect this process to take a long time, up to several hours or more.

Download ESET Free Online Scanner and save it to your Desktop

Right click on esetonlinescanner_enu.exe and select Run as administrator

NOTE: If the program immediately crashes rename esetonlinescanner_enu.exe to ESET.exe and attempt it again

Click Computer Scan

Click Full scan

Select Enable ESET to detect and quarantine potentially unwanted applications

Click Start scan

Once completed click View detailed results

Review the list of detected items for things you don't want to remove (sometimes Potentially Unwanted Applications)

If there entries you would like to keep click Restore cleaned files

Place a check mark in each entry you would like to restore then click Restore files then confirm the action

Click Finish

Save scan log and save it to your Desktop as ESETScan.txt

Click Continue then finally click Close

Copy and paste the ESETScan.txt file contents in your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

Fixlog

ESET report

mark59 · Jan 5, 2024

Thank you!

If there is no urgency I think it might be Sunday when I do these.

It's 10.20 p.m. Friday so I don't want to start a scan that will take hours.

I'm not at home tomorrow until late afternoon/early evening. I'm sure every computer will run the ESET scan at a different time but is there the possibility of an estimate, please? If I start it when I come in tomorrow and it's not going to go on until the early hours of Sunday morning I can do it tomorrow evening.

Oh My! · Jan 5, 2024

There is absolutely no rush. To be honest I don't even think it is necessary to run ESET. If you want to just run the Fixlist that is fine.

mark59 · Jan 6, 2024

I've run the Fixlist and paste it in the next post.

If you think it needs doing, I'm happy to run ESET but it'll be tomorrow.

mark59 · Jan 6, 2024

Fix result of Farbar Recovery Scan Tool (x64) Version: 05.01.2024 01
Ran by markc (06-01-2024 16:16:25) Run:2
Running from C:\Users\markc\Desktop
Loaded Profiles: markc
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
DeleteKey: HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
End::
*****************

HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service => removed successfully

==== End of Fixlog 16:16:25 ====

Oh My! · Jan 6, 2024

Excellent.

Let's run ESET whenever it is convenient for you. How long it takes varies depending on how much there is to scan on the computer.

mark59 · Jan 7, 2024

I ran ESET.

It only took 2.25 h on this machine.

It detected something.

I don't know whether it was something bad or just a minor annoyance.

The scan results are pasted in my next post.

mark59 · Jan 7, 2024

07/01/2024 14:25:10
Files scanned: 355142
Detected files: 1
Cleaned files: 1
Total scan time 02:16:16
Scan status: Finished
C:\Users\markc\Documents\From_Removable_hard_Drive_09-09-2023\Mark\To-go-on-external-HDD-Mark\Downloads\cispremium_installer.exe a variant of Win32/Yandex.F potentially unwanted application cleaned by deleting

Oh My! · Jan 7, 2024

That detection is of no concern. It is yet another entry related to the old Comodo Internet Security installer.

Things look pretty good now. Are there any remaining questions or concerns you might have before I post some tool/log clean up instructions and other information for you to consider going forward?

mark59 · Jan 7, 2024

Oh My! said: ↑

It is yet another entry related to the old Comodo Internet Security installer
Click to expand...

Are you thinking of my other PC?

This PC has never had Comodo Internet Security on it.

Oh My! said: ↑

Things look pretty good now.
Click to expand...

That's good. Thank you!

Oh My! said: ↑

Are there any remaining questions or concerns you might have before I post some tool/log clean up instructions and other information for you to consider going forward?
Click to expand...

No, nothing I can think of. I await further instructions regarding clean up, etc.

Oh My! · Jan 7, 2024

Greetings.

C:\Users\markc\Documents\From_Removable_hard_Drive_09-09-2023\Mark\To-go-on-external-HDD-Mark\Downloads\cispremium_installer.exe
Click to expand...

Comodo may never have been installed but the installation file was present.

Here is our final step and some additional information to consider.

===================================================

KpRm by Kernel-panik

--------------

Download KpRm and save it to your Desktop (see here if you must use Chrome)

Note: If the file is detected as malware it is not and it is safe to download. The detection is a false positive.

Right click on the icon and select Run as administrator

Click Yes on the Disclaimer

Place a check mark in Delete Tools, Create Restore Point, and Delete in 7 days

Click Run

Click OK on All operations are completed

KpRm will delete itself from you Desktop and you can either save or remove the report that is generated

You are free to remove any other tools/reports still remaining

===================================================

All Clean!

--------------

Your computer is now clean. Please consider this going forward.

