Mgtools Issues

ManWarBear · Mar 16, 2023

Today I was going through the malware removal/cleaning procedure and all the scans came back clean, until I got to MGtools. When I tried to put MGtools in the c: folder it wouldn't allow me to, even though I'm logged on with an Administrator Account. So, I put it on my desktop and tried to run it from there and I got the following error.

64 bit Windows OS found
The operation completed successfully.
'"C:\Users\(My user name here)"' is not recognized as an internal or external command,
operable program or batch file.

At that point the program just hangs. I used tweaking.com - windows repair, thinking that it might fix the issue but that didn't work.

I appreciate any help you could offer.

ManWarBear · Mar 17, 2023

I did do an Adwcleaner scan but I forgot to put it here so I did a fresh scan, just in case. My apologies.

Oh My! · Jun 2, 2023

Greetings.

In going through prior posts I see you never received a reply. We greatly apologize for that. Are you still in need of assistance?

ManWarBear · Jun 11, 2023

Yes. I've been procrastinating for a while. I did fresh scans of everything but MGtools won't run. It stops at this message.

64 bit Windows OS found
The operation completed successfully.
'"C:\Users\Micheal"' is not recognized as an internal or external command,
operable program or batch file.

ManWarBear · Jun 11, 2023

Yesterday, malwarebytes detected zamguard64.sys but I can't find that log file.

Oh My! · Jun 11, 2023

Thank you for the reports. We can hold off on MGtools for now.

While I review things please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------

Download Farbar Recover Scan Tool for 64 bit systems and save it to your Desktop. <<< Important

If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english

Right click on the icon and select Run as administrator

Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option

Click Yes to the disclaimer

Click Scan and allow the program to run

Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen

2 Notepad documents should now be open on your desktop.

Please copy and paste the contents of each report in separate reply windows

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

FRST.txt

Addition.txt

ManWarBear · Jun 12, 2023

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2023
Ran by Bear (administrator) on DESKTOP-TC8N8O8 (ASUSTeK COMPUTER INC. X555UA) (12-06-2023 04:39:08)
Running from C:\Users\Micheal\Desktop\FRST64.exe
Loaded Profiles: Bear
Platform: Microsoft Windows 10 Home Version 22H2 19045.2965 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Windows\SysWOW64\esif_uf.exe ->) (Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(cmd.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPNativeMessage.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <17>
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(services.exe ->) (Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\NisSrv.exe
(services.exe ->) (PALTALK, INC. -> AVM Software) C:\Program Files (x86)\Paltalk\update\pt_update_service.exe
(services.exe ->) (Realtek Semiconductor Corp -> ) C:\Program Files (x86)\Realtek\Realtek Bluetooth Filter ONLY\BTDevMgr.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646776 2020-03-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [40454048 2023-05-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\114.0.5735.110\Installer\chrmstp.exe [2023-06-06] (Google LLC -> Google LLC)
GroupPolicy-Firefox-x32: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {19228F99-48C2-49B3-857D-7EDA2F1D47E2} - System32\Tasks\{05D8B97B-6A15-4813-BDCA-C1E818A7AD6C} => c:\windows\system32\launchwinapp.exe [45056 2023-02-15] (Microsoft Windows -> Microsoft Corporation) -> hxxp://ui.skype.com/ui/0/7.22.0.109/en/go/help.faq.installer?LastError=1618
Task: {1C556B7E-D6EE-4FA1-A105-DC3CD6AD4F0B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-29] (Google Inc -> Google Inc.)
Task: {2677A775-FAAE-441B-9893-7D2E01C73379} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16475392 2016-08-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {79409A1A-11CB-44ED-A320-8DDA26A2103C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1560056 2023-02-01] (Adobe Inc. -> Adobe Inc.)
Task: {7B41635E-96ED-4118-9B87-C471B6D039BF} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [674720 2023-04-12] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {7D0B1275-8226-45CE-B86B-BE2A5FFD2DE9} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-05-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {855CB2D2-C750-491A-B1EE-C266B8F5BBEC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [973744 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {88B4543F-D0A6-456F-9170-A45451A5A8B7} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [716192 2023-04-12] (Mozilla Corporation -> Mozilla Foundation)
Task: {90F5F83F-C6A8-4F8E-B238-81492C262074} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1616160 2016-01-19] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
Task: {93335E62-2C63-4044-81E4-80EFED41ECA6} - System32\Tasks\ASC_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [5444104 2022-12-29] (IObit CO., LTD -> IObit)
Task: {A1A2CF5C-AD4C-4E29-A2CD-B4E661721960} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C00291E5-3D9E-4824-AC7F-2FE63ADED98F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C0073352-E43A-4A49-821C-B0148FDF577A} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-05-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "69039b7a-7093-4678-b284-67127794d33e" --version "6.12.10490" --silent
Task: {C453B823-9E0A-4BB8-93FB-0BBFA7EE4419} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-29] (Google Inc -> Google Inc.)
Task: {D04A0E26-4516-4D84-84BE-E313CEB4CC63} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [973744 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {D89B2FC1-C588-47EC-B091-4514617D28F9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {D963497B-5AEA-49DB-AE16-F03AA1F4FB31} - System32\Tasks\Opera scheduled Autoupdate 1591797626 => C:\Users\Micheal\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {E09FD05D-2278-4E8B-A450-18E7B85790EC} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1429248 2016-08-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {E129AA8B-AE5A-4CEB-A187-7066E37CE58D} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [18392 2016-03-04] (ASUSTeK Computer Inc. -> AsusTek)
Task: {E767E58D-65EA-49D9-893E-EF481F3055B8} - System32\Tasks\CCleanerSkipUAC - Bear => C:\Program Files\CCleaner\CCleaner.exe [34264480 2023-05-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {ED9CC8D2-6CFE-4B5F-98A2-7B7F0615D3FE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F50EC2B8-0EFD-40ED-927D-0707878241B7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FBDFE7B2-2FD7-4ADE-8099-B952226941B1} - System32\Tasks\ASC9_SkipUac_Micheal => E:\ASC (portable)\ASC.exe /SkipUac (No File)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\ASC9_SkipUac_Micheal.job => E:\ASC (portable)\ASC.exe
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1717dab2-7ff3-4fa7-b0ac-886e42e4ff02}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{18083346-9adc-4754-afd3-126e9572e7e8}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{18083346-9adc-4754-afd3-126e9572e7e8}: [DhcpNameServer] 192.168.1.1

