Mgtools Issues

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by ManWarBear, Mar 16, 2023.

  1. ManWarBear

    ManWarBear Private First Class

    Today I was going through the malware removal/cleaning procedure and all the scans came back clean, until I got to MGtools. When I tried to put MGtools in the c: folder it wouldn't allow me to, even though I'm logged on with an Administrator Account. So, I put it on my desktop and tried to run it from there and I got the following error.

    64 bit Windows OS found
    The operation completed successfully.
    '"C:\Users\(My user name here)"' is not recognized as an internal or external command,
    operable program or batch file.

    At that point the program just hangs. I used tweaking.com - windows repair, thinking that it might fix the issue but that didn't work.

    I appreciate any help you could offer.
     
  2. ManWarBear

    ManWarBear Private First Class

    I did do an Adwcleaner scan but I forgot to put it here so I did a fresh scan, just in case. My apologies.
     

    Attached Files:

  3. Oh My!

    Oh My! Malware Expert Staff Member

    Greetings.

    In going through prior posts I see you never received a reply. We greatly apologize for that. Are you still in need of assistance?
     
  4. ManWarBear

    ManWarBear Private First Class

    Yes. I've been procrastinating for a while. I did fresh scans of everything but MGtools won't run. It stops at this message.

    64 bit Windows OS found
    The operation completed successfully.
    '"C:\Users\Micheal"' is not recognized as an internal or external command,
    operable program or batch file.
     

    Attached Files:

  5. ManWarBear

    ManWarBear Private First Class

    Yesterday, malwarebytes detected zamguard64.sys but I can't find that log file.
     
  6. Oh My!

    Oh My! Malware Expert Staff Member

    Thank you for the reports. We can hold off on MGtools for now.

    While I review things please do this.

    ===================================================

    Farbar Recovery Scan Tool (FRST)

    --------------------
    • Download Farbar Recover Scan Tool for 64 bit systems and save it to your Desktop. <<< Important
    • If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
    • Right click on the icon and select Run as administrator
    • Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
    • Click Yes to the disclaimer
    • Click Scan and allow the program to run
    • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
    • 2 Notepad documents should now be open on your desktop.
    • Please copy and paste the contents of each report in separate reply windows
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

    • FRST.txt
    • Addition.txt
     
  7. ManWarBear

    ManWarBear Private First Class

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2023
    Ran by Bear (administrator) on DESKTOP-TC8N8O8 (ASUSTeK COMPUTER INC. X555UA) (12-06-2023 04:39:08)
    Running from C:\Users\Micheal\Desktop\FRST64.exe
    Loaded Profiles: Bear
    Platform: Microsoft Windows 10 Home Version 22H2 19045.2965 (X64) Language: English (United States)
    Default browser: Chrome
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
    (C:\Windows\SysWOW64\esif_uf.exe ->) (Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
    (cmd.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPNativeMessage.exe
    (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <17>
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
    (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    (services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (services.exe ->) (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
    (services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
    (services.exe ->) (Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
    (services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe
    (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\NisSrv.exe
    (services.exe ->) (PALTALK, INC. -> AVM Software) C:\Program Files (x86)\Paltalk\update\pt_update_service.exe
    (services.exe ->) (Realtek Semiconductor Corp -> ) C:\Program Files (x86)\Realtek\Realtek Bluetooth Filter ONLY\BTDevMgr.exe
    (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
    (svchost.exe ->) (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646776 2020-03-12] (Oracle America, Inc. -> Oracle Corporation)
    HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
    HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [40454048 2023-05-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
    HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\114.0.5735.110\Installer\chrmstp.exe [2023-06-06] (Google LLC -> Google LLC)
    GroupPolicy-Firefox-x32: Restriction <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {19228F99-48C2-49B3-857D-7EDA2F1D47E2} - System32\Tasks\{05D8B97B-6A15-4813-BDCA-C1E818A7AD6C} => c:\windows\system32\launchwinapp.exe [45056 2023-02-15] (Microsoft Windows -> Microsoft Corporation) -> hxxp://ui.skype.com/ui/0/7.22.0.109/en/go/help.faq.installer?LastError=1618
    Task: {1C556B7E-D6EE-4FA1-A105-DC3CD6AD4F0B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-29] (Google Inc -> Google Inc.)
    Task: {2677A775-FAAE-441B-9893-7D2E01C73379} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16475392 2016-08-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    Task: {79409A1A-11CB-44ED-A320-8DDA26A2103C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1560056 2023-02-01] (Adobe Inc. -> Adobe Inc.)
    Task: {7B41635E-96ED-4118-9B87-C471B6D039BF} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [674720 2023-04-12] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
    Task: {7D0B1275-8226-45CE-B86B-BE2A5FFD2DE9} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-05-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
    Task: {855CB2D2-C750-491A-B1EE-C266B8F5BBEC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [973744 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
    Task: {88B4543F-D0A6-456F-9170-A45451A5A8B7} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [716192 2023-04-12] (Mozilla Corporation -> Mozilla Foundation)
    Task: {90F5F83F-C6A8-4F8E-B238-81492C262074} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1616160 2016-01-19] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
    Task: {93335E62-2C63-4044-81E4-80EFED41ECA6} - System32\Tasks\ASC_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [5444104 2022-12-29] (IObit CO., LTD -> IObit)
    Task: {A1A2CF5C-AD4C-4E29-A2CD-B4E661721960} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {C00291E5-3D9E-4824-AC7F-2FE63ADED98F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {C0073352-E43A-4A49-821C-B0148FDF577A} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-05-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "69039b7a-7093-4678-b284-67127794d33e" --version "6.12.10490" --silent
    Task: {C453B823-9E0A-4BB8-93FB-0BBFA7EE4419} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-29] (Google Inc -> Google Inc.)
    Task: {D04A0E26-4516-4D84-84BE-E313CEB4CC63} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [973744 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
    Task: {D89B2FC1-C588-47EC-B091-4514617D28F9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {D963497B-5AEA-49DB-AE16-F03AA1F4FB31} - System32\Tasks\Opera scheduled Autoupdate 1591797626 => C:\Users\Micheal\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
    Task: {E09FD05D-2278-4E8B-A450-18E7B85790EC} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1429248 2016-08-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    Task: {E129AA8B-AE5A-4CEB-A187-7066E37CE58D} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [18392 2016-03-04] (ASUSTeK Computer Inc. -> AsusTek)
    Task: {E767E58D-65EA-49D9-893E-EF481F3055B8} - System32\Tasks\CCleanerSkipUAC - Bear => C:\Program Files\CCleaner\CCleaner.exe [34264480 2023-05-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
    Task: {ED9CC8D2-6CFE-4B5F-98A2-7B7F0615D3FE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {F50EC2B8-0EFD-40ED-927D-0707878241B7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {FBDFE7B2-2FD7-4ADE-8099-B952226941B1} - System32\Tasks\ASC9_SkipUac_Micheal => E:\ASC (portable)\ASC.exe /SkipUac (No File)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\ASC9_SkipUac_Micheal.job => E:\ASC (portable)\ASC.exe
    Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{1717dab2-7ff3-4fa7-b0ac-886e42e4ff02}: [DhcpNameServer] 209.18.47.62 209.18.47.61
    Tcpip\..\Interfaces\{18083346-9adc-4754-afd3-126e9572e7e8}: [NameServer] 8.8.8.8,8.8.4.4
    Tcpip\..\Interfaces\{18083346-9adc-4754-afd3-126e9572e7e8}: [DhcpNameServer] 192.168.1.1

    Edge:
    =======
    DownloadDir: C:\Users\Micheal\Downloads
    Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
    Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
    Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
    Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
    Edge Profile: C:\Users\Micheal\AppData\Local\Microsoft\Edge\User Data\Default [2023-06-10]
    Edge Extension: (Edge relevant text changes) - C:\Users\Micheal\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-05-26]