===================================================

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean.

Have you Been Hacked? 10 Indicators That Say Yes

So How did I get infected?

How to Spot the Real Download Button on Websites

Pirated Software is All Fun and Games Until Your Data is Stolen

Do You Need Anti-Ransomware Software for Your PC?
How Browser Extensions Turn Into Malware

Why You Should Update All Your Software

How Safe Are Password Managers?

Whats the Best Way to Back Up My Computer?

Why Is My Internet So Slow?

Thank you for placing your trust in Major Geeks. It was a pleasure serving you.

mark59 · Jan 7, 2024

Oh My! said: ↑

All Clean!

--------------

Your computer is now clean.
Click to expand...

Thank you so very much for your help. I appreciate it.

Oh My! · Jan 7, 2024

My pleasure, you are always welcome here.

Gary

mark59 · Jan 7, 2024

Thanks, Gary.

I’m always happy to learn how to make my computing experience safer. However, all those links you provide and in their turn they contain many links. That’s one heck of a lot of reading.

Are there any more straightforward sources of advice for someone like me who still finds the biro a novel idea?

Mark

Oh My! · Jan 7, 2024

Keep your antivirus definitions, Windows Operating System, and programs up to date. Be conservative in your computer habits, especially when clicking on links, downloading, or executing files you are not sure come from trusted sources. Common sense and listening to your gut goes a long way.

mark59 · Jan 8, 2024

Thank you for that summary.

I use Defender for live protection. I update it daily.

I use Malwarebytes (MB) and SUPERAntiSpyware (SAS) to scan anything I download and update them daily.

I check for updates daily on my browser (Firefox).

I try to be careful about what I do.

I don’t know if this helps but when I’ve logged onto somewhere secure, e.g. my internet banking, I also clear data and history in Firefox and then run two cleaning utilities: CCleaner and Glary Utilities.

If I’m downloading software or updates I always try to get them off MajorGeeks. Anything I download I put it on my desktop and scan it for malware with Defender, MB and SAS before I open it or run it.

I suppose the two things I could be criticised for are the following. I don’t generally back up and have never really worked out how to do it. Secondly, I don’t think I have everything securely saved so that I could recover from a ransomware attack. It’s not the reason I haven’t done anything but I suspect I’m at a much lower risk from a ransomware attack than an organisation. They could only do it to me out of pure malice. I couldn’t afford to pay a ransom.

Oh My! · Jan 8, 2024

Your computer habits are outstanding, except for the backups. If you want to consider that and receive some help let me know.

No matter what program you use, I would recommend against utilizing any registry cleaning portions of the software since something going wrong could be catastrophic.

You are at lesser risk of Ransomware because of your security routine. There is as Ransomware/Controlled folder access component within Microsoft Defender. If you have not reviewed that, you might want to take a look at it.

mark59 · Jan 9, 2024

Thank you!

I'll be asking in a few days about learning how to back up. Snowed under with work at the moment.

mark59 · Jan 9, 2024

I meant to say in my last post that I never mess with the registry. In the past I did because I'm a bit obsessed with trying to keep a PC "clean". I've learnt there's no point to cleaning the registry as any space gained is so small as to make it pointless. Secondly, defragmenting the registry makes no differece to a PC's performance.

I know how vital the registry is and I leave it well alone.

Oh My! · Jan 9, 2024

No rush, when you are ready.

mark59 · Jan 14, 2024

I would like guidance please on backing up. Please take into account my IT illiteracy and make them simple, thanks!

Oh My! · Jan 14, 2024

There are a couple of types of backups. You can image your system which takes a sort of picture of your hard drive. If necessary, you could return your computer to the exact state it was when the image was taken. The second type of backup is to make copies of your important data like pictures, music, documents, etc.

Do you have an external hard drive to use for backing things up?

mark59 · Jan 15, 2024

Oh My! said: ↑

There are a couple of types of backups. You can image your system which takes a sort of picture of your hard drive. If necessary, you could return your computer to the exact state it was when the image was taken. The second type of backup is to make copies of your important data like pictures, music, documents, etc.

Do you have an external hard drive to use for backing things up?
Click to expand...

Yes, I do have an external hard drive.

Which would you recommend on the basis of being most likely to restore your system after an issue?

It sounds to me that it may be imaging the system. With the latter option I'm guessing you'd have to put copies of data such as pictures, etc. back on the affected computer individually.

What would be the most useful method for a computer dunce?

I've decided to do something about my lack of digital literacy. Yesterday, Amazon delivered Digital Literacy for Dummies. I know it's not going to make me the next Steve Jobs or Bill Gates but it's a start.