Edge:
=======
DownloadDir: C:\Users\Micheal\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\Micheal\AppData\Local\Microsoft\Edge\User Data\Default [2023-06-10]
Edge Extension: (Edge relevant text changes) - C:\Users\Micheal\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-05-26]

FireFox:
========
FF DefaultProfile: 4zma117h.default-1474483005108
FF ProfilePath: C:\Users\Micheal\AppData\Roaming\Mozilla\Firefox\Profiles\4zma117h.default-1474483005108 [2023-06-12]
FF user.js: detected! => C:\Users\Micheal\AppData\Roaming\Mozilla\Firefox\Profiles\4zma117h.default-1474483005108\user.js [2023-03-16]
FF NetworkProxy: Mozilla\Firefox\Profiles\4zma117h.default-1474483005108 -> no_proxies_on", "hxxps://localhost"
FF Extension: (AdGuard AdBlocker) - C:\Users\Micheal\AppData\Roaming\Mozilla\Firefox\Profiles\4zma117h.default-1474483005108\Extensions\adguardadblocker@adguard.com.xpi [2022-10-26]
FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\Micheal\AppData\Roaming\Mozilla\Firefox\Profiles\4zma117h.default-1474483005108\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2022-12-14]
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-02-13] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2020-04-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2020-04-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-08-28] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Micheal\AppData\Local\Google\Chrome\User Data\Default [2023-06-12]
CHR Extension: (BetterTTV) - C:\Users\Micheal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2023-05-03]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Micheal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2023-06-07]
CHR Extension: (WebRTC Leak Shield) - C:\Users\Micheal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppamachkoflopbagkdoflbgfjflfnfl [2022-05-25]
CHR Extension: (IObit Surfing Protection) - C:\Users\Micheal\AppData\Local\Google\Chrome\User Data\Default\Extensions\imgpenhngnbnmhdkpdfnfhdpmfgmihdn [2023-03-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Micheal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01]
CHR Extension: (uBlock Origin Extra) - C:\Users\Micheal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgdnlhfefecpicbbihgmbmffkjpaplco [2019-09-10]
CHR Profile: C:\Users\Micheal\AppData\Local\Google\Chrome\User Data\System Profile [2023-06-10]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

Opera:
=======
OPR Profile: C:\Users\Micheal\AppData\Roaming\Opera Software\Opera Stable [2023-06-10]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-02-01] (Adobe Inc. -> Adobe Inc.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter ONLY\BTDevMgr.exe [121560 2015-07-20] (Realtek Semiconductor Corp -> )
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3054520 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9258016 2023-06-09] (Malwarebytes Inc. -> Malwarebytes)
R2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1336624 2021-07-14] (PALTALK, INC. -> AVM Software)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\NisSrv.exe [3228464 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe [133592 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Browser; %SystemRoot%\System32\browser.dll [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AscFileControl; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileControl.sys [40920 2022-12-14] (IObit CO., LTD -> IObit)
S3 AscFileFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [47904 2022-12-14] (IObit CO., LTD -> IObit)
S3 AscRegistryFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [46552 2022-12-14] (IObit CO., LTD -> IObit)
S3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [142840 2016-03-04] (ASUSTeK Computer Inc. -> ASUS Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32696 2020-11-19] (ASUSTek Computer Inc. -> ASUS)
S3 iobit_monitor_server2021; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [33256 2022-12-14] (IObit CO., LTD -> IObit)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2023-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-10-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl0738fc67; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1260F254-D829-40A2-9624-8E4847ACDC8A}\MpKslDrv.sys [213288 2023-06-11] (Microsoft Windows -> Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49616 2023-05-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [498984 2023-05-31] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99608 2023-05-31] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz154; \??\C:\WINDOWS\temp\cpuz154\cpuz154_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-06-12 04:39 - 2023-06-12 04:40 - 000020362 _____ C:\Users\Micheal\Desktop\FRST.txt
2023-06-12 04:37 - 2023-06-12 04:40 - 000000000 ____D C:\FRST
2023-06-12 04:36 - 2023-06-12 04:36 - 002383360 _____ (Farbar) C:\Users\Micheal\Desktop\FRST64.exe
2023-06-11 14:27 - 2023-06-11 14:27 - 000015204 _____ C:\MGlogs.zip
2023-06-10 16:44 - 2023-06-11 14:22 - 000000000 ____D C:\Users\Micheal\Desktop\New Scans
2023-06-10 16:33 - 2023-06-10 16:33 - 008791352 _____ (Malwarebytes) C:\Users\Micheal\Desktop\AdwCleaner.exe
2023-06-07 17:03 - 2023-06-10 12:26 - 000810999 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2023-05-30 07:18 - 2023-05-30 07:18 - 000000000 ____D C:\Users\Micheal\AppData\Local\Malwarebytes
2023-05-19 05:26 - 2023-05-27 22:50 - 000000760 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2023-05-19 05:26 - 2023-05-19 05:26 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2023-05-19 05:26 - 2023-05-19 05:26 - 000003472 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-06-12 04:23 - 2016-08-26 12:45 - 000000000 ____D C:\Program Files (x86)\Google
2023-06-12 04:13 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-06-12 03:02 - 2020-08-25 02:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-06-12 02:31 - 2020-08-25 02:38 - 000004168 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{46CEDF8B-5B38-4E1C-8B90-50078B7100F2}
2023-06-11 23:04 - 2019-11-27 07:25 - 000000000 ____D C:\Users\Micheal\AppData\LocalLow\Mozilla
2023-06-11 17:26 - 2023-03-16 15:25 - 000000000 ____D C:\Program Files\CCleaner
2023-06-11 14:27 - 2023-03-16 23:08 - 000000000 ____D C:\MGtools
2023-06-10 17:37 - 2021-07-08 15:29 - 000000000 ____D C:\Users\Micheal\AppData\LocalLow\IGDump
2023-06-10 17:23 - 2016-09-13 06:26 - 000000000 ____D C:\Users\Micheal\AppData\Local\CrashDumps
2023-06-10 17:05 - 2020-08-25 02:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-06-10 17:05 - 2020-08-25 02:06 - 000008192 ___SH C:\DumpStack.log.tmp
2023-06-10 17:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-06-10 17:04 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-06-10 16:38 - 2021-06-15 16:59 - 000000000 ____D C:\Program Files (x86)\Steam
2023-06-10 14:23 - 2022-09-30 16:04 - 000001480 _____ C:\Users\Micheal\Desktop\Docs.txt
2023-06-10 14:18 - 2019-10-06 20:40 - 000000000 ____D C:\Program Files (x86)\ZamTalk
2023-06-10 14:09 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-06-10 14:09 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-06-10 12:26 - 2016-04-28 21:10 - 000000000 ____D C:\ProgramData\Realtek
2023-06-10 11:08 - 2020-06-23 01:04 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-06-10 11:08 - 2020-06-23 01:04 - 000002285 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-06-07 12:52 - 2017-11-20 14:19 - 000000000 ____D C:\Users\Micheal\AppData\Local\Packages
2023-06-06 02:17 - 2018-11-29 18:37 - 000002310 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-06-06 02:17 - 2018-11-29 18:37 - 000002269 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-06-06 02:16 - 2021-12-19 06:05 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-05-31 16:23 - 2018-05-24 14:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-05-30 08:00 - 2020-08-25 02:20 - 000742724 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-05-30 08:00 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2023-05-30 07:17 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-05-27 23:35 - 2023-04-12 09:15 - 000003428 _____ C:\WINDOWS\SysWOW64\pubfreeware.ini
2023-05-27 22:52 - 2023-03-16 21:30 - 000000000 ____D C:\ProgramData\ProductData
2023-05-19 04:15 - 2016-08-28 08:46 - 000000000 ____D C:\Program Files\Microsoft Office 15
2023-05-18 07:08 - 2021-04-28 06:41 - 000000478 _____ C:\Users\Micheal\Desktop\RD.txt
2023-05-17 16:18 - 2020-08-25 02:38 - 000003714 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-05-17 16:18 - 2020-08-25 02:38 - 000003590 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-05-13 04:34 - 2020-08-25 02:38 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-05-13 04:34 - 2020-08-25 02:38 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