    FireFox:
    ========
    FF DefaultProfile: 4zma117h.default-1474483005108
    FF ProfilePath: C:\Users\Micheal\AppData\Roaming\Mozilla\Firefox\Profiles\4zma117h.default-1474483005108 [2023-06-12]
    FF user.js: detected! => C:\Users\Micheal\AppData\Roaming\Mozilla\Firefox\Profiles\4zma117h.default-1474483005108\user.js [2023-03-16]
    FF NetworkProxy: Mozilla\Firefox\Profiles\4zma117h.default-1474483005108 -> no_proxies_on", "hxxps://localhost"
    FF Extension: (AdGuard AdBlocker) - C:\Users\Micheal\AppData\Roaming\Mozilla\Firefox\Profiles\4zma117h.default-1474483005108\Extensions\adguardadblocker@adguard.com.xpi [2022-10-26]
    FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\Micheal\AppData\Roaming\Mozilla\Firefox\Profiles\4zma117h.default-1474483005108\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2022-12-14]
    FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-02-13] (Adobe Inc. -> Adobe Systems Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2020-04-22] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2020-04-22] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-08-28] (Microsoft Corporation -> Microsoft Corporation)

    Chrome:
    =======
    CHR Profile: C:\Users\Micheal\AppData\Local\Google\Chrome\User Data\Default [2023-06-12]
    CHR Extension: (BetterTTV) - C:\Users\Micheal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2023-05-03]
    CHR Extension: (AdGuard AdBlocker) - C:\Users\Micheal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2023-06-07]
    CHR Extension: (WebRTC Leak Shield) - C:\Users\Micheal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppamachkoflopbagkdoflbgfjflfnfl [2022-05-25]
    CHR Extension: (IObit Surfing Protection) - C:\Users\Micheal\AppData\Local\Google\Chrome\User Data\Default\Extensions\imgpenhngnbnmhdkpdfnfhdpmfgmihdn [2023-03-16]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Micheal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01]
    CHR Extension: (uBlock Origin Extra) - C:\Users\Micheal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgdnlhfefecpicbbihgmbmffkjpaplco [2019-09-10]
    CHR Profile: C:\Users\Micheal\AppData\Local\Google\Chrome\User Data\System Profile [2023-06-10]
    CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
    CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

    Opera:
    =======
    OPR Profile: C:\Users\Micheal\AppData\Roaming\Opera Software\Opera Stable [2023-06-10]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-02-01] (Adobe Inc. -> Adobe Inc.)
    R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter ONLY\BTDevMgr.exe [121560 2015-07-20] (Realtek Semiconductor Corp -> )
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3054520 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
    R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
    S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9258016 2023-06-09] (Malwarebytes Inc. -> Malwarebytes)
    R2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1336624 2021-07-14] (PALTALK, INC. -> AVM Software)
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\NisSrv.exe [3228464 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe [133592 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
    S3 Browser; %SystemRoot%\System32\browser.dll [X]

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AscFileControl; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileControl.sys [40920 2022-12-14] (IObit CO., LTD -> IObit)
    S3 AscFileFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [47904 2022-12-14] (IObit CO., LTD -> IObit)
    S3 AscRegistryFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [46552 2022-12-14] (IObit CO., LTD -> IObit)
    S3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [142840 2016-03-04] (ASUSTeK Computer Inc. -> ASUS Corporation)
    R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32696 2020-11-19] (ASUSTek Computer Inc. -> ASUS)
    S3 iobit_monitor_server2021; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [33256 2022-12-14] (IObit CO., LTD -> IObit)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2023-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-10-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
    R3 MpKsl0738fc67; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1260F254-D829-40A2-9624-8E4847ACDC8A}\MpKslDrv.sys [213288 2023-06-11] (Microsoft Windows -> Microsoft Corporation)
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49616 2023-05-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [498984 2023-05-31] (Microsoft Windows -> Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99608 2023-05-31] (Microsoft Windows -> Microsoft Corporation)
    S3 cpuz154; \??\C:\WINDOWS\temp\cpuz154\cpuz154_x64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) (Whitelisted) =========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2023-06-12 04:39 - 2023-06-12 04:40 - 000020362 _____ C:\Users\Micheal\Desktop\FRST.txt
    2023-06-12 04:37 - 2023-06-12 04:40 - 000000000 ____D C:\FRST
    2023-06-12 04:36 - 2023-06-12 04:36 - 002383360 _____ (Farbar) C:\Users\Micheal\Desktop\FRST64.exe
    2023-06-11 14:27 - 2023-06-11 14:27 - 000015204 _____ C:\MGlogs.zip
    2023-06-10 16:44 - 2023-06-11 14:22 - 000000000 ____D C:\Users\Micheal\Desktop\New Scans
    2023-06-10 16:33 - 2023-06-10 16:33 - 008791352 _____ (Malwarebytes) C:\Users\Micheal\Desktop\AdwCleaner.exe
    2023-06-07 17:03 - 2023-06-10 12:26 - 000810999 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
    2023-05-30 07:18 - 2023-05-30 07:18 - 000000000 ____D C:\Users\Micheal\AppData\Local\Malwarebytes
    2023-05-19 05:26 - 2023-05-27 22:50 - 000000760 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
    2023-05-19 05:26 - 2023-05-19 05:26 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
    2023-05-19 05:26 - 2023-05-19 05:26 - 000003472 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2023-06-12 04:23 - 2016-08-26 12:45 - 000000000 ____D C:\Program Files (x86)\Google
    2023-06-12 04:13 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2023-06-12 03:02 - 2020-08-25 02:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2023-06-12 02:31 - 2020-08-25 02:38 - 000004168 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{46CEDF8B-5B38-4E1C-8B90-50078B7100F2}
    2023-06-11 23:04 - 2019-11-27 07:25 - 000000000 ____D C:\Users\Micheal\AppData\LocalLow\Mozilla
    2023-06-11 17:26 - 2023-03-16 15:25 - 000000000 ____D C:\Program Files\CCleaner
    2023-06-11 14:27 - 2023-03-16 23:08 - 000000000 ____D C:\MGtools
    2023-06-10 17:37 - 2021-07-08 15:29 - 000000000 ____D C:\Users\Micheal\AppData\LocalLow\IGDump
    2023-06-10 17:23 - 2016-09-13 06:26 - 000000000 ____D C:\Users\Micheal\AppData\Local\CrashDumps
    2023-06-10 17:05 - 2020-08-25 02:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2023-06-10 17:05 - 2020-08-25 02:06 - 000008192 ___SH C:\DumpStack.log.tmp
    2023-06-10 17:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
    2023-06-10 17:04 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2023-06-10 16:38 - 2021-06-15 16:59 - 000000000 ____D C:\Program Files (x86)\Steam
    2023-06-10 14:23 - 2022-09-30 16:04 - 000001480 _____ C:\Users\Micheal\Desktop\Docs.txt
    2023-06-10 14:18 - 2019-10-06 20:40 - 000000000 ____D C:\Program Files (x86)\ZamTalk
    2023-06-10 14:09 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
    2023-06-10 14:09 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
    2023-06-10 12:26 - 2016-04-28 21:10 - 000000000 ____D C:\ProgramData\Realtek
    2023-06-10 11:08 - 2020-06-23 01:04 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2023-06-10 11:08 - 2020-06-23 01:04 - 000002285 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
    2023-06-07 12:52 - 2017-11-20 14:19 - 000000000 ____D C:\Users\Micheal\AppData\Local\Packages
    2023-06-06 02:17 - 2018-11-29 18:37 - 000002310 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2023-06-06 02:17 - 2018-11-29 18:37 - 000002269 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2023-06-06 02:16 - 2021-12-19 06:05 - 000000000 ____D C:\WINDOWS\SystemTemp
    2023-05-31 16:23 - 2018-05-24 14:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2023-05-30 08:00 - 2020-08-25 02:20 - 000742724 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2023-05-30 08:00 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
    2023-05-30 07:17 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
    2023-05-27 23:35 - 2023-04-12 09:15 - 000003428 _____ C:\WINDOWS\SysWOW64\pubfreeware.ini
    2023-05-27 22:52 - 2023-03-16 21:30 - 000000000 ____D C:\ProgramData\ProductData
    2023-05-19 04:15 - 2016-08-28 08:46 - 000000000 ____D C:\Program Files\Microsoft Office 15
    2023-05-18 07:08 - 2021-04-28 06:41 - 000000478 _____ C:\Users\Micheal\Desktop\RD.txt
    2023-05-17 16:18 - 2020-08-25 02:38 - 000003714 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
    2023-05-17 16:18 - 2020-08-25 02:38 - 000003590 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
    2023-05-13 04:34 - 2020-08-25 02:38 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
    2023-05-13 04:34 - 2020-08-25 02:38 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