Oh My! · Jan 15, 2024

Understanding some of the basics of computers helps. Still, you might expect to be confused and overwhelmed but know that is normal. You just chip away at things and be consistent in doing so.

If you simply want to create a backup for a catastrophic event like a Ransomware attack I would recommend a complete backup. All of your important data along with the state of your entire system would be saved but the image file created by the backup is harder to access.

If you want to be able to easily access your data files like you would on your computer, except it is on the external drive, then identifying and backing up important files is the way to go. Takes a little more time sorting through your computer to figure out what you want to save.

Please attach the external drive to your computer then run this. We need to see if the full backup is an option.

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST64 icon and select Run as administrator

Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied

There is no need to paste the information anywhere, FRST64 will do it for you
Code:
Start::
Powershell: get-volume
Powershell: Get-Disk
End::
Click Fix

When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

Fixlog

mark59 · Jan 16, 2024

I have run the FRST64 scan as requested. I paste the log in my next post.

mark59 · Jan 16, 2024

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.01.2024
Ran by markc (16-01-2024 15:08:02) Run:1
Running from C:\Users\markc\Desktop
Loaded Profiles: markc
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
Powershell: get-volume
Powershell: Get-Disk
End::
*****************

========= get-volume =========

DriveLetter FriendlyName FileSystemType DriveType HealthStatus OperationalStatus SizeRemaining Size
----------- ------------ -------------- --------- ------------ ----------------- ------------- ----
D DATA NTFS Fixed Healthy OK 464.97 GB 465.12 GB
Recovery NTFS Fixed Healthy OK 326.79 MB 1024 MB
C Acer NTFS Fixed Healthy OK 263.64 GB 465.12 GB
ESP FAT32 Fixed Healthy OK 200.29 MB 256 MB
E TOSHIBA EXT NTFS Fixed Healthy OK 929.66 GB 931.51 GB

========= End of Powershell: =========

========= Get-Disk =========

Number Friendly Name Serial Number HealthStatus OperationalStatus Total Size Partition
Style
------ ------------- ------------- ------------ ----------------- ---------- ----------
0 WDC WD10EZ... WCC6Y7KKKNPZ Healthy Online 931.51 GB GPT
1 TOSHIBA Ex... 20160421015305F Healthy Online 931.51 GB MBR

========= End of Powershell: =========

==== End of Fixlog 15:08:18 ====

Oh My! · Jan 16, 2024

Usually you want your external drive to have enough available free space to handle the size of what is being imaged. I am not 100% sure your current setup will handle it. Your hard drives are equal sizes.

We can go through the process to try it if you'd like and see what happens. Or we can go back to the copying important files only. What would be your preference?

mark59 · Jan 17, 2024

I think based on the facts that doing a recovery from an image can be difficult and that my external hard drive is of insufficient size, it would be preferable to copy the important files only.

Oh My! · Jan 17, 2024

I agree but I didn't want to inflict that on you. Might be a little more legwork, far less complicated than going the image route, and the backup will only contain what you really want.

Let me know how things go.

mark59 · Jan 18, 2024

Is there anything in Windows or some software that would do this for me? Do I simply choose what I wouldn't want to lose and copy it to the external hard drive?

If something happened to my PC what would I have to do if say Windows wouldn't work and so my PC wouldn't function?

Oh My! · Jan 18, 2024

Do you use OneDrive? If so, see here.

If for some reason the computer didn't work there are ways to access the data files, as long as the drive is readable. You simply think of it like an external drive. You would need a USB adapter. Once connected you then access the drive just like you would a USB thumb drive.

mark59 · Jan 20, 2024

I haven't had the opportunity to visit those links will I will be doing so.

I haven't used OneDrive because I've never heard of it.

Oh My! · Jan 20, 2024

I asked about OneDrive because Windows has a Backup function but it uploads the backup to OneDrive, if you have it.

In order to backup data files it will be necessary to identify the files you want to backup. Certain folders like Documents, Photos, and Music are pretty straightforward but there may be other areas where you have saved information. You will have to review the various folders using Windows Explorer to find things you want to back up. For instance, if I wanted to save my Quicken account information I would have to locate where it is located and save a backup copy.

Oh My! · Jan 30, 2024

How are we doing?

mark59 · Jan 30, 2024

I haven't started yet. I've simply not had the time although I know it's really important to do this.

Oh My! · Jan 30, 2024

No problem on my end. If you want to continue on at some point simply post back.