==================== Files in the root of some directories ========

2021-04-13 07:34 - 2021-04-13 07:34 - 000361355 _____ () C:\Users\Micheal\AppData\Local\ars.cache
2021-04-13 07:38 - 2021-04-13 07:38 - 001058717 _____ () C:\Users\Micheal\AppData\Local\census.cache
2019-07-31 06:07 - 2019-07-31 06:07 - 000006144 _____ () C:\Users\Micheal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-26 11:06 - 2016-08-26 11:06 - 000000036 _____ () C:\Users\Micheal\AppData\Local\housecall.guid.cache
2023-01-17 16:59 - 2023-01-17 16:59 - 000000840 _____ () C:\Users\Micheal\AppData\Local\recently-used.xbel
2016-08-28 09:01 - 2021-04-13 06:40 - 000000010 _____ () C:\Users\Micheal\AppData\Local\sponge.last.runtime.cache
2017-01-11 21:03 - 2018-07-24 20:40 - 000002429 _____ () C:\Users\Micheal\AppData\Local\Temptoast_image.png

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

ManWarBear · Jun 12, 2023

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2023
Ran by Bear (12-06-2023 04:41:54)
Running from C:\Users\Micheal\Desktop
Microsoft Windows 10 Home Version 22H2 19045.2965 (X64) (2020-08-25 06:39:29)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-745247706-1955576132-408695703-500 - Administrator - Disabled)
Bear (S-1-5-21-745247706-1955576132-408695703-1001 - Administrator - Enabled) => C:\Users\Micheal
DefaultAccount (S-1-5-21-745247706-1955576132-408695703-503 - Limited - Disabled)
Guest (S-1-5-21-745247706-1955576132-408695703-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-745247706-1955576132-408695703-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Avira Security (Disabled) {71EC0A3F-391C-0E33-A103-0C8A6DF0EBF0}
FW: Avira Security (Enabled) {4EFB3EBA-D5BC-D311-F570-D3065B48D523}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 22.003.20322 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601042}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Advanced SystemCare (HKLM-x32\...\Advanced SystemCare_is1) (Version: 16.3.0 - IObit)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.13 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.93 - ICEpower a/s)
CCleaner (HKLM\...\CCleaner) (Version: 6.12 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.3 - ASUSTek Computer Inc.)
GIMP 2.10.6 (HKLM\...\GIMP-2_is1) (Version: 2.10.6 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 114.0.5735.110 - Google LLC)
Intel(R) Chipset Device Software (HKLM\...\{8E2CA9DC-9975-468F-90CF-C740109DD2B8}) (Version: 10.1.1.11 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{a2d9fda8-65eb-4c06-81ef-31e0a4daa335}) (Version: 10.1.1.11 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{5BD7E621-9791-4D9F-A620-1BA51153B749}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{A53B7EAB-86BD-4F16-8C44-011B1376326A}) (Version: 11.0.0.1162 - Intel Corporation) Hidden
Intel(R) ME UninstallLegacy (HKLM\...\{555B1C57-E71B-4775-BC1D-627EEF693F0D}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{30E935B2-0DAC-455E-AC76-3C8504DC3D18}) (Version: 30.100.1519.07 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{7D84E343-A23D-451C-B123-0195B2D903A6}) (Version: 1.42.17.0 - Intel Corporation) Hidden
Java 8 Update 251 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180251F0}) (Version: 8.0.2510.8 - Oracle Corporation)
Malwarebytes version 4.5.30.269 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.30.269 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 114.0.1823.43 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 114.0.1823.43 - Microsoft Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\{3F5C2BF3-D8B6-4205-A2AD-BCB0A1E360A4}) (Version: 4.0.4276.0 - Microsoft Corporation) Hidden
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.4276.0) (Version: 4.0.4276.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{64C12304-7010-43F3-A25B-BDC38DE41E46}) (Version: 4.0.4276.0 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.5553.1000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24212 (HKLM\...\{F20396E5-D84E-3505-A7A8-7358F0155F6C}) (Version: 14.0.24212 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24212 (HKLM\...\{FAAD7243-0141-3987-AA2F-E56B20F80E41}) (Version: 14.0.24212 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 110.0 (x64 en-US)) (Version: 110.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 110.0.0.8445 - Mozilla)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5553.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5553.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5553.1000 - Microsoft Corporation) Hidden
Paltalk (HKLM-x32\...\Paltalk) (Version: - )
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.875.080715 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7829 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0273 - REALTEK Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Windows Driver Package - ASUS (AsusSGDrv) Mouse (02/24/2016 8.0.0.24) (HKLM\...\4003FCA0E5D128F597B233998B64B6631C2ED623) (Version: 02/24/2016 8.0.0.24 - ASUS)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.1.0 - ASUS)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)