    ==================== Files in the root of some directories ========

    2021-04-13 07:34 - 2021-04-13 07:34 - 000361355 _____ () C:\Users\Micheal\AppData\Local\ars.cache
    2021-04-13 07:38 - 2021-04-13 07:38 - 001058717 _____ () C:\Users\Micheal\AppData\Local\census.cache
    2019-07-31 06:07 - 2019-07-31 06:07 - 000006144 _____ () C:\Users\Micheal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2016-08-26 11:06 - 2016-08-26 11:06 - 000000036 _____ () C:\Users\Micheal\AppData\Local\housecall.guid.cache
    2023-01-17 16:59 - 2023-01-17 16:59 - 000000840 _____ () C:\Users\Micheal\AppData\Local\recently-used.xbel
    2016-08-28 09:01 - 2021-04-13 06:40 - 000000010 _____ () C:\Users\Micheal\AppData\Local\sponge.last.runtime.cache
    2017-01-11 21:03 - 2018-07-24 20:40 - 000002429 _____ () C:\Users\Micheal\AppData\Local\Temptoast_image.png

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================
     
  8. ManWarBear

    ManWarBear Private First Class

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2023
    Ran by Bear (12-06-2023 04:41:54)
    Running from C:\Users\Micheal\Desktop
    Microsoft Windows 10 Home Version 22H2 19045.2965 (X64) (2020-08-25 06:39:29)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================


    (If an entry is included in the fixlist, it will be removed.)

    Administrator (S-1-5-21-745247706-1955576132-408695703-500 - Administrator - Disabled)
    Bear (S-1-5-21-745247706-1955576132-408695703-1001 - Administrator - Enabled) => C:\Users\Micheal
    DefaultAccount (S-1-5-21-745247706-1955576132-408695703-503 - Limited - Disabled)
    Guest (S-1-5-21-745247706-1955576132-408695703-501 - Limited - Disabled)
    WDAGUtilityAccount (S-1-5-21-745247706-1955576132-408695703-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avira Antivirus (Enabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Avira Security (Disabled) {71EC0A3F-391C-0E33-A103-0C8A6DF0EBF0}
    FW: Avira Security (Enabled) {4EFB3EBA-D5BC-D311-F570-D3065B48D523}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 22.003.20322 - Adobe)
    Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601042}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
    Advanced SystemCare (HKLM-x32\...\Advanced SystemCare_is1) (Version: 16.3.0 - IObit)
    ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.13 - ASUS)
    AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.93 - ICEpower a/s)
    CCleaner (HKLM\...\CCleaner) (Version: 6.12 - Piriform)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.3 - ASUSTek Computer Inc.)
    GIMP 2.10.6 (HKLM\...\GIMP-2_is1) (Version: 2.10.6 - The GIMP Team)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 114.0.5735.110 - Google LLC)
    Intel(R) Chipset Device Software (HKLM\...\{8E2CA9DC-9975-468F-90CF-C740109DD2B8}) (Version: 10.1.1.11 - Intel Corporation) Hidden
    Intel(R) Chipset Device Software (HKLM-x32\...\{a2d9fda8-65eb-4c06-81ef-31e0a4daa335}) (Version: 10.1.1.11 - Intel(R) Corporation) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{5BD7E621-9791-4D9F-A620-1BA51153B749}) (Version: 1.0.0.0 - Intel Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{A53B7EAB-86BD-4F16-8C44-011B1376326A}) (Version: 11.0.0.1162 - Intel Corporation) Hidden
    Intel(R) ME UninstallLegacy (HKLM\...\{555B1C57-E71B-4775-BC1D-627EEF693F0D}) (Version: 1.0.1.0 - Intel Corporation) Hidden
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
    Intel(R) Serial IO (HKLM\...\{30E935B2-0DAC-455E-AC76-3C8504DC3D18}) (Version: 30.100.1519.07 - Intel Corporation) Hidden
    Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
    IntelĀ® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
    IntelĀ® Trusted Connect Service Client (HKLM\...\{7D84E343-A23D-451C-B123-0195B2D903A6}) (Version: 1.42.17.0 - Intel Corporation) Hidden
    Java 8 Update 251 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180251F0}) (Version: 8.0.2510.8 - Oracle Corporation)
    Malwarebytes version 4.5.30.269 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.30.269 - Malwarebytes)
    Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 114.0.1823.43 - Microsoft Corporation)
    Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 114.0.1823.43 - Microsoft Corporation)
    Microsoft Expression Encoder 4 (HKLM-x32\...\{3F5C2BF3-D8B6-4205-A2AD-BCB0A1E360A4}) (Version: 4.0.4276.0 - Microsoft Corporation) Hidden
    Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.4276.0) (Version: 4.0.4276.0 - Microsoft Corporation)
    Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{64C12304-7010-43F3-A25B-BDC38DE41E46}) (Version: 4.0.4276.0 - Microsoft Corporation)
    Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
    Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.5553.1000 - Microsoft Corporation)
    Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24212 (HKLM\...\{F20396E5-D84E-3505-A7A8-7358F0155F6C}) (Version: 14.0.24212 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24212 (HKLM\...\{FAAD7243-0141-3987-AA2F-E56B20F80E41}) (Version: 14.0.24212 - Microsoft Corporation) Hidden
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 110.0 (x64 en-US)) (Version: 110.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 110.0.0.8445 - Mozilla)
    Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5553.1000 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5553.1000 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5553.1000 - Microsoft Corporation) Hidden
    Paltalk (HKLM-x32\...\Paltalk) (Version: - )
    REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.875.080715 - REALTEK Semiconductor Corp.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7829 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0273 - REALTEK Semiconductor Corp.)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
    Windows Driver Package - ASUS (AsusSGDrv) Mouse (02/24/2016 8.0.0.24) (HKLM\...\4003FCA0E5D128F597B233998B64B6631C2ED623) (Version: 02/24/2016 8.0.0.24 - ASUS)
    Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.1.0 - ASUS)
    WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)

    Packages:
    =========
    AE Mysteries -> C:\Program Files\WindowsApps\TiltingPoint.AdventureEscapeMysteries_24.6.1.0_x64__85kh3h6wfjavg [2023-06-10] (Tilting Point)
    Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.244.400.0_x64__kgqvnymyfvs32 [2023-06-06] (king.com)
    Grand Theft Auto: iFruit -> C:\Program Files\WindowsApps\RockstarGames.GrandTheftAutoiFruit_1.11.23.3_x86__3t068xe29zjvp [2023-03-16] (Rockstar Games)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2023-03-16] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2023-03-16] (Microsoft Corporation) [MS Ad]
    Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2023-03-16] (MAGIX)
    MyASUS-Service Center -> C:\Program Files\WindowsApps\B9ECED6F.MyASUS_3.3.11.0_x86__qmba6cd70vzyy [2023-03-16] (ASUSTeK COMPUTER INC.) [Startup Task]
    Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2023-03-16] (Netflix, Inc.)
    Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-03-19] (Microsoft Studios) [MS Ad]
    TripAdvisor Hotels Flights Restaurants -> C:\Program Files\WindowsApps\TripAdvisorLLC.TripAdvisorHotelsFlightsRestaurants_1.5.10.0_x64__qj0v5chwq8f2g [2023-03-16] (TripAdvisor LLC)
    Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2023-03-16] (Twitter Inc.)
    Ultra Blu-ray Player Supports DVD -> C:\Program Files\WindowsApps\D5BE6627.UltraBlu-rayPlayerSupportsDVD_2.0.9.0_x86__9pm2v9747qaaa [2023-03-16] (CompuClever Systems Inc.)
    WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.851.1712.0_x64__8wekyb3d8bbwe [2023-06-07] (Microsoft Corporation)
    WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.851.1712.0_x86__8wekyb3d8bbwe [2023-06-07] (Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
    ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2022-12-14] (IObit CO., LTD -> IObit)
    ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => -> No File
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2022-12-14] (IObit CO., LTD -> IObit)
    ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
    ContextMenuHandlers3: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2022-12-14] (IObit CO., LTD -> IObit)
    ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-05] (Malwarebytes Inc. -> Malwarebytes)
    ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2022-12-14] (IObit CO., LTD -> IObit)
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxDTCM.dll [2016-11-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-05] (Malwarebytes Inc. -> Malwarebytes)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)