TimW · Feb 15, 2024

Chrish Harrison said: ↑

Based on the SUPERAntiSpyware scan log provided, here's a summary:

Scan Date and Time: January 4, 2024, at 02:37 PM

Application Version: 10.0.1260

Database Version: 17932

Scan Type: Complete Scan

Total Scan Time: 00:46:20

Operating System Information:

Windows 10 Home 64-bit (Build 10.00.22631)

UAC On - Administrator

Scan Results:

Memory items scanned: 1369, no detections

Registry items scanned: 47688, no detections

File items scanned: 101481

Adware.Tracking Cookie Detected: 36 instances found in various locations such as:

.adnxs.com

.amazon-adsystem.com

.googleadservices.com

.mgid.com

.roblox.com

.scorecardresearch.com

.tealiumiq.com

etc.

The scan detected several tracking cookies associated with different websites in the user's Microsoft Edge and Mozilla Firefox profiles, as well as Internet Explorer's DOMStore. Additionally, some instances were found in specific directories related to a user named "MARKC" and an application named "RANDOMSALADGAMESLLC.SIMPLESOLITAIRE_KX24DQMAZQK8J."

Based on the SUPERAntiSpyware scan log you provided, it seems that your system has detected several tracking cookies. Tracking cookies are not typically harmful on their own, but they can potentially compromise your privacy by collecting information about your browsing habits.

Here are some steps you can take to address this issue:

Clear Cookies: You can manually clear cookies from your web browsers. Each browser has its own method for clearing cookies. Here's how to do it in some popular browsers:

Google Chrome: Go to Settings > Privacy and security > Clear browsing data.

Mozilla Firefox: Go to Options > Privacy & Security > Cookies and Site Data > Clear Data.

Microsoft Edge: Go to Settings > Privacy, Search, and Services > Clear browsing data.

Use Browser Extensions: Consider installing browser extensions that help manage and block tracking cookies, such as Privacy Badger, uBlock Origin, or Ghostery.

Regular Scans: Perform regular scans with reputable anti-malware and anti-spyware software like SUPERAntiSpyware to detect and remove any potentially harmful cookies or other threats.

Safe Browsing Practices: Be cautious about the websites you visit and the links you click on. Avoid clicking on suspicious ads or pop-ups.

Update Software: Keep your operating system, web browsers, and security software up to date to ensure you have the latest security patches and protection against vulnerabilities.

Consider Privacy Settings: Review the privacy settings in your web browsers and adjust them to your preference. You can often customize how cookies and other tracking technologies are handled.

By following these steps, you can help protect your privacy and reduce the risk of tracking cookies compromising your online activities.
Click to expand...

Unless you are an approved malwares fighter, which you aren't....please stay out of this forum. I will ban you if you continue posting in the specialist forum.

Log in or Sign up

Potential Malware Issue Detected By Superantispyware

mark59 MajorGeek

Attached Files:

SUPERAntiSpyware Scan Log - 01-04-2024 - 14-37-05.log

mark59 MajorGeek

mark59 MajorGeek

Oh My! Malware Expert Staff Member

mark59 MajorGeek

Oh My! Malware Expert Staff Member

mark59 MajorGeek

Oh My! Malware Expert Staff Member

mark59 MajorGeek

mark59 MajorGeek

mark59 MajorGeek

Oh My! Malware Expert Staff Member

mark59 MajorGeek

Oh My! Malware Expert Staff Member

mark59 MajorGeek

mark59 MajorGeek

Oh My! Malware Expert Staff Member

mark59 MajorGeek

mark59 MajorGeek

Oh My! Malware Expert Staff Member

mark59 MajorGeek

Oh My! Malware Expert Staff Member

mark59 MajorGeek

Oh My! Malware Expert Staff Member

mark59 MajorGeek

Oh My! Malware Expert Staff Member

mark59 MajorGeek

Oh My! Malware Expert Staff Member

mark59 MajorGeek

mark59 MajorGeek

Oh My! Malware Expert Staff Member

mark59 MajorGeek

Oh My! Malware Expert Staff Member

mark59 MajorGeek

Oh My! Malware Expert Staff Member

mark59 MajorGeek

mark59 MajorGeek

Oh My! Malware Expert Staff Member

mark59 MajorGeek

Oh My! Malware Expert Staff Member

mark59 MajorGeek

Oh My! Malware Expert Staff Member

mark59 MajorGeek

Oh My! Malware Expert Staff Member

Oh My! Malware Expert Staff Member

mark59 MajorGeek

Oh My! Malware Expert Staff Member

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member