Packages:
=========
AE Mysteries -> C:\Program Files\WindowsApps\TiltingPoint.AdventureEscapeMysteries_24.6.1.0_x64__85kh3h6wfjavg [2023-06-10] (Tilting Point)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.244.400.0_x64__kgqvnymyfvs32 [2023-06-06] (king.com)
Grand Theft Auto: iFruit -> C:\Program Files\WindowsApps\RockstarGames.GrandTheftAutoiFruit_1.11.23.3_x86__3t068xe29zjvp [2023-03-16] (Rockstar Games)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2023-03-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2023-03-16] (Microsoft Corporation) [MS Ad]
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2023-03-16] (MAGIX)
MyASUS-Service Center -> C:\Program Files\WindowsApps\B9ECED6F.MyASUS_3.3.11.0_x86__qmba6cd70vzyy [2023-03-16] (ASUSTeK COMPUTER INC.) [Startup Task]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2023-03-16] (Netflix, Inc.)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-03-19] (Microsoft Studios) [MS Ad]
TripAdvisor Hotels Flights Restaurants -> C:\Program Files\WindowsApps\TripAdvisorLLC.TripAdvisorHotelsFlightsRestaurants_1.5.10.0_x64__qj0v5chwq8f2g [2023-03-16] (TripAdvisor LLC)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2023-03-16] (Twitter Inc.)
Ultra Blu-ray Player Supports DVD -> C:\Program Files\WindowsApps\D5BE6627.UltraBlu-rayPlayerSupportsDVD_2.0.9.0_x86__9pm2v9747qaaa [2023-03-16] (CompuClever Systems Inc.)
WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.851.1712.0_x64__8wekyb3d8bbwe [2023-06-07] (Microsoft Corporation)
WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.851.1712.0_x86__8wekyb3d8bbwe [2023-06-07] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2022-12-14] (IObit CO., LTD -> IObit)
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2022-12-14] (IObit CO., LTD -> IObit)
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
ContextMenuHandlers3: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2022-12-14] (IObit CO., LTD -> IObit)
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-05] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2022-12-14] (IObit CO., LTD -> IObit)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxDTCM.dll [2016-11-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-05] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Micheal\Desktop\RenHosts - Shortcut.lnk -> C:\Users\Micheal\Desktop\hosts\Hoschtzs\RenHosts.bat ()
ShortcutWithArgument: C:\Users\Micheal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-745247706-1955576132-408695703-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\S-1-5-21-745247706-1955576132-408695703-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2022-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\ssv.dll [2020-04-22] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2022-12-14] (IObit CO., LTD -> IObit)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\jp2ssv.dll [2020-04-22] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No File

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\trendmicro.com -> hxxps://pwm.trendmicro.com
IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\100sexlinks.com -> 100sexlinks.com

There are 4746 more sites.

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2023-03-16 20:22 - 2023-03-16 20:22 - 000000855 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-745247706-1955576132-408695703-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Micheal\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\StartupApproved\StartupFolder: => "PalTalk.lnk"
HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DC02E3D6-D80E-4C69-88E8-938466D92F3F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9A6AD164-D55D-4187-92C9-8612C01AAA23}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7166B278-8D07-4637-A296-F2A807FF20E1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{65C09E58-A2BE-4299-BD89-C22049025FD3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A06F70D9-6D7C-4978-B0DD-A347AE2EDF03}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{65D306B8-0D79-4302-9AC9-D26FE99BE419}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{531ADBFA-F3FC-4B6F-ACDE-0549E72ED96E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{BA0BDF30-9AC7-490D-B449-3BC5460D208A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{1828AFDD-3D25-4F6A-A34D-4C69B11A23CD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{E9CDF45F-7DBB-42BE-B58F-0710DD659726}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{DD98B128-43E5-412B-A645-1381DA560B0B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{02E86640-E8DF-454F-AD83-145EA0584A2F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1D018F01-9822-40A9-B5DB-F507D5E18F0C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{81E34A42-A829-4BCF-854E-8C363F89C200}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.43\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

01-06-2023 02:09:36 Scheduled Checkpoint
10-06-2023 14:58:31 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: Slimtype DVD A DA8A6SH
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: I2C HID Device
Description: I2C HID Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service: hidi2c
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: ========================

Application errors:
==================
Error: (06/10/2023 05:22:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Acrobat.exe, version: 22.3.20322.0, time stamp: 0x63eabedb
Faulting module name: ntdll.dll, version: 10.0.19041.2788, time stamp: 0x2f715b17
Exception code: 0xc0000005
Fault offset: 0x0000000000063526
Faulting process id: 0x908
Faulting application start time: 0x01d99be163e380a5
Faulting application path: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 11491205-74a7-4407-b020-e155333a2a3a
Faulting package full name:
Faulting package-relative application ID:

Error: (06/10/2023 05:06:09 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Could not get performance counter registry info for WSearchIdxPi for instance due to the following error: The operation completed successfully. 0x0.

Error: (06/10/2023 05:06:07 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context: Application, SystemIndex Catalog

Error: (06/10/2023 05:06:05 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Performance monitoring cannot be initialized for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Error: (06/10/2023 05:04:45 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (06/10/2023 05:04:45 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (06/10/2023 05:04:45 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (06/10/2023 05:04:45 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

System errors:
=============
Error: (06/11/2023 08:39:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) Content Protection HECI Service service terminated with the following error:
%%2147942833 = A device which does not exist was specified.

Error: (06/11/2023 07:04:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (06/11/2023 07:04:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser service to connect.

Error: (06/11/2023 07:04:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (06/11/2023 07:04:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser service to connect.

Error: (06/11/2023 07:04:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (06/11/2023 07:04:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Browser service to connect.