    ==================== Codecs (Whitelisted) ====================

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\Micheal\Desktop\RenHosts - Shortcut.lnk -> C:\Users\Micheal\Desktop\hosts\Hoschtzs\RenHosts.bat ()
    ShortcutWithArgument: C:\Users\Micheal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

    ==================== Loaded Modules (Whitelisted) =============

    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer (Whitelisted) ==========

    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-745247706-1955576132-408695703-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    SearchScopes: HKU\S-1-5-21-745247706-1955576132-408695703-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2022-01-21] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\ssv.dll [2020-04-22] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2022-12-14] (IObit CO., LTD -> IObit)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\jp2ssv.dll [2020-04-22] (Oracle America, Inc. -> Oracle Corporation)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation -> Microsoft Corporation)
    Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No File

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\trendmicro.com -> hxxps://pwm.trendmicro.com
    IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\008k.com -> 008k.com
    IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\00hq.com -> 00hq.com
    IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\0190-dialers.com -> 0190-dialers.com
    IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\01i.info -> 01i.info
    IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
    IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\05p.com -> 05p.com
    IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
    IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
    IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
    IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\0calories.net -> 0calories.net
    IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\0cj.net -> 0cj.net
    IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\0scan.com -> 0scan.com
    IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
    IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\1-se.com -> 1-se.com
    IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\1001movie.com -> 1001movie.com
    IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\1001night.biz -> 1001night.biz
    IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\100gal.net -> 100gal.net
    IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\100sexlinks.com -> 100sexlinks.com

    There are 4746 more sites.


    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2023-03-16 20:22 - 2023-03-16 20:22 - 000000855 _____ C:\WINDOWS\system32\drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
    HKU\S-1-5-21-745247706-1955576132-408695703-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Micheal\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    DNS Servers: 8.8.8.8 - 8.8.4.4
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\StartupApproved\StartupFolder: => "PalTalk.lnk"
    HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\StartupApproved\Run: => "Skype"
    HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{DC02E3D6-D80E-4C69-88E8-938466D92F3F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{9A6AD164-D55D-4187-92C9-8612C01AAA23}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{7166B278-8D07-4637-A296-F2A807FF20E1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{65C09E58-A2BE-4299-BD89-C22049025FD3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{A06F70D9-6D7C-4978-B0DD-A347AE2EDF03}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{65D306B8-0D79-4302-9AC9-D26FE99BE419}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{531ADBFA-F3FC-4B6F-ACDE-0549E72ED96E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
    FirewallRules: [{BA0BDF30-9AC7-490D-B449-3BC5460D208A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
    FirewallRules: [{1828AFDD-3D25-4F6A-A34D-4C69B11A23CD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
    FirewallRules: [{E9CDF45F-7DBB-42BE-B58F-0710DD659726}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
    FirewallRules: [TCP Query User{DD98B128-43E5-412B-A645-1381DA560B0B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [UDP Query User{02E86640-E8DF-454F-AD83-145EA0584A2F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{1D018F01-9822-40A9-B5DB-F507D5E18F0C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [{81E34A42-A829-4BCF-854E-8C363F89C200}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.43\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

    ==================== Restore Points =========================

    01-06-2023 02:09:36 Scheduled Checkpoint
    10-06-2023 14:58:31 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices ============

    Name: Slimtype DVD A DA8A6SH
    Description: CD-ROM Drive
    Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Standard CD-ROM drives)
    Service: cdrom
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: I2C HID Device
    Description: I2C HID Device
    Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
    Manufacturer: Microsoft
    Service: hidi2c
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (06/10/2023 05:22:39 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Acrobat.exe, version: 22.3.20322.0, time stamp: 0x63eabedb
    Faulting module name: ntdll.dll, version: 10.0.19041.2788, time stamp: 0x2f715b17
    Exception code: 0xc0000005
    Fault offset: 0x0000000000063526
    Faulting process id: 0x908
    Faulting application start time: 0x01d99be163e380a5
    Faulting application path: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report Id: 11491205-74a7-4407-b020-e155333a2a3a
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (06/10/2023 05:06:09 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
    Description: Could not get performance counter registry info for WSearchIdxPi for instance due to the following error: The operation completed successfully. 0x0.

    Error: (06/10/2023 05:06:07 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
    Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

    Context: Application, SystemIndex Catalog

    Error: (06/10/2023 05:06:05 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
    Description: Performance monitoring cannot be initialized for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

    Error: (06/10/2023 05:04:45 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
    .

    Error: (06/10/2023 05:04:45 PM) (Source: VSS) (EventID: 13) (User: )
    Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
    ]

    Error: (06/10/2023 05:04:45 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
    .

    Error: (06/10/2023 05:04:45 PM) (Source: VSS) (EventID: 13) (User: )
    Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
    ]


    System errors:
    =============
    Error: (06/11/2023 08:39:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Intel(R) Content Protection HECI Service service terminated with the following error:
    %%2147942833 = A device which does not exist was specified.

    Error: (06/11/2023 07:04:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Browser service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (06/11/2023 07:04:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Browser service to connect.

    Error: (06/11/2023 07:04:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Browser service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (06/11/2023 07:04:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Browser service to connect.

    Error: (06/11/2023 07:04:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Browser service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (06/11/2023 07:04:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Browser service to connect.

    Error: (06/11/2023 07:04:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Browser service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.


    Windows Defender:
    ================
    Date: 2023-06-11 17:03:12
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2023-06-10 16:51:53
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2023-06-09 16:46:08
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2023-06-08 18:12:49
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2023-06-08 16:37:01
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan
    Event[0]:

    Date: 2023-03-16 19:52:54
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.385.223.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.20100.6
    Error code: 0x8007043c
    Error description: This service cannot be started in Safe Mode

    Date: 2023-03-16 19:42:39
    Description:
    Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
    Feature: On Access
    Error Code: 0x8007043c
    Error description: This service cannot be started in Safe Mode
    Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

    Date: 2023-03-16 18:04:48
    Description:
    Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
    Feature: On Access
    Error Code: 0x8007043c
    Error description: This service cannot be started in Safe Mode
    Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

    CodeIntegrity:
    ===============
    Date: 2023-06-11 19:04:20
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    BIOS: American Megatrends Inc. X555UA.303 04/17/2019
    Motherboard: ASUSTeK COMPUTER INC. X555UA
    Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
    Percentage of memory in use: 58%
    Total physical RAM: 8091.07 MB
    Available physical RAM: 3386.47 MB
    Total Virtual: 8731.07 MB
    Available Virtual: 3298.39 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:930.75 GB) (Free:875.57 GB) (Model: ST1000LM024 HN-M101MBB) NTFS ==>[system with boot components (obtained from drive)]

    \\?\Volume{f4730bb8-b485-478f-a531-b0e63f39cfe4}\ (RECOVERY) (Fixed) (Total:0.49 GB) (Free:0.06 GB) NTFS
    \\?\Volume{ece35efc-b682-4a1c-8521-1e8eb7b70122}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 288D52A9)

    Partition: GPT.