Error: (06/11/2023 07:04:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Windows Defender:
================
Date: 2023-06-11 17:03:12
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-06-10 16:51:53
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-06-09 16:46:08
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-06-08 18:12:49
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-06-08 16:37:01
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2023-03-16 19:52:54
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.385.223.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.20100.6
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode

Date: 2023-03-16 19:42:39
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2023-03-16 18:04:48
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===============
Date: 2023-06-11 19:04:20
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. X555UA.303 04/17/2019
Motherboard: ASUSTeK COMPUTER INC. X555UA
Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 58%
Total physical RAM: 8091.07 MB
Available physical RAM: 3386.47 MB
Total Virtual: 8731.07 MB
Available Virtual: 3298.39 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.75 GB) (Free:875.57 GB) (Model: ST1000LM024 HN-M101MBB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{f4730bb8-b485-478f-a531-b0e63f39cfe4}\ (RECOVERY) (Fixed) (Total:0.49 GB) (Free:0.06 GB) NTFS
\\?\Volume{ece35efc-b682-4a1c-8521-1e8eb7b70122}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 288D52A9)

Partition: GPT.

==================== End of Addition.txt =======================

Oh My! · Jun 12, 2023

Thank you for the reports.

Having difficulty running MGtools can be caused by factors other than malware. There is no evidence of mlalicious software on the system but there is a bit we can do to clean up the computer if you'd like. If so, continue on.

Do you recognize C:\Users\Micheal\Desktop\hosts\Hoschtzs\RenHosts.bat?

Avira is not properly installed. Let me know if you would like to reinstall it after we have completed our tasks. In the meantime I have included commands in the below Fixlist to Enable Windows Defender. Please run the Avira Uninstall Tool.

===================================================

Java Out of Date

--------------------

Java is known to have ongoing security concerns. If you know you don't need it, or even if you are unsure, I would recommend uninstalling it. If it is necessary in the future you will be alerted for the need to download it.

If you would rather have the program on your system skip the above and complete the Clean Install of Java Using JavaRa instructions here.

===================================================

Uninstalling Programs Using Revo Uninstaller Free Portable

--------------------

Download Revo Uninstaller Free Portable from and save it to your Desktop

Right click on the folder and select Extract All..., then click Extract

Double click on the RevoUninstaller-Portable folder

Right click on RevoUPort and select Run as administrator

Click OK on the License Agreement

From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Code:
Advanced SystemCare
If the program's uninstaller appears work through the steps to remove the program(s)

Be sure the Advanced option is selected then click Scan

For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion

Once done click Finish

Reboot your computer

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST icon and select Run as administrator

Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied

There is no need to paste the information anywhere, FRST will do it for you
Code:
Start::
CreateRestorePoint:
CloseProcesses:
S3 Browser; %SystemRoot%\System32\browser.dll [X] 
S3 cpuz154; \??\C:\WINDOWS\temp\cpuz154\cpuz154_x64.sys [X] 
Task: {D89B2FC1-C588-47EC-B091-4514617D28F9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION 
Task: {D963497B-5AEA-49DB-AE16-F03AA1F4FB31} - System32\Tasks\Opera scheduled Autoupdate 1591797626 => C:\Users\Micheal\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File) 
Task: {FBDFE7B2-2FD7-4ADE-8099-B952226941B1} - System32\Tasks\ASC9_SkipUac_Micheal => E:\ASC (portable)\ASC.exe /SkipUac (No File) 
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File 
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File 
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File 
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File 
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File 
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File 
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File 
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => -> No File 
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File 
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File 
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File 
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No File 
Task: {D963497B-5AEA-49DB-AE16-F03AA1F4FB31} - System32\Tasks\Opera scheduled Autoupdate 1591797626 => C:\Users\Micheal\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File) 
Task: {FBDFE7B2-2FD7-4ADE-8099-B952226941B1} - System32\Tasks\ASC9_SkipUac_Micheal => E:\ASC (portable)\ASC.exe /SkipUac (No File) 
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] 
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] 
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] 
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] 
GroupPolicy-Firefox-x32: Restriction <==== ATTENTION 
Task: {D89B2FC1-C588-47EC-B091-4514617D28F9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION 
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones) 
Task: {D89B2FC1-C588-47EC-B091-4514617D28F9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION 
HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1 
ask: {19228F99-48C2-49B3-857D-7EDA2F1D47E2} - System32\Tasks\{05D8B97B-6A15-4813-BDCA-C1E818A7AD6C} => c:\windows\system32\launchwinapp.exe [45056 2023-02-15] (Microsoft Windows -> Microsoft Corporation) -> hxxp://ui.skype.com/ui/0/7.22.0.109/en/go/help.faq.installer?LastError=1618
FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\Micheal\AppData\Roaming\Mozilla\Firefox\Profiles\4zma117h.default-1474483005108\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2022-12-14]
FF user.js: detected! => C:\Users\Micheal\AppData\Roaming\Mozilla\Firefox\Profiles\4zma117h.default-1474483005108\user.js [2023-03-16] 
C:\Users\Micheal\AppData\Local\Google\Chrome\User Data\Default\Extensions\imgpenhngnbnmhdkpdfnfhdpmfgmihdn
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
S3 AscFileControl; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileControl.sys [40920 2022-12-14] (IObit CO., LTD -> IObit)
S3 AscFileFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [47904 2022-12-14] (IObit CO., LTD -> IObit)
S3 AscRegistryFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [46552 2022-12-14] (IObit CO., LTD -> IObit)
S3 iobit_monitor_server2021; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [33256 2022-12-14] (IObit CO., LTD -> IObit)
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2022-12-14] (IObit CO., LTD -> IObit)
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
Powershell: Set-MpPreference -DisableRealtimeMonitoring $false
Powershell: Get-MpComputerStatus
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
Emptytemp:
End::
Click Fix

When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.

Note: The Emptytemp: command will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
Copy/paste the following in the Search: box
Code:
SearchAll: Iobit;SystemCare;Avira;Avast
Click Search Files button

When completed click OK and a Search.txt document will open on your desktop

Please zip and attach the file to your reply. upload the file to GoFile, WeTransfer, or the file hosting site of your choice and post the download link in your reply.
===================================================

Rebuilding Windows Indexing

--------------------

Note: This process may take a long time to complete. Do not interrupt the process.

Click Start, type Indexing then select Indexing Options

Click Advanced

Click Rebuild, then OK

When completed you will see Indexing complete

===================================================

Things I would like to see in your next reply.