    ==================== End of Addition.txt =======================
     
  9. Oh My!

    Oh My! Malware Expert Staff Member

    Thank you for the reports.

    Having difficulty running MGtools can be caused by factors other than malware. There is no evidence of mlalicious software on the system but there is a bit we can do to clean up the computer if you'd like. If so, continue on.

    Do you recognize C:\Users\Micheal\Desktop\hosts\Hoschtzs\RenHosts.bat?

    Avira is not properly installed. Let me know if you would like to reinstall it after we have completed our tasks. In the meantime I have included commands in the below Fixlist to Enable Windows Defender. Please run the Avira Uninstall Tool.

    ===================================================

    Java Out of Date

    --------------------

    Java is known to have ongoing security concerns. If you know you don't need it, or even if you are unsure, I would recommend uninstalling it. If it is necessary in the future you will be alerted for the need to download it.

    If you would rather have the program on your system skip the above and complete the Clean Install of Java Using JavaRa instructions here.

    ===================================================

    Uninstalling Programs Using Revo Uninstaller Free Portable

    --------------------

    • Download Revo Uninstaller Free Portable from and save it to your Desktop
    • Right click on the folder and select Extract All..., then click Extract
    • Double click on the RevoUninstaller-Portable folder
    • Right click on RevoUPort and select Run as administrator
    • Click OK on the License Agreement
    • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
    Code:
    Advanced SystemCare
    
    • If the program's uninstaller appears work through the steps to remove the program(s)
    • Be sure the Advanced option is selected then click Scan
    • For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion
    • Once done click Finish
    • Reboot your computer
    ===================================================

    Farbar Recovery Scan Tool Fix

    --------------------
    • Right click on the FRST icon and select Run as administrator
    • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
    • There is no need to paste the information anywhere, FRST will do it for you
    Code:
    Start::
    CreateRestorePoint:
    CloseProcesses:
    S3 Browser; %SystemRoot%\System32\browser.dll [X] 
    S3 cpuz154; \??\C:\WINDOWS\temp\cpuz154\cpuz154_x64.sys [X] 
    Task: {D89B2FC1-C588-47EC-B091-4514617D28F9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION 
    Task: {D963497B-5AEA-49DB-AE16-F03AA1F4FB31} - System32\Tasks\Opera scheduled Autoupdate 1591797626 => C:\Users\Micheal\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File) 
    Task: {FBDFE7B2-2FD7-4ADE-8099-B952226941B1} - System32\Tasks\ASC9_SkipUac_Micheal => E:\ASC (portable)\ASC.exe /SkipUac (No File) 
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File 
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File 
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File 
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File 
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File 
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File 
    ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File 
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File 
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File 
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File 
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File 
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File 
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File 
    ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File 
    ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => -> No File 
    ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File 
    ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File 
    ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File 
    Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No File 
    Task: {D963497B-5AEA-49DB-AE16-F03AA1F4FB31} - System32\Tasks\Opera scheduled Autoupdate 1591797626 => C:\Users\Micheal\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File) 
    Task: {FBDFE7B2-2FD7-4ADE-8099-B952226941B1} - System32\Tasks\ASC9_SkipUac_Micheal => E:\ASC (portable)\ASC.exe /SkipUac (No File) 
    Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] 
    Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] 
    Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] 
    Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] 
    GroupPolicy-Firefox-x32: Restriction <==== ATTENTION 
    Task: {D89B2FC1-C588-47EC-B091-4514617D28F9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION 
    HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones) 
    Task: {D89B2FC1-C588-47EC-B091-4514617D28F9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION 
    HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1 
    ask: {19228F99-48C2-49B3-857D-7EDA2F1D47E2} - System32\Tasks\{05D8B97B-6A15-4813-BDCA-C1E818A7AD6C} => c:\windows\system32\launchwinapp.exe [45056 2023-02-15] (Microsoft Windows -> Microsoft Corporation) -> hxxp://ui.skype.com/ui/0/7.22.0.109/en/go/help.faq.installer?LastError=1618
    FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\Micheal\AppData\Roaming\Mozilla\Firefox\Profiles\4zma117h.default-1474483005108\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2022-12-14]
    FF user.js: detected! => C:\Users\Micheal\AppData\Roaming\Mozilla\Firefox\Profiles\4zma117h.default-1474483005108\user.js [2023-03-16] 
    C:\Users\Micheal\AppData\Local\Google\Chrome\User Data\Default\Extensions\imgpenhngnbnmhdkpdfnfhdpmfgmihdn
    CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
    S3 AscFileControl; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileControl.sys [40920 2022-12-14] (IObit CO., LTD -> IObit)
    S3 AscFileFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [47904 2022-12-14] (IObit CO., LTD -> IObit)
    S3 AscRegistryFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [46552 2022-12-14] (IObit CO., LTD -> IObit)
    S3 iobit_monitor_server2021; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [33256 2022-12-14] (IObit CO., LTD -> IObit)
    BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2022-12-14] (IObit CO., LTD -> IObit)
    cmd: netsh winsock reset catalog
    cmd: netsh int ip reset resetlog.txt
    cmd: netsh advfirewall reset
    cmd: netsh advfirewall set allprofiles state ON
    cmd: bitsadmin /reset /allusers
    cmd: ipconfig /flushdns
    Removeproxy:
    hosts:
    Powershell: Set-MpPreference -DisableRealtimeMonitoring $false
    Powershell: Get-MpComputerStatus
    cmd: sfc /scannow
    cmd: DISM /Online /Cleanup-Image /CheckHealth
    Emptytemp:
    End::
    
    • Click Fix
    • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
    • Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
    • Note: The Emptytemp: command will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
    • Copy/paste the following in the Search: box
      Code:
      SearchAll: Iobit;SystemCare;Avira;Avast
      
    • Click Search Files button
    • When completed click OK and a Search.txt document will open on your desktop
    • Please zip and attach the file to your reply. upload the file to GoFile, WeTransfer, or the file hosting site of your choice and post the download link in your reply.
    ===================================================

    Rebuilding Windows Indexing

    --------------------

    Note: This process may take a long time to complete. Do not interrupt the process.
    • Click Start, type Indexing then select Indexing Options
    • Click Advanced
    • Click Rebuild, then OK
    • When completed you will see Indexing complete
    ===================================================

    Things I would like to see in your next reply.
    • Do your recognize host .bat file?
    • Avira uninstalled?
    • Java uninstalled or updated?
    • Iobit uninstalled?
    • Fixlog
    • Search.txt
    • Index rebuilt?
     
  10. ManWarBear

    ManWarBear Private First Class

    Yes I do recognize that bat file. I got it from MVPS HOSTS a long time ago.
    I can't get the Avira.Uninstall.command to work. It doesn't even look like it does on the support link. It's just a blank white paper icon. However, I did manually delete an Avira folder that was in the Windows ProgramData folder.
    Avira is not listed in my programs.
    Java is uninstalled.
    Iobit is uninstalled.