Do your recognize host .bat file?

Avira uninstalled?

Java uninstalled or updated?

Iobit uninstalled?

Fixlog

Search.txt

Index rebuilt?

ManWarBear · Jun 12, 2023

Yes I do recognize that bat file. I got it from MVPS HOSTS a long time ago.
I can't get the Avira.Uninstall.command to work. It doesn't even look like it does on the support link. It's just a blank white paper icon. However, I did manually delete an Avira folder that was in the Windows ProgramData folder.
Avira is not listed in my programs.
Java is uninstalled.
Iobit is uninstalled.

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-06-2023
Ran by Bear (12-06-2023 13:36:51) Run:1
Running from C:\Users\Micheal\Desktop
Loaded Profiles: Bear
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
S3 Browser; %SystemRoot%\System32\browser.dll [X]
S3 cpuz154; \??\C:\WINDOWS\temp\cpuz154\cpuz154_x64.sys [X]
Task: {D89B2FC1-C588-47EC-B091-4514617D28F9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {D963497B-5AEA-49DB-AE16-F03AA1F4FB31} - System32\Tasks\Opera scheduled Autoupdate 1591797626 => C:\Users\Micheal\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {FBDFE7B2-2FD7-4ADE-8099-B952226941B1} - System32\Tasks\ASC9_SkipUac_Micheal => E:\ASC (portable)\ASC.exe /SkipUac (No File)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => -> No File
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No File
Task: {D963497B-5AEA-49DB-AE16-F03AA1F4FB31} - System32\Tasks\Opera scheduled Autoupdate 1591797626 => C:\Users\Micheal\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {FBDFE7B2-2FD7-4ADE-8099-B952226941B1} - System32\Tasks\ASC9_SkipUac_Micheal => E:\ASC (portable)\ASC.exe /SkipUac (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
GroupPolicy-Firefox-x32: Restriction <==== ATTENTION
Task: {D89B2FC1-C588-47EC-B091-4514617D28F9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
Task: {D89B2FC1-C588-47EC-B091-4514617D28F9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
HKU\S-1-5-21-745247706-1955576132-408695703-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
ask: {19228F99-48C2-49B3-857D-7EDA2F1D47E2} - System32\Tasks\{05D8B97B-6A15-4813-BDCA-C1E818A7AD6C} => c:\windows\system32\launchwinapp.exe [45056 2023-02-15] (Microsoft Windows -> Microsoft Corporation) -> hxxp://ui.skype.com/ui/0/7.22.0.109/en/go/help.faq.installer?LastError=1618
FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\Micheal\AppData\Roaming\Mozilla\Firefox\Profiles\4zma117h.default-1474483005108\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2022-12-14]
FF user.js: detected! => C:\Users\Micheal\AppData\Roaming\Mozilla\Firefox\Profiles\4zma117h.default-1474483005108\user.js [2023-03-16]
C:\Users\Micheal\AppData\Local\Google\Chrome\User Data\Default\Extensions\imgpenhngnbnmhdkpdfnfhdpmfgmihdn
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
S3 AscFileControl; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileControl.sys [40920 2022-12-14] (IObit CO., LTD -> IObit)
S3 AscFileFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [47904 2022-12-14] (IObit CO., LTD -> IObit)
S3 AscRegistryFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [46552 2022-12-14] (IObit CO., LTD -> IObit)
S3 iobit_monitor_server2021; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [33256 2022-12-14] (IObit CO., LTD -> IObit)
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2022-12-14] (IObit CO., LTD -> IObit)
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
Powershell: Set-MpPreference -DisableRealtimeMonitoring $false
Powershell: Get-MpComputerStatus
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
Emptytemp:
End::
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\System\CurrentControlSet\Services\Browser => removed successfully
Browser => service removed successfully
HKLM\System\CurrentControlSet\Services\cpuz154 => removed successfully
cpuz154 => service removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D89B2FC1-C588-47EC-B091-4514617D28F9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D89B2FC1-C588-47EC-B091-4514617D28F9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D963497B-5AEA-49DB-AE16-F03AA1F4FB31}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D963497B-5AEA-49DB-AE16-F03AA1F4FB31}" => removed successfully
C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1591797626 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1591797626" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FBDFE7B2-2FD7-4ADE-8099-B952226941B1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBDFE7B2-2FD7-4ADE-8099-B952226941B1}" => removed successfully
C:\WINDOWS\System32\Tasks\ASC9_SkipUac_Micheal => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC9_SkipUac_Micheal" => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BtSendToMenuEx => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\ContextMenu => removed successfully
HKLM\Software\Classes\CLSID\{ee10d625-cc60-30a4-b3df-4b349785be6b} => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\ContextMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\tmtbim => removed successfully
HKLM\Software\Classes\CLSID\{0B37915C-8B98-4B9E-80D4-464D2C830D10} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D963497B-5AEA-49DB-AE16-F03AA1F4FB31}" => not found
"C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1591797626" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1591797626" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBDFE7B2-2FD7-4ADE-8099-B952226941B1}" => not found
"C:\WINDOWS\System32\Tasks\ASC9_SkipUac_Micheal" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC9_SkipUac_Micheal" => not found
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
C:\Program Files (x86)\Mozilla Firefox\distribution\policies.json => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D89B2FC1-C588-47EC-B091-4514617D28F9}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D89B2FC1-C588-47EC-B091-4514617D28F9}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKU\S-1-5-21-745247706-1955576132-408695703-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NolowDiskSpaceChecks" => removed successfully
ask: {19228F99-48C2-49B3-857D-7EDA2F1D47E2} - System32\Tasks\{05D8B97B-6A15-4813-BDCA-C1E818A7AD6C} => c:\windows\system32\launchwinapp.exe [45056 2023-02-15] (Microsoft Windows -> Microsoft Corporation) -> hxxp://ui.skype.com/ui/0/7.22.0.109/en/go/help.faq.installer?LastError=1618 => Error: No automatic fix found for this entry.
"C:\Users\Micheal\AppData\Roaming\Mozilla\Firefox\Profiles\4zma117h.default-1474483005108\Extensions\ascsurfingprotectionnew@iobit.com.xpi" => not found
C:\Users\Micheal\AppData\Roaming\Mozilla\Firefox\Profiles\4zma117h.default-1474483005108\user.js => moved successfully
C:\Users\Micheal\AppData\Local\Google\Chrome\User Data\Default\Extensions\imgpenhngnbnmhdkpdfnfhdpmfgmihdn => moved successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\caljgklbbfbcjjanaijlacgncafpegll => removed successfully
AscFileControl => service not found.
AscFileFilter => service not found.
AscRegistryFilter => service not found.
iobit_monitor_server2021 => service not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} => not found