    Fix result of Farbar Recovery Scan Tool (x64) Version: 12-06-2023
    Ran by Bear (12-06-2023 13:36:51) Run:1
    Running from C:\Users\Micheal\Desktop
    Loaded Profiles: Bear
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    Start::
    CreateRestorePoint:
    CloseProcesses:
    S3 Browser; %SystemRoot%\System32\browser.dll [X]
    S3 cpuz154; \??\C:\WINDOWS\temp\cpuz154\cpuz154_x64.sys [X]
    Task: {D89B2FC1-C588-47EC-B091-4514617D28F9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {D963497B-5AEA-49DB-AE16-F03AA1F4FB31} - System32\Tasks\Opera scheduled Autoupdate 1591797626 => C:\Users\Micheal\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
    Task: {FBDFE7B2-2FD7-4ADE-8099-B952226941B1} - System32\Tasks\ASC9_SkipUac_Micheal => E:\ASC (portable)\ASC.exe /SkipUac (No File)
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
    ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => -> No File
    ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
    ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
    ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
    Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No File
    Task: {D963497B-5AEA-49DB-AE16-F03AA1F4FB31} - System32\Tasks\Opera scheduled Autoupdate 1591797626 => C:\Users\Micheal\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
    Task: {FBDFE7B2-2FD7-4ADE-8099-B952226941B1} - System32\Tasks\ASC9_SkipUac_Micheal => E:\ASC (portable)\ASC.exe /SkipUac (No File)
    Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
    Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
    Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
    Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
    GroupPolicy-Firefox-x32: Restriction <==== ATTENTION
    Task: {D89B2FC1-C588-47EC-B091-4514617D28F9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
    Task: {D89B2FC1-C588-47EC-B091-4514617D28F9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
    ask: {19228F99-48C2-49B3-857D-7EDA2F1D47E2} - System32\Tasks\{05D8B97B-6A15-4813-BDCA-C1E818A7AD6C} => c:\windows\system32\launchwinapp.exe [45056 2023-02-15] (Microsoft Windows -> Microsoft Corporation) -> hxxp://ui.skype.com/ui/0/7.22.0.109/en/go/help.faq.installer?LastError=1618
    FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\Micheal\AppData\Roaming\Mozilla\Firefox\Profiles\4zma117h.default-1474483005108\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2022-12-14]
    FF user.js: detected! => C:\Users\Micheal\AppData\Roaming\Mozilla\Firefox\Profiles\4zma117h.default-1474483005108\user.js [2023-03-16]
    C:\Users\Micheal\AppData\Local\Google\Chrome\User Data\Default\Extensions\imgpenhngnbnmhdkpdfnfhdpmfgmihdn
    CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
    S3 AscFileControl; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileControl.sys [40920 2022-12-14] (IObit CO., LTD -> IObit)
    S3 AscFileFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [47904 2022-12-14] (IObit CO., LTD -> IObit)
    S3 AscRegistryFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [46552 2022-12-14] (IObit CO., LTD -> IObit)
    S3 iobit_monitor_server2021; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [33256 2022-12-14] (IObit CO., LTD -> IObit)
    BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2022-12-14] (IObit CO., LTD -> IObit)
    cmd: netsh winsock reset catalog
    cmd: netsh int ip reset resetlog.txt
    cmd: netsh advfirewall reset
    cmd: netsh advfirewall set allprofiles state ON
    cmd: bitsadmin /reset /allusers
    cmd: ipconfig /flushdns
    Removeproxy:
    hosts:
    Powershell: Set-MpPreference -DisableRealtimeMonitoring $false
    Powershell: Get-MpComputerStatus
    cmd: sfc /scannow
    cmd: DISM /Online /Cleanup-Image /CheckHealth
    Emptytemp:
    End::
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKLM\System\CurrentControlSet\Services\Browser => removed successfully
    Browser => service removed successfully
    HKLM\System\CurrentControlSet\Services\cpuz154 => removed successfully
    cpuz154 => service removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D89B2FC1-C588-47EC-B091-4514617D28F9}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D89B2FC1-C588-47EC-B091-4514617D28F9}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D963497B-5AEA-49DB-AE16-F03AA1F4FB31}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D963497B-5AEA-49DB-AE16-F03AA1F4FB31}" => removed successfully
    C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1591797626 => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1591797626" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FBDFE7B2-2FD7-4ADE-8099-B952226941B1}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBDFE7B2-2FD7-4ADE-8099-B952226941B1}" => removed successfully
    C:\WINDOWS\System32\Tasks\ASC9_SkipUac_Micheal => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC9_SkipUac_Micheal" => removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
    HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BtSendToMenuEx => removed successfully
    HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\ContextMenu => removed successfully
    HKLM\Software\Classes\CLSID\{ee10d625-cc60-30a4-b3df-4b349785be6b} => removed successfully
    HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\ContextMenu => removed successfully
    HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
    "HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
    HKLM\Software\Classes\PROTOCOLS\Handler\tmtbim => removed successfully
    HKLM\Software\Classes\CLSID\{0B37915C-8B98-4B9E-80D4-464D2C830D10} => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D963497B-5AEA-49DB-AE16-F03AA1F4FB31}" => not found
    "C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1591797626" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1591797626" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBDFE7B2-2FD7-4ADE-8099-B952226941B1}" => not found
    "C:\WINDOWS\System32\Tasks\ASC9_SkipUac_Micheal" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC9_SkipUac_Micheal" => not found
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
    C:\Program Files (x86)\Mozilla Firefox\distribution\policies.json => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D89B2FC1-C588-47EC-B091-4514617D28F9}" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
    HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D89B2FC1-C588-47EC-B091-4514617D28F9}" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
    "HKU\S-1-5-21-745247706-1955576132-408695703-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NolowDiskSpaceChecks" => removed successfully
    ask: {19228F99-48C2-49B3-857D-7EDA2F1D47E2} - System32\Tasks\{05D8B97B-6A15-4813-BDCA-C1E818A7AD6C} => c:\windows\system32\launchwinapp.exe [45056 2023-02-15] (Microsoft Windows -> Microsoft Corporation) -> hxxp://ui.skype.com/ui/0/7.22.0.109/en/go/help.faq.installer?LastError=1618 => Error: No automatic fix found for this entry.
    "C:\Users\Micheal\AppData\Roaming\Mozilla\Firefox\Profiles\4zma117h.default-1474483005108\Extensions\ascsurfingprotectionnew@iobit.com.xpi" => not found
    C:\Users\Micheal\AppData\Roaming\Mozilla\Firefox\Profiles\4zma117h.default-1474483005108\user.js => moved successfully
    C:\Users\Micheal\AppData\Local\Google\Chrome\User Data\Default\Extensions\imgpenhngnbnmhdkpdfnfhdpmfgmihdn => moved successfully
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\caljgklbbfbcjjanaijlacgncafpegll => removed successfully
    AscFileControl => service not found.
    AscFileFilter => service not found.
    AscRegistryFilter => service not found.
    iobit_monitor_server2021 => service not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} => not found

    ========= netsh winsock reset catalog =========


    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.



    ========= End of CMD: =========


    ========= netsh int ip reset resetlog.txt =========

    Resetting Compartment Forwarding, OK!
    Resetting Compartment, OK!
    Resetting Control Protocol, OK!
    Resetting Echo Sequence Request, OK!
    Resetting Global, OK!
    Resetting Interface, OK!
    Resetting Anycast Address, OK!
    Resetting Multicast Address, OK!
    Resetting Unicast Address, OK!
    Resetting Neighbor, OK!
    Resetting Path, OK!
    Resetting Potential, OK!
    Resetting Prefix Policy, OK!
    Resetting Proxy Neighbor, OK!
    Resetting Route, OK!
    Resetting Site Prefix, OK!
    Resetting Subinterface, OK!
    Resetting Wakeup Pattern, OK!
    Resetting Resolve Neighbor, OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , failed.
    Access is denied.

    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Restart the computer to complete this action.



    ========= End of CMD: =========


    ========= netsh advfirewall reset =========

    Ok.



    ========= End of CMD: =========


    ========= netsh advfirewall set allprofiles state ON =========

    Ok.



    ========= End of CMD: =========


    ========= bitsadmin /reset /allusers =========


    BITSADMIN version 3.0
    BITS administration utility.
    (C) Copyright Microsoft Corp.

    {94F8D5BF-EA3D-467C-9CAE-ACE104404849} canceled.
    {4A18F81C-2160-4697-97C8-3F950BEFE407} canceled.
    {2CA2D11C-C307-48F2-9398-AE1FC99C0027} canceled.
    {74A8EFEB-F76D-493C-9716-64678B7AC9DB} canceled.
    4 out of 4 jobs canceled.