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ip reset resetlog.txt =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

{94F8D5BF-EA3D-467C-9CAE-ACE104404849} canceled.
{4A18F81C-2160-4697-97C8-3F950BEFE407} canceled.
{2CA2D11C-C307-48F2-9398-AE1FC99C0027} canceled.
{74A8EFEB-F76D-493C-9716-64678B7AC9DB} canceled.
4 out of 4 jobs canceled.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKU\S-1-5-21-745247706-1955576132-408695703-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-745247706-1955576132-408695703-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-745247706-1955576132-408695703-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully

========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= Set-MpPreference -DisableRealtimeMonitoring $false =========

========= End of Powershell: =========

========= Get-MpComputerStatus =========

AMEngineVersion : 1.1.23050.3
AMProductVersion : 4.18.23050.3
AMRunningMode : Normal
AMServiceEnabled : True
AMServiceVersion : 4.18.23050.3
AntispywareEnabled : True
AntispywareSignatureAge : 0
AntispywareSignatureLastUpdated : 6/12/2023 2:42:13 AM
AntispywareSignatureVersion : 1.391.1206.0
AntivirusEnabled : True
AntivirusSignatureAge : 0
AntivirusSignatureLastUpdated : 6/12/2023 2:42:12 AM
AntivirusSignatureVersion : 1.391.1206.0
BehaviorMonitorEnabled : True
ComputerID : E43714F8-7639-41AC-A3AF-548AC6FFA394
ComputerState : 0
DefenderSignaturesOutOfDate : False
DeviceControlDefaultEnforcement : Default Allow
DeviceControlPoliciesLastUpdated : 3/27/2023 4:34:47 PM
DeviceControlState : Disabled
FullScanAge : 4294967295
FullScanEndTime :
FullScanOverdue : False
FullScanRequired : False
FullScanSignatureVersion :
FullScanStartTime :
IoavProtectionEnabled : True
IsTamperProtected : True
IsVirtualMachine : False
LastFullScanSource : 0
LastQuickScanSource : 2
NISEnabled : True
NISEngineVersion : 1.1.23050.3
NISSignatureAge : 0
NISSignatureLastUpdated : 6/12/2023 2:42:12 AM
NISSignatureVersion : 1.391.1206.0
OnAccessProtectionEnabled : True
ProductStatus : 524288
QuickScanAge : 1
QuickScanEndTime : 6/10/2023 8:10:46 PM
QuickScanOverdue : False
QuickScanSignatureVersion : 1.391.1067.0
QuickScanStartTime : 6/10/2023 8:06:38 PM
RealTimeProtectionEnabled : True
RealTimeScanDirection : 0
RebootRequired : False
SmartAppControlExpiration :
SmartAppControlState : Off
TamperProtectionSource : Signatures
TDTMode : cm
TDTSiloType : S
TDTStatus : Enabled
TDTTelemetry : Disabled
TroubleShootingDailyMaxQuota :
TroubleShootingDailyQuotaLeft :
TroubleShootingEndTime :
TroubleShootingExpirationLeft :
TroubleShootingMode :
TroubleShootingModeSource :
TroubleShootingQuotaResetTime :
TroubleShootingStartTime :
PSComputerName :

========= End of Powershell: =========

========= sfc /scannow =========

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.

Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

========= End of CMD: =========

========= DISM /Online /Cleanup-Image /CheckHealth =========

Deployment Image Servicing and Management tool
Version: 10.0.19041.844

Image Version: 10.0.19045.2965

No component store corruption detected.
The operation completed successfully.

========= End of CMD: =========

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10619835 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 352714105 B
Windows/system/drivers => 2449645 B
Edge => 50061 B
Chrome => 516720513 B
Firefox => 17740152 B
Opera => 140613 B

Temp, IE cache, history, cookies, recent:
Default => 2560 B
ProgramData => 2560 B
Public => 2560 B
systemprofile => 2560 B
systemprofile32 => 2560 B
LocalService => 5120 B
NetworkService => 10020 B
Micheal => 3649155 B

RecycleBin => 1113338968 B
EmptyTemp: => 1.9 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 13:59:26 ====

https://gofile.io/d/osdEvB

I will post another reply when index is rebuilt.

ManWarBear · Jun 12, 2023

Indexing didn't take long at all to complete, and had only 5,391 items listed. Is that normal?

Oh My! · Jun 12, 2023

No problem on the Avira Uninstall Tool. We captured the entries with the Searchll: step.

As long as the Indexing completed successfully I am not concerned about the number.

Please do this.

===================================================

Farbar Recovery Scan Tool - Run Fix Using Attached File

--------------------

Please download the attached file and save it in the same location as FRST.exe <<< Important

Right click on FRST and select Run as administrator

Click Fix and once completed your computer will reboot

The tool will create a log on the desktop called Fixlog.txt

Copy and paste the contents of the report in your reply. If it is too large please attach it.

===================================================

Things I would like to see in your next reply.

Fixlog

ManWarBear · Jun 12, 2023

Here is the log.

Oh My! · Jun 13, 2023

Can you update me on how your computer is performing, generally speaking? I am not concerned if you are unable to successfully launch MGtools as that happens sometimes for other than malware reasons.

ManWarBear · Jun 13, 2023

There are a few things that I have issues with that I'm sure could have nothing to do with malware. As you said MGools might not run for some people, but that still irks me a bit because I've used it successfully on this computer for many years.
Occasionally I will get a command prompt window that flashes onto my screen for a split second but it happens so fast that I have no idea what it says in the header.
I sometimes get strange video lag when watching youtube, netflix, twitch, etc. I realize that could also be completely normal but it started happening more frequently since this command prompt issue started.
Today I opened task manager when netflix was laggy and I saw a program called Microsoft Phone Link. After googling, I know that program is probably totally legit, but I've never seen it open on my system before and I certainly didn't open it. I've never so much as charged my phone anywhere near my laptop nor shared any connection via any apps, accounts or even bluetooth between the two.