    ========= End of CMD: =========


    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.


    ========= End of CMD: =========


    ========= RemoveProxy: =========

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
    HKU\S-1-5-21-745247706-1955576132-408695703-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
    "HKU\S-1-5-21-745247706-1955576132-408695703-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
    "HKU\S-1-5-21-745247706-1955576132-408695703-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


    ========= End of RemoveProxy: =========

    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.

    ========= Set-MpPreference -DisableRealtimeMonitoring $false =========


    ========= End of Powershell: =========


    ========= Get-MpComputerStatus =========



    AMEngineVersion : 1.1.23050.3
    AMProductVersion : 4.18.23050.3
    AMRunningMode : Normal
    AMServiceEnabled : True
    AMServiceVersion : 4.18.23050.3
    AntispywareEnabled : True
    AntispywareSignatureAge : 0
    AntispywareSignatureLastUpdated : 6/12/2023 2:42:13 AM
    AntispywareSignatureVersion : 1.391.1206.0
    AntivirusEnabled : True
    AntivirusSignatureAge : 0
    AntivirusSignatureLastUpdated : 6/12/2023 2:42:12 AM
    AntivirusSignatureVersion : 1.391.1206.0
    BehaviorMonitorEnabled : True
    ComputerID : E43714F8-7639-41AC-A3AF-548AC6FFA394
    ComputerState : 0
    DefenderSignaturesOutOfDate : False
    DeviceControlDefaultEnforcement : Default Allow
    DeviceControlPoliciesLastUpdated : 3/27/2023 4:34:47 PM
    DeviceControlState : Disabled
    FullScanAge : 4294967295
    FullScanEndTime :
    FullScanOverdue : False
    FullScanRequired : False
    FullScanSignatureVersion :
    FullScanStartTime :
    IoavProtectionEnabled : True
    IsTamperProtected : True
    IsVirtualMachine : False
    LastFullScanSource : 0
    LastQuickScanSource : 2
    NISEnabled : True
    NISEngineVersion : 1.1.23050.3
    NISSignatureAge : 0
    NISSignatureLastUpdated : 6/12/2023 2:42:12 AM
    NISSignatureVersion : 1.391.1206.0
    OnAccessProtectionEnabled : True
    ProductStatus : 524288
    QuickScanAge : 1
    QuickScanEndTime : 6/10/2023 8:10:46 PM
    QuickScanOverdue : False
    QuickScanSignatureVersion : 1.391.1067.0
    QuickScanStartTime : 6/10/2023 8:06:38 PM
    RealTimeProtectionEnabled : True
    RealTimeScanDirection : 0
    RebootRequired : False
    SmartAppControlExpiration :
    SmartAppControlState : Off
    TamperProtectionSource : Signatures
    TDTMode : cm
    TDTSiloType : S
    TDTStatus : Enabled
    TDTTelemetry : Disabled
    TroubleShootingDailyMaxQuota :
    TroubleShootingDailyQuotaLeft :
    TroubleShootingEndTime :
    TroubleShootingExpirationLeft :
    TroubleShootingMode :
    TroubleShootingModeSource :
    TroubleShootingQuotaResetTime :
    TroubleShootingStartTime :
    PSComputerName :




    ========= End of Powershell: =========


    ========= sfc /scannow =========



    Beginning system scan. This process will take some time.



    Beginning verification phase of system scan.


    Verification 0% complete.
    Verification 1% complete.
    Verification 1% complete.
    Verification 2% complete.
    Verification 3% complete.
    Verification 3% complete.
    Verification 4% complete.
    Verification 5% complete.
    Verification 5% complete.
    Verification 6% complete.
    Verification 6% complete.
    Verification 7% complete.
    Verification 8% complete.
    Verification 8% complete.
    Verification 9% complete.
    Verification 10% complete.
    Verification 10% complete.
    Verification 11% complete.
    Verification 11% complete.
    Verification 12% complete.
    Verification 13% complete.
    Verification 13% complete.
    Verification 14% complete.
    Verification 15% complete.
    Verification 15% complete.
    Verification 16% complete.
    Verification 16% complete.
    Verification 17% complete.
    Verification 18% complete.
    Verification 18% complete.
    Verification 19% complete.
    Verification 20% complete.
    Verification 20% complete.
    Verification 21% complete.
    Verification 21% complete.
    Verification 22% complete.
    Verification 23% complete.
    Verification 23% complete.
    Verification 24% complete.
    Verification 25% complete.
    Verification 25% complete.
    Verification 26% complete.
    Verification 26% complete.
    Verification 27% complete.
    Verification 28% complete.
    Verification 28% complete.
    Verification 29% complete.
    Verification 30% complete.
    Verification 30% complete.
    Verification 31% complete.
    Verification 31% complete.
    Verification 32% complete.
    Verification 33% complete.
    Verification 33% complete.
    Verification 34% complete.
    Verification 35% complete.
    Verification 35% complete.
    Verification 36% complete.
    Verification 36% complete.
    Verification 37% complete.
    Verification 38% complete.
    Verification 38% complete.
    Verification 39% complete.
    Verification 40% complete.
    Verification 40% complete.
    Verification 41% complete.
    Verification 41% complete.
    Verification 42% complete.
    Verification 43% complete.
    Verification 43% complete.
    Verification 44% complete.
    Verification 45% complete.
    Verification 45% complete.
    Verification 46% complete.
    Verification 46% complete.
    Verification 47% complete.
    Verification 48% complete.
    Verification 48% complete.
    Verification 49% complete.
    Verification 50% complete.
    Verification 50% complete.
    Verification 51% complete.
    Verification 51% complete.
    Verification 52% complete.
    Verification 53% complete.
    Verification 53% complete.
    Verification 54% complete.
    Verification 55% complete.
    Verification 55% complete.
    Verification 56% complete.
    Verification 56% complete.
    Verification 57% complete.
    Verification 58% complete.
    Verification 58% complete.
    Verification 59% complete.
    Verification 60% complete.
    Verification 60% complete.
    Verification 61% complete.
    Verification 61% complete.
    Verification 62% complete.
    Verification 63% complete.
    Verification 63% complete.
    Verification 64% complete.
    Verification 65% complete.
    Verification 65% complete.
    Verification 66% complete.
    Verification 66% complete.
    Verification 67% complete.
    Verification 68% complete.
    Verification 68% complete.
    Verification 69% complete.
    Verification 70% complete.
    Verification 70% complete.
    Verification 71% complete.
    Verification 71% complete.
    Verification 72% complete.
    Verification 73% complete.
    Verification 73% complete.
    Verification 74% complete.
    Verification 75% complete.
    Verification 75% complete.
    Verification 76% complete.
    Verification 76% complete.
    Verification 77% complete.
    Verification 78% complete.
    Verification 78% complete.
    Verification 79% complete.
    Verification 80% complete.
    Verification 80% complete.
    Verification 81% complete.
    Verification 81% complete.
    Verification 82% complete.
    Verification 83% complete.
    Verification 83% complete.
    Verification 84% complete.
    Verification 85% complete.
    Verification 85% complete.
    Verification 86% complete.
    Verification 86% complete.
    Verification 87% complete.
    Verification 88% complete.
    Verification 88% complete.
    Verification 89% complete.
    Verification 90% complete.
    Verification 90% complete.
    Verification 91% complete.
    Verification 91% complete.
    Verification 92% complete.
    Verification 93% complete.
    Verification 93% complete.
    Verification 94% complete.
    Verification 95% complete.
    Verification 95% complete.
    Verification 96% complete.
    Verification 96% complete.
    Verification 97% complete.
    Verification 98% complete.
    Verification 98% complete.
    Verification 99% complete.
    Verification 100% complete.


    Windows Resource Protection did not find any integrity violations.