ManWarBear · Jun 13, 2023

I forgot to add that I've since uninstalled Phone Link, as I don't use it or even want it on my system.

Oh My! · Jun 13, 2023

Most likely the inability to run MGtools is because of a security program issue. It is an intrusive program that makes some antivirus programs uncomfortable. Since AV programs are updated/modified routinely it may be one of the updates has affected the ability to launch MGtool.

I would like you to monitor your computer and note the date/time you see a command prompt window flash. Following that please run the below.

===================================================

TaskSchedulerView by Nirsoft

--------------

Download TaskSchedulerView for 64 bit systems and save it to your Desktop

Right click on the folder, select Extract All... and extract the folder onto your Desktop

Right click on the TaskschedulerView application icon and select Run as administrator

Click View then HTML Report - All Items

When your browser opens click File, Save Page As... and save the file onto your Desktop with the default name

Please zip and attach the file to your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

Attached zip file

ManWarBear · Jun 14, 2023

The requested zip file.

Oh My! · Jun 14, 2023

Greetings.

I would like you to monitor your computer and note the date/time you see a command prompt window flash. Following that please run the below.
Click to expand...

Might you have that information?

ManWarBear · Jun 15, 2023

I haven't seen it pop up in the past two days. Which is a little strange since I've seen it on a daily basis until now.

ManWarBear · Jun 15, 2023

I think I just caught a glimpse of it out of the corner of my eye at 3:25pm today.

Oh My! · Jun 15, 2023

OK, now run TaskSchedulerView by Nirsoft again.

ManWarBear · Jun 16, 2023

Tasks List.

Oh My! · Jun 16, 2023

Thank you for the report.

CCleanerCrashReporting Ready Yes 2 6/15/2023 3:25:02 PM 6/16/2023 3:25:00 PM
Click to expand...

It appears that one was related to a CCleaner task. We can monitor things going forward if you'd like but I don't think those flashing pop ups are related to malware. If you get another one you can rerun TaskSchedulerView and compare date/times. You can also Disable that task by right clicking on it in TaskSchedulerView and select Disable Selected Items.

Can you update me on the video issue?

ManWarBear · Jun 16, 2023

The video issue is intermittent. Sometimes it'll go a whole weekend and not happen. Then sometimes it will happen a few times every hour. As long as there's nothing malware related I'm good.

Oh My! · Jun 16, 2023

The video issue is not malware related as your computer is clean. It looks like we are all set.

Here is our final step and some additional information to consider.

===================================================

KpRm by Kernel-panik

--------------

Download KpRm and save it to your Desktop (see here if you must use Chrome)

Note: If the file is detected as malware it is not and it is safe to download. The detection is a false positive.

Right click on the icon and select Run as administrator

Click Yes on the Disclaimer

Place a check mark in Delete Tools, Create Restore Point, and Delete in 7 days

Click Run

Click OK on All operations are completed

KpRm will delete itself from you Desktop and you can either save or remove the report that is generated

You are free to remove any other tools/reports still remaining

===================================================

All Clean!

--------------

Your computer is now clean. Please consider this going forward.

===================================================

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean.

Have you Been Hacked? 10 Indicators That Say Yes

So How did I get infected?

Pirated Software is All Fun and Games Until Your Data is Stolen

Do You Need Anti-Ransomware Software for Your PC?

Why You Should Update All Your Software

How Safe Are Password Managers?

Whats the Best Way to Back Up My Computer?

ManWarBear · Jun 16, 2023

In the log file this was one of the notes.

## Quarantines never deleted
~ C:\Users\Micheal\AppData\Roaming\ZHP (ZHP)

Is it safe to delete the ZHP folder?
Also, what free antivirus would you recommend? I've mostly used avast and avira but I don't know how good they are compared to others.

Oh My! · Jun 16, 2023

Yes, it is safe to delete ZHP Cleaner.

Which antivirus to use is an individual choice and I don't make any recommendations. However I don't mind sharing what I have chosen. Personally I use Windows Security (the new name for Windows Defender) along with the paid version of Malwarebytes, Malwarebytes Premium.

Windows Security takes care of updates automatically and is integrated with Windows Update. It works behind the scenes without the need for interaction on my part. I prefer this approach rather than what I experienced with other programs.

Malwarebytes Premium is also very low maintenance and it provides real time monitoring. The free version, although very good, is launched manually and therefore addresses what is already on the computer rather than monitoring the computer in real time to stop potential threats. You can Run Malwarebytes in Side-by-Side Mode (not generally recommend to run 2 programs at once) so I have 2 real time protection programs running at the same time, Windows Security and Malwarebytes Premium. So far I have not become infected.

Having said all of that, it is a personal decision.

ManWarBear · Jun 17, 2023

Thank you so much for your help. I really appreciate your time and expertise.

Oh My! · Jun 17, 2023

You are quite welcome, it was a pleasure working together with you. You are always welcome here.

Once again, we apologize for the extended delaty. Hopefully it was just a one time hiccup.

Gary

Mgtools Issues

ManWarBear Private First Class

ManWarBear Private First Class

Attached Files:

Oh My! Malware Expert Staff Member

ManWarBear Private First Class

Attached Files:

ManWarBear Private First Class

Oh My! Malware Expert Staff Member

ManWarBear Private First Class

ManWarBear Private First Class

Oh My! Malware Expert Staff Member

ManWarBear Private First Class

ManWarBear Private First Class

Oh My! Malware Expert Staff Member

Attached Files:

ManWarBear Private First Class

Attached Files:

Oh My! Malware Expert Staff Member

ManWarBear Private First Class

ManWarBear Private First Class

Oh My! Malware Expert Staff Member

ManWarBear Private First Class

Attached Files:

Oh My! Malware Expert Staff Member

ManWarBear Private First Class

ManWarBear Private First Class

Oh My! Malware Expert Staff Member

ManWarBear Private First Class

Attached Files:

Oh My! Malware Expert Staff Member

ManWarBear Private First Class

Oh My! Malware Expert Staff Member

ManWarBear Private First Class

Oh My! Malware Expert Staff Member

ManWarBear Private First Class

Oh My! Malware Expert Staff Member

Members

Useful Searches