    ========= End of CMD: =========


    ========= DISM /Online /Cleanup-Image /CheckHealth =========


    Deployment Image Servicing and Management tool
    Version: 10.0.19041.844

    Image Version: 10.0.19045.2965

    No component store corruption detected.
    The operation completed successfully.


    ========= End of CMD: =========


    =========== EmptyTemp: ==========

    FlushDNS => completed
    BITS transfer queue => 1310720 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10619835 B
    Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 352714105 B
    Windows/system/drivers => 2449645 B
    Edge => 50061 B
    Chrome => 516720513 B
    Firefox => 17740152 B
    Opera => 140613 B

    Temp, IE cache, history, cookies, recent:
    Default => 2560 B
    ProgramData => 2560 B
    Public => 2560 B
    systemprofile => 2560 B
    systemprofile32 => 2560 B
    LocalService => 5120 B
    NetworkService => 10020 B
    Micheal => 3649155 B

    RecycleBin => 1113338968 B
    EmptyTemp: => 1.9 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 13:59:26 ====


    https://gofile.io/d/osdEvB

    I will post another reply when index is rebuilt.
     
  11. ManWarBear

    ManWarBear Private First Class

    Indexing didn't take long at all to complete, and had only 5,391 items listed. Is that normal?
     
  12. Oh My!

    Oh My! Malware Expert Staff Member

    No problem on the Avira Uninstall Tool. We captured the entries with the Searchll: step.

    As long as the Indexing completed successfully I am not concerned about the number.

    Please do this.

    ===================================================

    Farbar Recovery Scan Tool - Run Fix Using Attached File

    --------------------
    • Please download the attached file and save it in the same location as FRST.exe <<< Important
    • Right click on FRST and select Run as administrator
    • Click Fix and once completed your computer will reboot
    • The tool will create a log on the desktop called Fixlog.txt
    • Copy and paste the contents of the report in your reply. If it is too large please attach it.
    ===================================================

    Things I would like to see in your next reply.
    • Fixlog
     

    Attached Files:

  13. ManWarBear

    ManWarBear Private First Class

    Here is the log.
     

    Attached Files:

  14. Oh My!

    Oh My! Malware Expert Staff Member

    Can you update me on how your computer is performing, generally speaking? I am not concerned if you are unable to successfully launch MGtools as that happens sometimes for other than malware reasons.
     
  15. ManWarBear

    ManWarBear Private First Class

    There are a few things that I have issues with that I'm sure could have nothing to do with malware. As you said MGools might not run for some people, but that still irks me a bit because I've used it successfully on this computer for many years.
    Occasionally I will get a command prompt window that flashes onto my screen for a split second but it happens so fast that I have no idea what it says in the header.
    I sometimes get strange video lag when watching youtube, netflix, twitch, etc. I realize that could also be completely normal but it started happening more frequently since this command prompt issue started.
    Today I opened task manager when netflix was laggy and I saw a program called Microsoft Phone Link. After googling, I know that program is probably totally legit, but I've never seen it open on my system before and I certainly didn't open it. I've never so much as charged my phone anywhere near my laptop nor shared any connection via any apps, accounts or even bluetooth between the two.
     
  16. ManWarBear

    ManWarBear Private First Class

    I forgot to add that I've since uninstalled Phone Link, as I don't use it or even want it on my system.
     
  17. Oh My!

    Oh My! Malware Expert Staff Member

    Most likely the inability to run MGtools is because of a security program issue. It is an intrusive program that makes some antivirus programs uncomfortable. Since AV programs are updated/modified routinely it may be one of the updates has affected the ability to launch MGtool.

    I would like you to monitor your computer and note the date/time you see a command prompt window flash. Following that please run the below.

    ===================================================

    TaskSchedulerView by Nirsoft

    --------------
    • Download TaskSchedulerView for 64 bit systems and save it to your Desktop
    • Right click on the folder, select Extract All... and extract the folder onto your Desktop
    • Right click on the TaskschedulerView application icon and select Run as administrator
    • Click View then HTML Report - All Items
    • When your browser opens click File, Save Page As... and save the file onto your Desktop with the default name
    • Please zip and attach the file to your reply
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
    • Attached zip file
     
  18. ManWarBear

    ManWarBear Private First Class

    The requested zip file.
     

    Attached Files:

  19. Oh My!

    Oh My! Malware Expert Staff Member

    Greetings.

    Might you have that information?
     
  20. ManWarBear

    ManWarBear Private First Class

    I haven't seen it pop up in the past two days. Which is a little strange since I've seen it on a daily basis until now.
     
  21. ManWarBear

    ManWarBear Private First Class

    I think I just caught a glimpse of it out of the corner of my eye at 3:25pm today.
     
  22. Oh My!

    Oh My! Malware Expert Staff Member

  23. ManWarBear

    ManWarBear Private First Class

    Tasks List.
     

    Attached Files:

  24. Oh My!

    Oh My! Malware Expert Staff Member

    Thank you for the report.
    It appears that one was related to a CCleaner task. We can monitor things going forward if you'd like but I don't think those flashing pop ups are related to malware. If you get another one you can rerun TaskSchedulerView and compare date/times. You can also Disable that task by right clicking on it in TaskSchedulerView and select Disable Selected Items.

    Can you update me on the video issue?
     
  25. ManWarBear

    ManWarBear Private First Class

    The video issue is intermittent. Sometimes it'll go a whole weekend and not happen. Then sometimes it will happen a few times every hour. As long as there's nothing malware related I'm good.
     
  26. Oh My!

    Oh My! Malware Expert Staff Member

    The video issue is not malware related as your computer is clean. It looks like we are all set.

    Here is our final step and some additional information to consider.

    ===================================================

    KpRm by Kernel-panik

    --------------
    • Download KpRm and save it to your Desktop (see here if you must use Chrome)
    • Note: If the file is detected as malware it is not and it is safe to download. The detection is a false positive.
    • Right click on the icon and select Run as administrator
    • Click Yes on the Disclaimer
    • Place a check mark in Delete Tools, Create Restore Point, and Delete in 7 days
    • Click Run
    • Click OK on All operations are completed
    • KpRm will delete itself from you Desktop and you can either save or remove the report that is generated
    • You are free to remove any other tools/reports still remaining
    ===================================================

    All Clean!

    --------------

    Your computer is now clean. Please consider this going forward.

    ===================================================

    Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean.

     
  27. ManWarBear

    ManWarBear Private First Class

    In the log file this was one of the notes.

    ## Quarantines never deleted
    ~ C:\Users\Micheal\AppData\Roaming\ZHP (ZHP)

    Is it safe to delete the ZHP folder?
    Also, what free antivirus would you recommend? I've mostly used avast and avira but I don't know how good they are compared to others.
     
  28. Oh My!

    Oh My! Malware Expert Staff Member

    Yes, it is safe to delete ZHP Cleaner.

    Which antivirus to use is an individual choice and I don't make any recommendations. However I don't mind sharing what I have chosen. Personally I use Windows Security (the new name for Windows Defender) along with the paid version of Malwarebytes, Malwarebytes Premium.

    Windows Security takes care of updates automatically and is integrated with Windows Update. It works behind the scenes without the need for interaction on my part. I prefer this approach rather than what I experienced with other programs.

    Malwarebytes Premium is also very low maintenance and it provides real time monitoring. The free version, although very good, is launched manually and therefore addresses what is already on the computer rather than monitoring the computer in real time to stop potential threats. You can Run Malwarebytes in Side-by-Side Mode (not generally recommend to run 2 programs at once) so I have 2 real time protection programs running at the same time, Windows Security and Malwarebytes Premium. So far I have not become infected.

    Having said all of that, it is a personal decision.
     
  29. ManWarBear

    ManWarBear Private First Class

    Thank you so much for your help. I really appreciate your time and expertise.
     
  30. Oh My!

    Oh My! Malware Expert Staff Member

    You are quite welcome, it was a pleasure working together with you. You are always welcome here.

    Once again, we apologize for the extended delaty. Hopefully it was just a one time hiccup.

    Gary
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds