Potential Threat Discovered By Microsoft Defender

On 27th December 2023 while writing a Word document (I wasn’t on the Internet) Microsoft Defender Virus (MDV) said I had a problem. It classed it as severe. I was a little surprised. The PC I was on (details below) is one I rarely connect to the Internet with because it’s old and too slow. Plus I don’t do anything on the Internet that would pose a high risk of malware.

Without thinking first of Majorgeeks, I let MDV do its thing and deal with the threat. I apologise if doing that will make helping me more difficult. If you require any more information other than that requested in the Read & Run Me First Malware Removal Guide I shall be happy to provide it.

When you ask people to downloads the various tools I already have Malwarebytes Anti-Malware so what I did was to simply update it. I hope that was the right thing to do.

The details of the PC with the problem are as follows.

Machine: Acer Aspire A315-21 V1.12
OS: Microsoft Windows 10 Home (x64) Version 2009 (build 19.45.3803)

I have followed the instructions in the Read & Run Me First Malware Removal Guide and attach the requested files. I would be grateful if a specialist would look at these and tell me if I have an infection and if I do what steps I need to take.

 

Thank you very much, Oh My!, for looking into my case. I appreciate it. I will copy and paste FRST.txt and Addition.txt in posts 4 and 5 respectively without preamble or further comment. Thank you!

 

Houston we have a problem.

As I was going to post FRST.txt and Addition.txt I noticed that Farbar had started scanning again. Is this normal?

I now have two FRST.txt notepad files and two Addition.txt notepad files. I'm renaming them so I know the order in which they were produced. Which ones would you like me to paste into replies?

 

I will post the first versions in posts 6 and 7. For some reason I have three copies of each of FRST.txt and Addition.txt.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-12-2023
Ran by Mark (administrator) on LAPTOP-UB40L2H8 (Acer Aspire A315-21) (27-12-2023 21:46:42)
Running from C:\Users\markc\Desktop\FRST64.exe
Loaded Profiles: Mark & Jessica
Platform: Microsoft Windows 10 Home Version 22H2 19045.3803 (X64) Language: English (United Kingdom)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(C:\Program Files\Acer\Quick Access Service\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAdminAgent.exe
(C:\Program Files\Acer\Quick Access Service\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAgent.exe
(DriverStore\FileRepository\u0334382.inf_amd64_385141a145af07f6\B333866\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0334382.inf_amd64_385141a145af07f6\B333866\atieclxx.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QASvc.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0334382.inf_amd64_385141a145af07f6\B333866\atiesrxx.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe
(services.exe ->) (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(services.exe ->) (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(svchost.exe ->) (Acer Incorporated -> ) C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(svchost.exe ->) (Acer Incorporated -> ) C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe
(svchost.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\ePowerButton_NB.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19677688 2020-03-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowClipboardHistory] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKU\S-1-5-21-2097827235-3593066060-2260584895-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [44486048 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2097827235-3593066060-2260584895-1001\...\Policies\Explorer: [HideSCAMeetNow] 1
HKU\S-1-5-21-2097827235-3593066060-2260584895-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2097827235-3593066060-2260584895-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [154624 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\PDF-XChange Lite Port Monitor: C:\WINDOWS\system32\pxcpmL.dll [999568 2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
BootExecute: autocheck autochk *
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09F481EF-53FD-42BE-AECC-5089FAAF9F3B} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2920240 2018-08-13] (Acer Incorporated -> )
Task: {ACFDBF5E-CEB6-4723-B939-ACCC0ED9C6AF} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41264 2018-08-13] (Acer Incorporated -> )
Task: {544A6679-5990-4569-B4B6-CF40D7D14CE9} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4761392 2018-08-13] (Acer Incorporated -> )
Task: {984D08AB-828C-4776-BEA3-9ABB1336DD56} - System32\Tasks\AcerCMUpdateTask2.5.22250 => C:\Program Files (x86)\Acer\Amundsen\2.5.22250\awc.exe [96904 2022-09-25] (Acer Incorporated -> )
Task: {C2D558A6-7240-4DC3-8042-E42F38AA8987} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {E1D25BE6-59F7-416E-BEDF-1AD37EB420BB} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "0afb1842-463a-44aa-a71f-e0d867b0628f" --version "6.19.10858" --silent
Task: {949EA3A1-7B5B-4F28-BB03-104E5B5D1563} - System32\Tasks\CCleanerSkipUAC - Mark => C:\Program Files\CCleaner\CCleaner.exe [37458848 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {9B7F696E-8E05-405E-92B3-FC54CF4CF1EE} - System32\Tasks\Christmas Task (One-Time) => "C:\Program Files (x86)\IObit\Advanced SystemCare\xmas.exe" /xr (No File)
Task: {E01103B4-9A9E-4C14-A399-4A5D65EB2998} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5550856 2023-12-14] (Microsoft Windows -> Microsoft Corporation)
Task: {7B7B51DF-DE47-4EE8-8C87-BB9C0C295FAE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26409896 2023-04-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {0E1306AF-AB7E-4922-8349-0AA99764915C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26409896 2023-04-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {1F1A758A-701F-426B-8674-923C1E506EF6} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144272 2023-04-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {466D8170-B53A-48EE-9689-A7F21BB56848} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144272 2023-04-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {FE856119-9CF7-4306-9A38-92F88B5583EA} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168880 2023-04-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {CB684892-9366-4AB9-9EEC-2EAF8D5E2718} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
Task: {4EB41653-A6B0-4CB5-9452-396AFAA8EA9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {71D0F58A-CC7C-4F0A-8F39-17BF4CFC1BD7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0A055FC1-3EB8-4DB2-B5A7-5796C600EBFD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B15797B4-60D6-402A-B827-4C2D93532797} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F3E7C447-D1C0-43DF-8771-00423CA07029} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [31648 2023-12-22] (Mozilla Corporation -> Mozilla Foundation)
Task: {15EAB090-62E1-4222-AA56-945662718BC7} - System32\Tasks\Oem\AcerJumpstartTask => C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe [70792 2022-08-15] (Acer Incorporated -> )
Task: {8A7BB4CF-E2B2-4A0B-A86D-B8F6A26FC83D} - System32\Tasks\Oem\wlanBrokerTask => C:\Program Files (x86)\Acer\ExpressVPN\wlanBroker.exe [17688 2019-11-16] (Acer Incorporated -> )
Task: {2BC3CCD4-FC84-40E2-93DA-D2A648FDBC6A} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130736 2023-12-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {88083691-DBD9-4949-83C4-660E08B3C3A1} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2097827235-3593066060-2260584895-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130736 2023-12-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {E73E04BE-6C75-48AD-BC82-B6C5293F606C} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2097827235-3593066060-2260584895-1002 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130736 2023-12-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {0CF4A23A-7B1B-4EE8-B361-917E263C4AC1} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2097827235-3593066060-2260584895-1003 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File)
Task: {91F247FA-3E94-4B3B-8D90-57CD086D55B9} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-2097827235-3593066060-2260584895-1002 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [24064 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {E89ADB02-4A31-482F-97AE-3907EBC3E66D} - System32\Tasks\Power Button => C:\Program Files\Acer\Quick Access Service\ePowerButton_NB.exe [2771616 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {54F54641-7663-48C6-A096-B4AC4CBFA950} - System32\Tasks\Quick Access => C:\Program Files\Acer\Quick Access Service\QALauncher.exe [446624 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {74747C9B-0EEC-4CB9-AC4E-AF7798FBB004} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [461472 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {B638BC45-B114-48C5-A5E7-54E79842AE83} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49544 2018-09-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {F6A42D38-C0E2-4DC1-B88E-6CC475153967} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [69512 2018-09-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {8348F77D-BB75-40D5-8D03-368D41242430} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program Service\Framework\TriggerFramework.exe [268096 2018-09-13] (Acer Incorporated -> Acer Incorporated)
Task: {A6DE4EAF-AB2E-4B09-94C7-BB4269A50878} - System32\Tasks\UEIPInvitation => C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UEIPOOBECheck.exe [2211136 2018-09-13] (Acer Incorporated -> Acer Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 79.79.79.77 79.79.79.78
Tcpip\..\Interfaces\{d943e5d6-17a4-42f6-98ca-95b427265353}: [DhcpNameServer] 79.79.79.77 79.79.79.78
Tcpip\..\Interfaces\{d943e5d6-17a4-42f6-98ca-95b427265353}: [DhcpDomain] domain.name
Tcpip\..\Interfaces\{d943e5d6-17a4-42f6-98ca-95b427265353}\4505D2C496E6B6F563633483: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d943e5d6-17a4-42f6-98ca-95b427265353}\C4B4A4847464: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{d943e5d6-17a4-42f6-98ca-95b427265353}\C4B4A4847464: [DhcpDomain] Belkin
Tcpip\..\Interfaces\{d943e5d6-17a4-42f6-98ca-95b427265353}\D6164686F6573756027657563747: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{d943e5d6-17a4-42f6-98ca-95b427265353}\D6164686F6573756027657563747: [DhcpDomain] cable.virginm.net

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\markc\AppData\Local\Microsoft\Edge\User Data\Default [2023-12-26]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: ou0y3l42.default
FF ProfilePath: C:\Users\markc\AppData\Roaming\TomTom\HOME\Profiles\nbb18zhm.default [2021-04-21]
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF ProfilePath: C:\Users\markc\AppData\Roaming\Mozilla\Firefox\Profiles\ou0y3l42.default [2023-12-27]
FF user.js: detected! => C:\Users\markc\AppData\Roaming\Mozilla\Firefox\Profiles\ou0y3l42.default\user.js [2022-12-11]
FF DownloadDir: C:\Users\markc\Desktop
FF Homepage: Mozilla\Firefox\Profiles\ou0y3l42.default -> hxxps://www.google.co.uk/?gws_rd=ssl
FF Extension: (Activist – Balanced) - C:\Users\markc\AppData\Roaming\Mozilla\Firefox\Profiles\ou0y3l42.default\Extensions\activist-balanced-colorway@mozilla.org.xpi [2023-03-18]
FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\markc\AppData\Roaming\Mozilla\Firefox\Profiles\ou0y3l42.default\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2022-08-13]
FF Extension: (Language: English (US)) - C:\Users\markc\AppData\Roaming\Mozilla\Firefox\Profiles\ou0y3l42.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2023-12-22]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\markc\AppData\Roaming\Mozilla\Firefox\Profiles\ou0y3l42.default\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2023-12-19]
FF Extension: (Allow Right-Click) - C:\Users\markc\AppData\Roaming\Mozilla\Firefox\Profiles\ou0y3l42.default\Extensions\{278b0ae0-da9d-4cc6-be81-5aa7f3202672}.xpi [2022-09-05]
FF Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\markc\AppData\Roaming\Mozilla\Firefox\Profiles\ou0y3l42.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2021-04-04] [UpdateUrl:hxxps://tools.google.com/service/update2/ff?guid=%ITEM_ID%&version=%ITEM_VERSION%&application=%APP_ID%&appversion=%APP_VERSION%]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\markc\AppData\Roaming\Mozilla\Firefox\Profiles\ou0y3l42.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2023-06-22]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-12-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-12-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2097827235-3593066060-2260584895-1001: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2097827235-3593066060-2260584895-1001: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2097827235-3593066060-2260584895-1001: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [177392 2023-09-13] (RealDefense, LLC -> SUPERAntiSpyware.com)
S3 ACCSvc; C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe [301872 2018-08-13] (Acer Incorporated -> Acer Incorporated)
S3 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2017-04-24] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1082784 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12634544 2023-04-08] (Microsoft Corporation -> Microsoft Corporation)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncHelper.exe [3514384 2023-12-16] (Microsoft Corporation -> Microsoft Corporation)
S3 GUBootService; C:\Program Files (x86)\Common Files\Glarysoft\StartupManager\1.0\GUBootService.exe [888216 2023-11-20] (Glarysoft Ltd -> Glarysoft Ltd)
S4 GUMemfilesService; C:\Program Files (x86)\Glary Utilities\x64\MemfilesService.exe [427928 2023-12-11] (Glarysoft Ltd -> Glarysoft Ltd)
S3 GUPMService; C:\Program Files (x86)\Glary Utilities\GUPMService.exe [76696 2023-12-11] (Glarysoft Ltd -> Glarysoft Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9405400 2023-12-11] (Malwarebytes Inc. -> Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.246.1127.0002\OneDriveUpdaterService.exe [3851280 2023-12-16] (Microsoft Corporation -> Microsoft Corporation)
S3 QALSvc; C:\Program Files\Acer\Quick Access Service\QALSvc.exe [466080 2022-01-03] (Acer Incorporated -> Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Quick Access Service\QASvc.exe [504480 2022-01-03] (Acer Incorporated -> Acer Incorporated)
S3 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [16039344 2023-12-05] (ADLICE -> )
S3 TTHOMEService; C:\Program Files\TomTom HOME\TTHOMEService.exe [97792 2019-04-17] (TomTom) [File not signed]
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UBTService.exe [305984 2018-09-17] (Acer Incorporated -> Acer Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WildTangentHelper; C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe [1640240 2020-10-05] (WildTangent Inc -> )
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [30168 2020-05-12] (Acer Incorporated -> Acer Incorporated)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [282624 2023-05-21] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [147968 2022-04-17] (Microsoft Corporation) [File not signed]
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [23568 2023-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Glarysoft Ltd)
S3 iobit_monitor_server2021; no ImagePath
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-05-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2023-12-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [18160 2023-08-25] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [15600 2023-08-25] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24064 2021-03-16] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2023-12-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [594304 2023-12-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-10] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-12-27 21:41 - 2023-12-27 21:46 - 000049583 _____ C:\Users\markc\Desktop\Addition.txt
2023-12-27 21:33 - 2023-12-27 21:48 - 000024646 _____ C:\Users\markc\Desktop\FRST.txt
2023-12-27 21:32 - 2023-12-27 21:48 - 000000000 ____D C:\FRST
2023-12-27 21:26 - 2023-12-27 21:26 - 002387456 _____ (Farbar) C:\Users\markc\Desktop\FRST64.exe
2023-12-27 18:23 - 2023-12-27 19:29 - 000000000 ____D C:\MGtools
2023-12-27 17:59 - 2023-12-27 18:20 - 000000000 ____D C:\ProgramData\HitmanPro
2023-12-27 16:20 - 2023-12-27 17:53 - 000000000 ____D C:\ProgramData\RogueKiller
2023-12-27 16:20 - 2023-12-27 16:20 - 000000909 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2023-12-27 16:20 - 2023-12-27 16:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2023-12-27 16:20 - 2023-12-27 16:20 - 000000000 ____D C:\Program Files\RogueKiller
2023-12-27 15:27 - 2023-12-27 15:28 - 001993530 _____ C:\Users\markc\Desktop\MGtools.exe
2023-12-27 15:21 - 2023-12-27 15:24 - 014287912 _____ (Sophos B.V.) C:\Users\markc\Desktop\HitmanPro_x64.exe
2023-12-27 15:04 - 2023-12-27 15:05 - 000000000 ____D C:\AdwCleaner
2023-12-27 15:02 - 2023-12-27 19:34 - 000000000 ____D C:\Users\markc\Desktop\Malware Problem 27 12 2023
2023-12-27 15:00 - 2023-12-27 15:01 - 008791352 _____ (Malwarebytes) C:\Users\markc\Desktop\AdwCleaner.exe
2023-12-26 00:43 - 2023-12-26 00:45 - 000000000 ____D C:\Users\markc\Desktop\BIG_SORT
2023-12-24 11:16 - 2023-12-24 11:18 - 038072499 ____R C:\Users\markc\Downloads\Animal physiology.pdf
2023-12-23 23:38 - 2023-12-23 23:38 - 000155693 ____R C:\Users\markc\Downloads\55 Christmas Parish Newsletter.pdf
2023-12-23 23:30 - 2023-12-23 23:30 - 000911677 ____R C:\Users\markc\Downloads\Parish Profile for Fleetwood Oct 2023.pdf
2023-12-22 22:21 - 2023-12-27 21:19 - 000008192 ___SH C:\DumpStack.log.tmp
2023-12-22 00:44 - 2023-12-22 18:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2023-12-16 07:01 - 2023-12-16 07:01 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-12-16 07:01 - 2023-12-16 07:01 - 000002146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-12-14 20:24 - 2023-12-14 20:24 - 000000000 ___HD C:\$WinREAgent
2023-12-14 19:58 - 2023-12-14 19:58 - 000000000 ____D C:\WINDOWS\InboxApps
2023-12-14 19:42 - 2023-12-14 19:42 - 000016707 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2023-12-14 17:10 - 2023-12-14 18:15 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2023-12-14 17:10 - 2023-12-14 17:10 - 000003382 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2023-12-14 17:09 - 2023-12-14 17:09 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2023-12-12 17:10 - 2023-12-12 17:10 - 000000000 ____D C:\Users\markc\AppData\Roaming\SUPERAntiSpyware.com
2023-12-12 16:59 - 2023-12-12 17:00 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2023-12-12 16:59 - 2023-12-12 16:59 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2023-12-12 16:59 - 2023-12-12 16:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2023-12-12 16:09 - 2023-12-12 16:09 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2023-12-12 15:40 - 2023-12-12 15:40 - 001933072 _____ (O&O Software GmbH) C:\Users\markc\Desktop\OOSU10.exe
2023-12-11 21:32 - 2023-12-27 19:44 - 104071168 _____ C:\WINDOWS\system32\config\SOFTWARE
2023-12-11 21:32 - 2023-12-27 19:44 - 020185088 _____ C:\WINDOWS\system32\config\SYSTEM
2023-12-11 21:32 - 2023-12-11 21:32 - 001028096 _____ C:\WINDOWS\system32\config\DEFAULT.gu
2023-12-11 21:32 - 2023-12-11 21:32 - 000114688 _____ C:\WINDOWS\system32\config\SAM.gu
2023-12-11 21:32 - 2023-12-11 21:32 - 000036864 _____ C:\WINDOWS\system32\config\SECURITY.gu
2023-12-11 21:30 - 2023-12-11 01:48 - 000043928 _____ (Glarysoft Ltd) C:\WINDOWS\system32\RegBootDefrag.exe
2023-12-10 15:19 - 2023-12-10 15:19 - 000649925 ____R C:\Users\markc\Downloads\52 Advent Sunday Red Mass.pdf
2023-12-10 15:19 - 2023-12-10 15:19 - 000572097 ____R C:\Users\markc\Downloads\52 The Society Advent Sunday.pdf
2023-12-10 13:55 - 2023-12-10 13:55 - 000567687 _____ C:\Users\markc\Documents\Hills_Road_Sixth_Form_College_Organisational_Chart_2020-21.pdf
2023-12-02 23:52 - 2023-12-02 23:52 - 000250959 ____R C:\Users\markc\Downloads\Christ the King 2023.pdf
2023-12-02 23:13 - 2023-12-02 23:13 - 000156437 ____R C:\Users\markc\Downloads\52 Parish Newsletter Advent Sunday.pdf
2023-12-02 22:55 - 2023-12-02 22:55 - 001051478 ____R C:\Users\markc\Downloads\PewSheet3rdDecemberAdventOne-FINAL.pdf
2023-12-01 20:23 - 2023-12-11 21:32 - 103546880 _____ C:\WINDOWS\system32\config\SOFTWARE.gu.bak
2023-12-01 20:23 - 2023-12-11 21:32 - 020185088 _____ C:\WINDOWS\system32\config\SYSTEM.gu.bak
2023-12-01 18:58 - 2023-12-01 18:58 - 000393837 ____R C:\Users\markc\Downloads\SSwHTKT Head letter 2023.pdf
2023-12-01 18:57 - 2023-12-01 18:57 - 004096468 ____R C:\Users\markc\Downloads\SSwHTKT Profile 2023.pdf
2023-12-01 18:01 - 2023-12-01 18:01 - 000203524 _____ C:\Users\markc\Desktop\bookmarks.html
2023-12-01 04:58 - 2023-12-01 04:58 - 003624887 ____R C:\Users\markc\Downloads\26th-November-2023.pdf
2023-11-30 04:21 - 2023-11-30 04:21 - 002159800 ____R C:\Users\markc\Downloads\how-to-read-a-paper-the-basics-of-evidence-based-medicine-and-healthcare-sixth-edition-trisha-greenhalgh-klo-dr-notes.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-12-27 21:48 - 2022-02-09 11:57 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-12-27 21:21 - 2019-12-07 09:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-12-27 21:19 - 2021-03-16 22:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-12-27 19:44 - 2020-06-13 11:27 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2023-12-27 19:44 - 2019-12-07 09:03 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2023-12-27 19:34 - 2022-09-08 10:21 - 000000000 ____D C:\Users\markc\Documents\Outlook Files
2023-12-27 19:28 - 2020-06-13 12:10 - 000000000 ____D C:\Users\markc\AppData\Local\VirtualStore
2023-12-27 18:00 - 2020-06-16 16:52 - 000000000 ____D C:\Users\markc\AppData\Roaming\Microsoft\Excel
2023-12-27 15:33 - 2023-05-10 17:44 - 000000000 ____D C:\Users\markc\AppData\Local\Malwarebytes
2023-12-27 15:05 - 2020-06-13 11:41 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2023-12-27 14:57 - 2020-06-15 00:37 - 000000000 ____D C:\Users\markc\AppData\Roaming\Microsoft\Word
2023-12-27 14:53 - 2023-11-11 22:25 - 000000000 ____D C:\Program Files (x86)\Glary Utilities
2023-12-27 04:24 - 2020-08-29 12:56 - 000000000 ____D C:\Users\markc\AppData\Local\CrashDumps
2023-12-27 03:51 - 2021-03-16 21:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-12-26 20:16 - 2023-07-02 18:06 - 000000000 ____D C:\Users\markc\Documents\Desktop_Sunday_2nd_July_2023
2023-12-26 20:16 - 2023-05-20 19:20 - 000000000 ____D C:\Users\markc\Documents\Saturday_20th_May_2023
2023-12-26 20:16 - 2023-05-10 18:18 - 000000000 ____D C:\Users\markc\Documents\Temp_from_Desktop_Weds_10_May_23
2023-12-26 01:30 - 2020-06-13 14:44 - 000000000 ____D C:\Program Files\CCleaner
2023-12-22 22:39 - 2021-03-16 21:49 - 000000000 ____D C:\Users\markc
2023-12-22 22:35 - 2021-12-06 17:49 - 000000000 ____D C:\WINDOWS\Minidump
2023-12-22 22:29 - 2019-12-07 09:13 - 000000000 ____D C:\WINDOWS\INF
2023-12-22 18:26 - 2018-12-14 16:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-12-22 00:45 - 2018-12-14 16:28 - 000001244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-12-22 00:22 - 2020-06-13 14:32 - 000000000 ____D C:\ProgramData\TEMP
2023-12-22 00:22 - 2020-06-13 14:32 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2023-12-22 00:09 - 2022-05-24 09:36 - 000000000 ____D C:\Users\markc\Documents\Catholicism
2023-12-22 00:08 - 2022-07-16 17:31 - 000000000 ____D C:\Users\markc\Documents\Anglicanism
2023-12-20 21:51 - 2020-06-13 12:10 - 000000000 ____D C:\Users\markc\AppData\Local\Packages
2023-12-16 16:58 - 2022-12-12 18:58 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-12-16 07:01 - 2021-12-17 21:24 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2097827235-3593066060-2260584895-1002
2023-12-16 07:01 - 2021-12-13 12:56 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2097827235-3593066060-2260584895-1001
2023-12-15 23:01 - 2020-06-15 00:37 - 000000000 ____D C:\Users\markc\AppData\Roaming\Microsoft\Office
2023-12-15 22:34 - 2020-12-18 11:41 - 000000000 ____D C:\Users\markc\Documents\Friday_18thDecember_2020
2023-12-15 16:13 - 2023-05-19 01:39 - 000000000 ____D C:\Users\markc\Documents\Science
2023-12-14 22:22 - 2021-03-16 21:41 - 000439888 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-12-14 22:17 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-12-14 22:16 - 2019-12-07 09:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-12-14 22:09 - 2021-03-16 21:45 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-12-14 20:54 - 2020-06-19 09:16 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-12-14 20:41 - 2020-06-19 09:15 - 182871392 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-12-14 20:22 - 2021-03-16 22:03 - 002380604 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-12-14 20:22 - 2021-03-16 20:16 - 000775316 _____ C:\WINDOWS\system32\perfh019.dat
2023-12-14 20:22 - 2021-03-16 20:16 - 000155646 _____ C:\WINDOWS\system32\perfc019.dat
2023-12-14 20:22 - 2021-03-16 20:07 - 000557124 _____ C:\WINDOWS\system32\perfh008.dat
2023-12-14 20:22 - 2021-03-16 20:07 - 000092892 _____ C:\WINDOWS\system32\perfc008.dat
2023-12-14 20:08 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-12-14 19:58 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\en-GB
2023-12-14 19:58 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-12-14 19:58 - 2019-12-07 09:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-12-14 19:58 - 2019-12-07 09:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-12-14 19:58 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-12-14 19:58 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2023-12-14 19:58 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2023-12-14 19:58 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2023-12-14 19:58 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2023-12-14 19:58 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-12-14 19:58 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-12-14 19:58 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-12-14 19:58 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-12-14 19:58 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-12-14 19:58 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-12-14 19:58 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2023-12-14 19:58 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2023-12-14 19:58 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2023-12-14 19:58 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-12-14 19:58 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-12-14 19:58 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-12-14 19:58 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-12-14 19:58 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\Provisioning
2023-12-14 19:58 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-12-14 19:58 - 2019-12-07 09:03 - 000000000 ____D C:\WINDOWS\servicing
2023-12-14 16:24 - 2020-06-13 12:10 - 000000000 ____D C:\Users\markc\AppData\Local\D3DSCache
2023-12-12 17:53 - 2022-02-14 14:15 - 000000000 ____D C:\Program Files\Wise Program Uninstaller
2023-12-11 21:32 - 2021-08-06 14:26 - 000000000 ____D C:\Users\Jessica
2023-12-11 18:54 - 2023-11-11 22:25 - 000001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities.lnk
2023-12-10 14:00 - 2018-12-14 15:17 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

I cannot past Addition.txt into a reply because MajorGeeks says it exceeds the word limit for a post. Therefore, I attach it as a .txt file.

 

I have not removed any program called App Explorer. Neither that nor anything with a similar name appears in the list of programs in Revo Uninstaller. I used Revo Uninstaller’s search function, and it found no such program.

Because I do not know if the next step with FRST64 requires the above action to have been completed I have yet not taken this step.

Can you please advise what I should do.

Thank you!

 

Thank you very much for your help.

In the next post (no. 13) I paste, as requested, the contents of Fixlog.txt generated by FRST64 following the fix.

I shall await further advice.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-12-2023
Ran by Mark (29-12-2023 12:21:47) Run:1
Running from C:\Users\markc\Desktop
Loaded Profiles: Mark & Jessica
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
Powershell: Get-MpThreatDetection
cmd: type "C:\Users\markc\AppData\Roaming\Mozilla\Firefox\Profiles\ou0y3l42.default\user.js"
C:\Program Files (x86)\IObit
Task: {9B7F696E-8E05-405E-92B3-FC54CF4CF1EE} - System32\Tasks\Christmas Task (One-Time) => "C:\Program Files (x86)\IObit\Advanced SystemCare\xmas.exe" /xr (No File)
Task: {0CF4A23A-7B1B-4EE8-B361-917E263C4AC1} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2097827235-3593066060-2260584895-1003 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File)
ContextMenuHandlers3: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\markc\AppData\Roaming\Mozilla\Firefox\Profiles\ou0y3l42.default\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2022-08-13]
S3 iobit_monitor_server2021; no ImagePath
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [136]
SearchScopes: HKU\S-1-5-21-2097827235-3593066060-2260584895-1001 -> DefaultScope {BC22F604-93EC-4764-A876-961E9A138133} URL =
SearchScopes: HKU\S-1-5-21-2097827235-3593066060-2260584895-1001 -> {B35C66BF-153B-4325-A106-939EF95B0675} URL =
SearchScopes: HKU\S-1-5-21-2097827235-3593066060-2260584895-1001 -> {BC22F604-93EC-4764-A876-961E9A138133} URL =
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules "C:\Users\markc\Desktop\Firewall.reg"
cmd: del /s /q "C:\Users\markc\Desktop\Firewall.reg"
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
cmd: del C:\Windows\prefetch\*.* /s /q
Emptytemp:
End::
*****************

SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.

========= Get-MpThreatDetection =========



ActionSuccess : True
AdditionalActionsBitMask : 0
AMProductVersion : 4.18.23110.3
CleaningActionID : 2
CurrentThreatExecutionStatusID : 1
DetectionID : {D75E8E48-A3DC-42C1-B12E-FA07E609B7A3}
DetectionSourceTypeID : 3
DomainUser : LAPTOP-UB40L2H8\Mark
InitialDetectionTime : 27/12/2023 04:24:02
LastThreatStatusChangeTime : 27/12/2023 04:28:33
ProcessName : C:\Program Files (x86)\Glary Utilities\Integrator.exe
RemediationTime : 27/12/2023 04:28:33
Resources : {file:_C:\Users\Jessica\AppData\Local\Mozilla\Firefox\Profiles\2kjfjrzc.default-releas
e\cache2\entries\30DA536D4A5D56FF0D85DAA6CA4D6E70F41C5F38, file:_C:\Users\Jessica\AppD
ata\Local\Mozilla\Firefox\Profiles\2kjfjrzc.default-release\cache2\entries\359278D304B
886558D985EC4298294F687C3626B, file:_C:\Users\Jessica\AppData\Local\Mozilla\Firefox\Pr
ofiles\2kjfjrzc.default-release\cache2\entries\49F27BE05E570284BFD40DB783E3280D3EA07BE
F}
ThreatID : 2147888341
ThreatStatusErrorCode : 0
ThreatStatusID : 3
PSComputerName :

ActionSuccess : True
AdditionalActionsBitMask : 0
AMProductVersion : 4.18.23110.3
CleaningActionID : 3
CurrentThreatExecutionStatusID : 1
DetectionID : {848665C3-79D5-4F96-B104-11D86446A6DB}
DetectionSourceTypeID : 3
DomainUser : LAPTOP-UB40L2H8\Mark
InitialDetectionTime : 17/10/2022 20:41:19
LastThreatStatusChangeTime : 18/10/2022 15:19:38
ProcessName : C:\Windows\explorer.exe
RemediationTime : 18/10/2022 15:19:38
Resources : {file:_D:\Everything_On_External_Hard_Drive\Send to other
acer\Old_Acer_Downloads\driverfusionsetup.exe}
ThreatID : 311936
ThreatStatusErrorCode : 0
ThreatStatusID : 4
PSComputerName :

ActionSuccess : True
AdditionalActionsBitMask : 0
AMProductVersion : 4.18.23110.3
CleaningActionID : 3
CurrentThreatExecutionStatusID : 1
DetectionID : {00E1339E-B587-4EE5-82FD-60B804EB8A3D}
DetectionSourceTypeID : 3
DomainUser : LAPTOP-UB40L2H8\Mark
InitialDetectionTime : 09/11/2021 11:16:53
LastThreatStatusChangeTime : 09/11/2021 11:19:02
ProcessName : C:\Windows\explorer.exe
RemediationTime : 09/11/2021 11:19:02
Resources : {file:_C:\Program Files (x86)\Glary Utilities 5\Integrator.exe,
file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk,
file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5\Glary
Utilities 5.lnk, file:_C:\WINDOWS\System32\Tasks\GU5SkipUAC->(UTF-16LE)...}
ThreatID : 240849
ThreatStatusErrorCode : 0
ThreatStatusID : 4
PSComputerName :

ActionSuccess : True
AdditionalActionsBitMask : 0
AMProductVersion : 4.18.23110.3
CleaningActionID : 2
CurrentThreatExecutionStatusID : 1
DetectionID : {0FC52C9E-9316-4FAF-AD72-82E0E784C357}
DetectionSourceTypeID : 3
DomainUser : LAPTOP-UB40L2H8\Mark
InitialDetectionTime : 27/12/2023 04:24:40
LastThreatStatusChangeTime : 27/12/2023 04:31:16
ProcessName : C:\Program Files (x86)\Glary Utilities\Integrator.exe
RemediationTime : 27/12/2023 04:31:16
Resources : {file:_C:\Users\Jessica\AppData\Local\Mozilla\Firefox\Profiles\2kjfjrzc.default-releas
e\cache2\entries\A369523890BC9FD6E5D94BD5AB9969FA19D4685B}
ThreatID : 2147888341
ThreatStatusErrorCode : 0
ThreatStatusID : 3
PSComputerName :




========= End of Powershell: =========


========= type "C:\Users\markc\AppData\Roaming\Mozilla\Firefox\Profiles\ou0y3l42.default\user.js" =========

´╗┐user_pref("network.http.pipelining.maxrequests", 8);
user_pref("network.http.request.max-start-delay", 0);
user_pref("network.http.max-connections", 48);
user_pref("network.http.max-connections-per-server", 16);
user_pref("network.http.max-persistent-connections-per-proxy", 16);
user_pref("network.http.max-persistent-connections-per-server", 8);
user_pref("browser.turbo.enabled", true);
user_pref("browser.display.show_image_placeholders", true);
user_pref("browser.chrome.favicons", false);
user_pref("browser.urlbar.autocomplete.enabled", true);
user_pref("browser.cache.memory.capacity", 65536);
user_pref("content.notify.ontimer", true);
user_pref("content.interrupt.parsing", true);
user_pref("content.max.tokenizing.time", 2250000);
user_pref("content.switch.threshold", 750000);
user_pref("plugin.expose_full_path", true);
user_pref("ui.submenuDelay", 0);


========= End of CMD: =========

"C:\Program Files (x86)\IObit" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9B7F696E-8E05-405E-92B3-FC54CF4CF1EE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B7F696E-8E05-405E-92B3-FC54CF4CF1EE}" => removed successfully
C:\WINDOWS\System32\Tasks\Christmas Task (One-Time) => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Christmas Task (One-Time)" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CF4A23A-7B1B-4EE8-B361-917E263C4AC1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CF4A23A-7B1B-4EE8-B361-917E263C4AC1}" => removed successfully
C:\WINDOWS\System32\Tasks\OneDrive Reporting Task-S-1-5-21-2097827235-3593066060-2260584895-1003 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Reporting Task-S-1-5-21-2097827235-3593066060-2260584895-1003" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\Advanced SystemCare => removed successfully
C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com => path removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Edge => removed successfully
C:\Users\markc\AppData\Roaming\Mozilla\Firefox\Profiles\ou0y3l42.default\Extensions\ascsurfingprotectionnew@iobit.com.xpi => moved successfully
HKLM\System\CurrentControlSet\Services\iobit_monitor_server2021 => removed successfully
iobit_monitor_server2021 => service removed successfully
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully
"HKU\S-1-5-21-2097827235-3593066060-2260584895-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-2097827235-3593066060-2260584895-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B35C66BF-153B-4325-A106-939EF95B0675} => removed successfully
HKU\S-1-5-21-2097827235-3593066060-2260584895-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BC22F604-93EC-4764-A876-961E9A138133} => removed successfully

========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.



========= End of CMD: =========


========= netsh int ip reset resetlog.txt =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.



========= End of CMD: =========


========= reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules "C:\Users\markc\Desktop\Firewall.reg" =========

The operation completed successfully.



========= End of Reg: =========


========= del /s /q "C:\Users\markc\Desktop\Firewall.reg" =========

Deleted file - C:\Users\markc\Desktop\Firewall.reg


========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.



========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.



========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

{C55CB84D-7520-4A84-8C46-CAEFEBC63678} canceled.
1 out of 1 jobs canceled.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2097827235-3593066060-2260584895-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2097827235-3593066060-2260584895-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2097827235-3593066060-2260584895-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2097827235-3593066060-2260584895-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= sfc /scannow =========



Beginning system scan. This process will take some time.



Beginning verification phase of system scan.


Verification 0% complete.
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.


Windows Resource Protection found corrupt files and successfully repaired them.

For online repairs, details are included in the CBS log file located at

windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline

repairs, details are included in the log file provided by the /OFFLOGFILE flag.



========= End of CMD: =========


========= DISM /Online /Cleanup-Image /CheckHealth =========


Deployment Image Servicing and Management tool
Version: 10.0.19041.3636

Image Version: 10.0.19045.3803

No component store corruption detected.
The operation completed successfully.


========= End of CMD: =========


========= del C:\Windows\prefetch\*.* /s /q =========

Deleted file - C:\Windows\prefetch\ADWCLEANER.EXE-4213E000.pf
Deleted file - C:\Windows\prefetch\AgAppLaunch.db
Deleted file - C:\Windows\prefetch\AgCx_SC1.db
Deleted file - C:\Windows\prefetch\AgCx_SC1.db.trx
Deleted file - C:\Windows\prefetch\AgCx_SC2.db
Deleted file - C:\Windows\prefetch\AgCx_SC4.db
Deleted file - C:\Windows\prefetch\AgGlFaultHistory.db
Deleted file - C:\Windows\prefetch\AgGlFgAppHistory.db
Deleted file - C:\Windows\prefetch\AgGlGlobalHistory.db
Deleted file - C:\Windows\prefetch\AgGlUAD_P_S-1-5-21-2097827235-3593066060-2260584895-1001.db
Deleted file - C:\Windows\prefetch\AgGlUAD_S-1-5-21-2097827235-3593066060-2260584895-1001.db
Deleted file - C:\Windows\prefetch\AgRobust.db
Deleted file - C:\Windows\prefetch\AI.EXE-517C04F0.pf
Deleted file - C:\Windows\prefetch\ANALYSE.EXE-E6A7F51A.pf
Deleted file - C:\Windows\prefetch\APPLICATIONFRAMEHOST.EXE-8CE9A1EE.pf
Deleted file - C:\Windows\prefetch\ATIECLXX.EXE-5C3667DB.pf
Deleted file - C:\Windows\prefetch\ATTRIB.EXE-58A07CAF.pf
Deleted file - C:\Windows\prefetch\AUDIODG.EXE-AB22E9A6.pf
Deleted file - C:\Windows\prefetch\AWK.EXE-4AA74C28.pf
Deleted file - C:\Windows\prefetch\BACKGROUNDTASKHOST.EXE-F8B2DD01.pf
Deleted file - C:\Windows\prefetch\BCDEDIT.EXE-FE221428.pf
Deleted file - C:\Windows\prefetch\BELARCADVISOR.EXE-9E2B3C21.pf
Deleted file - C:\Windows\prefetch\BITSADMIN.EXE-61856B04.pf
Deleted file - C:\Windows\prefetch\CACLS.EXE-62F0D75F.pf
Deleted file - C:\Windows\prefetch\cadrespri.7db
Deleted file - C:\Windows\prefetch\CCLEANER64.EXE-4469D777.pf
Deleted file - C:\Windows\prefetch\CCLEANERBUGREPORT.EXE-88D78BA7.pf
Deleted file - C:\Windows\prefetch\CHCP.COM-2CF9B15C.pf
Deleted file - C:\Windows\prefetch\CMD.EXE-0BD30981.pf
Deleted file - C:\Windows\prefetch\CMD.EXE-6D6290C5.pf
Deleted file - C:\Windows\prefetch\COMPATTELRUNNER.EXE-B7A68ECC.pf
Deleted file - C:\Windows\prefetch\CONHOST.EXE-0C6456FB.pf
Deleted file - C:\Windows\prefetch\CONSENT.EXE-40419367.pf
Deleted file - C:\Windows\prefetch\CSRSS.EXE-F3C368CB.pf
Deleted file - C:\Windows\prefetch\CTFMON.EXE-795F8130.pf
Deleted file - C:\Windows\prefetch\CUT.EXE-2FC516C5.pf
Deleted file - C:\Windows\prefetch\DEFRAG.EXE-3D9E8D72.pf
Deleted file - C:\Windows\prefetch\DISKPART.EXE-0FB85FD3.pf
Deleted file - C:\Windows\prefetch\DISM.EXE-AA0F2086.pf
Deleted file - C:\Windows\prefetch\DISMHOST.EXE-606876B1.pf
Deleted file - C:\Windows\prefetch\DLLHOST.EXE-1BAE06BB.pf
Deleted file - C:\Windows\prefetch\DLLHOST.EXE-24C14B9F.pf
Deleted file - C:\Windows\prefetch\DLLHOST.EXE-47BE07DC.pf
Deleted file - C:\Windows\prefetch\DLLHOST.EXE-555A3DCB.pf
Deleted file - C:\Windows\prefetch\DLLHOST.EXE-6F625E57.pf
Deleted file - C:\Windows\prefetch\DLLHOST.EXE-7617EDA2.pf
Deleted file - C:\Windows\prefetch\DLLHOST.EXE-7D5CE0CA.pf
Deleted file - C:\Windows\prefetch\DLLHOST.EXE-810B6BBE.pf
Deleted file - C:\Windows\prefetch\DLLHOST.EXE-C7F45418.pf
Deleted file - C:\Windows\prefetch\DLLHOST.EXE-D200FEC3.pf
Deleted file - C:\Windows\prefetch\DLLHOST.EXE-D52C49C5.pf
Deleted file - C:\Windows\prefetch\DWM.EXE-314E93C5.pf
Deleted file - C:\Windows\prefetch\dynrespri.7db
Deleted file - C:\Windows\prefetch\EXCEL.EXE-FE860005.pf
Deleted file - C:\Windows\prefetch\EXPLORER.EXE-D5E97654.pf
Deleted file - C:\Windows\prefetch\FILECOAUTH.EXE-1FA676D5.pf
Deleted file - C:\Windows\prefetch\FIND.EXE-66A35B26.pf
Deleted file - C:\Windows\prefetch\FIREFOX.EXE-359C61A4.pf
Deleted file - C:\Windows\prefetch\FONTDRVHOST.EXE-8152304A.pf
Deleted file - C:\Windows\prefetch\FRST64.EXE-3C84D6B7.pf
Deleted file - C:\Windows\prefetch\GAMEBAR.EXE-496CFF42.pf
Deleted file - C:\Windows\prefetch\GAMEBARFTSERVER.EXE-27270417.pf
Deleted file - C:\Windows\prefetch\GREP.EXE-3EFE020F.pf
Deleted file - C:\Windows\prefetch\HITMANPRO_X64.EXE-D5F68EE9.pf
Deleted file - C:\Windows\prefetch\INTEGRATOR.EXE-940ADEF0.pf
Deleted file - C:\Windows\prefetch\IPCONFIG.EXE-10A15CF4.pf
Deleted file - C:\Windows\prefetch\IPCONFIG.EXE-BFEC2AD0.pf
Deleted file - C:\Windows\prefetch\Layout.ini
Deleted file - C:\Windows\prefetch\LOCKAPP.EXE-398C800B.pf
Deleted file - C:\Windows\prefetch\LOGONUI.EXE-F639BD7E.pf
Deleted file - C:\Windows\prefetch\MBAM.EXE-728D2E12.pf
Deleted file - C:\Windows\prefetch\MBAMTRAY.EXE-08C66B4A.pf
Deleted file - C:\Windows\prefetch\MEMFILESSERVICE.EXE-7E3BAF52.pf
Deleted file - C:\Windows\prefetch\MGTOOLS.EXE-0939A23B.pf
Deleted file - C:\Windows\prefetch\MGTPROC.EXE-A9BCEA0D.pf
Deleted file - C:\Windows\prefetch\MICROSOFT.PHOTOS.EXE-34EA06BE.pf
Deleted file - C:\Windows\prefetch\MOUSOCOREWORKER.EXE-4429AC2B.pf
Deleted file - C:\Windows\prefetch\MPCMDRUN.EXE-C2D21215.pf
Deleted file - C:\Windows\prefetch\MSCORSVW.EXE-16B291C4.pf
Deleted file - C:\Windows\prefetch\MSEDGE.EXE-37D25F9A.pf
Deleted file - C:\Windows\prefetch\MSEDGE.EXE-37D25FA1.pf
Deleted file - C:\Windows\prefetch\MSINFO32.EXE-B0A1C86C.pf
Deleted file - C:\Windows\prefetch\MSPAINT.EXE-6406C4A1.pf
Deleted file - C:\Windows\prefetch\NET.EXE-0225D674.pf
Deleted file - C:\Windows\prefetch\NET1.EXE-091D8149.pf
Deleted file - C:\Windows\prefetch\NETSH.EXE-A596235F.pf
Deleted file - C:\Windows\prefetch\NETSTAT.EXE-8544F4D0.pf
Deleted file - C:\Windows\prefetch\NGEN.EXE-4A8DA13E.pf
Deleted file - C:\Windows\prefetch\NGEN.EXE-734C6620.pf
Deleted file - C:\Windows\prefetch\NGENTASK.EXE-0E6CEC17.pf
Deleted file - C:\Windows\prefetch\NGENTASK.EXE-849BFD75.pf
Deleted file - C:\Windows\prefetch\NISSRV.EXE-ADB38E00.pf
Deleted file - C:\Windows\prefetch\NOTEPAD.EXE-032BB3D8.pf
Deleted file - C:\Windows\prefetch\NOTEPAD.EXE-C5670914.pf
Deleted file - C:\Windows\prefetch\NSLOOKUP.EXE-BC790038.pf
Deleted file - C:\Windows\prefetch\OFFICECLICKTORUN.EXE-F5CCE208.pf
Deleted file - C:\Windows\prefetch\OFFICECLICKTORUN.EXE-FE49BC91.pf
Deleted file - C:\Windows\prefetch\Op-SEARCHAPP.EXE-DD93808B-00000002.pf
Deleted file - C:\Windows\prefetch\PAINTSTUDIO.VIEW.EXE-84F4A01B.pf
Deleted file - C:\Windows\prefetch\PDFXEDIT.EXE-0FA9650F.pf
Deleted file - C:\Windows\prefetch\PEVFIND.EXE-0A4DA985.pf
C:\Windows\prefetch\PfPre_ac69ea6a.mkd
Deleted file - C:\Windows\prefetch\PfSvPerfStats.bin
Deleted file - C:\Windows\prefetch\PING.EXE-0314C2F7.pf
Deleted file - C:\Windows\prefetch\PINGSENDER.EXE-4F355500.pf
Deleted file - C:\Windows\prefetch\POWERSHELL.EXE-CA1AE517.pf
Deleted file - C:\Windows\prefetch\PROCESSDLL.EXE-4B60D728.pf
Deleted file - C:\Windows\prefetch\QAADMINAGENT.EXE-AD6DAFF8.pf
Deleted file - C:\Windows\prefetch\QAAGENT.EXE-36D4972B.pf
Deleted file - C:\Windows\prefetch\QASVC.EXE-52AD8E44.pf
Deleted file - C:\Windows\prefetch\RADEONSETTINGS.EXE-524645D3.pf
Deleted file - C:\Windows\prefetch\RAVCPL64.EXE-4BB80510.pf
Deleted file - C:\Windows\prefetch\REG.EXE-0AC99A87.pf
Deleted file - C:\Windows\prefetch\REG.EXE-A93A1343.pf
Deleted file - C:\Windows\prefetch\REGEDIT.EXE-0D49B425.pf
Deleted file - C:\Windows\prefetch\REGEDIT.EXE-DAB4D60B.pf
Deleted file - C:\Windows\prefetch\REGISTRYCLEANER.EXE-540611F4.pf
Deleted file - C:\Windows\prefetch\ResPriHMStaticDb.ebd
Deleted file - C:\Windows\prefetch\REVOUNIN.EXE-60193390.pf
Deleted file - C:\Windows\prefetch\ROUTE.EXE-EDFB071C.pf
Deleted file - C:\Windows\prefetch\RUNDLL32.EXE-75313621.pf
Deleted file - C:\Windows\prefetch\RUNTIMEBROKER.EXE-0737DB2C.pf
Deleted file - C:\Windows\prefetch\RUNTIMEBROKER.EXE-4551A062.pf
Deleted file - C:\Windows\prefetch\RUNTIMEBROKER.EXE-5A3B22F7.pf
Deleted file - C:\Windows\prefetch\RUNTIMEBROKER.EXE-65EE9BA2.pf
Deleted file - C:\Windows\prefetch\RUNTIMEBROKER.EXE-68C55521.pf
Deleted file - C:\Windows\prefetch\RUNTIMEBROKER.EXE-6B016F92.pf
Deleted file - C:\Windows\prefetch\RUNTIMEBROKER.EXE-929314A6.pf
Deleted file - C:\Windows\prefetch\RUNTIMEBROKER.EXE-D0305CF6.pf
Deleted file - C:\Windows\prefetch\SC.EXE-F4E1A8F7.pf
Deleted file - C:\Windows\prefetch\SCHTASKS.EXE-8B6144A9.pf
Deleted file - C:\Windows\prefetch\SDXHELPER.EXE-832215EB.pf
Deleted file - C:\Windows\prefetch\SEARCHAPP.EXE-D91D826A.pf
Deleted file - C:\Windows\prefetch\SEARCHFILTERHOST.EXE-44162447.pf
Deleted file - C:\Windows\prefetch\SEARCHINDEXER.EXE-1CF42BC6.pf
Deleted file - C:\Windows\prefetch\SEARCHPROTOCOLHOST.EXE-69C456C3.pf
Deleted file - C:\Windows\prefetch\SECHEALTHUI.EXE-0F2B02C6.pf
Deleted file - C:\Windows\prefetch\SECURITYHEALTHHOST.EXE-06344EE9.pf
Deleted file - C:\Windows\prefetch\SECURITYHEALTHSERVICE.EXE-91B5FB98.pf
Deleted file - C:\Windows\prefetch\SECURITYHEALTHSYSTRAY.EXE-E527A4AE.pf
Deleted file - C:\Windows\prefetch\SED.EXE-B33B4DF5.pf
Deleted file - C:\Windows\prefetch\SETUP.TMP-2BF2E50E.pf
Deleted file - C:\Windows\prefetch\SFC.EXE-425529A1.pf
Deleted file - C:\Windows\prefetch\SGRMBROKER.EXE-32481FEB.pf
Deleted file - C:\Windows\prefetch\SHELLEXPERIENCEHOST.EXE-655318BF.pf
Deleted file - C:\Windows\prefetch\SIHOST.EXE-115B507F.pf
Deleted file - C:\Windows\prefetch\SMARTSCREEN.EXE-EACC1250.pf
Deleted file - C:\Windows\prefetch\SMSS.EXE-B5B810DB.pf
Deleted file - C:\Windows\prefetch\SOFTWAREUPDATE.EXE-8D3D0D63.pf
Deleted file - C:\Windows\prefetch\SORT.EXE-1E24D331.pf
Deleted file - C:\Windows\prefetch\SPLWOW64.EXE-57576C25.pf
Deleted file - C:\Windows\prefetch\SPPSVC.EXE-96070FE0.pf
Deleted file - C:\Windows\prefetch\SPYWAREBLASTER.EXE-619084CE.pf
Deleted file - C:\Windows\prefetch\SRTASKS.EXE-3C9D2EEC.pf
Deleted file - C:\Windows\prefetch\STARTMENUEXPERIENCEHOST.EXE-DC9B8E9D.pf
Deleted file - C:\Windows\prefetch\SUPERANTISPYWARE.EXE-22436558.pf
Deleted file - C:\Windows\prefetch\SUPERANTISPYWARE.EXE-35E59EB7.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-117C4441.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-19B557B1.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-1B73F444.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-3D497EFC.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-3D60499C.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-44C0CDF7.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-4B98D760.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-4BD0A607.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-4CC24C49.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-4D0E9C8C.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-4FBD1216.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-59780EBF.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-59D511F9.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-6493017E.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-6867B1E5.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-6A4A44E7.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-73A7D02B.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-73D024B2.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-764FA25C.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-7AAD9645.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-852EC587.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-8A4EB855.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-8CE690C0.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-952637C2.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-9A28EB78.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-9D041ABC.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-A79A44A2.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-A9721AD5.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-B6F285B2.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-BE3D0421.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-C25BD44A.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-C2DA4F6F.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-C35F28CB.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-C38EF8DD.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-C4B64CAF.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-C625B657.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-D8C907E1.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-DDF1360E.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-EBBF67E6.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-F1E39519.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-F5E1DCD3.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-F952D9A9.pf
Deleted file - C:\Windows\prefetch\SVCHOST.EXE-FC46CD61.pf
Deleted file - C:\Windows\prefetch\SWREG.EXE-8DB3A789.pf
Deleted file - C:\Windows\prefetch\SWWHOAMI.EXE-373835F4.pf
Deleted file - C:\Windows\prefetch\SYSINFO.EXE-A005D664.pf
Deleted file - C:\Windows\prefetch\SYSTEMSETTINGS.EXE-BE0858C5.pf
Deleted file - C:\Windows\prefetch\TASKHOSTW.EXE-2E5D4B75.pf
Deleted file - C:\Windows\prefetch\TASKLIST.EXE-4641012C.pf
Deleted file - C:\Windows\prefetch\TEXTINPUTHOST.EXE-054E44A9.pf
Deleted file - C:\Windows\prefetch\TIWORKER.EXE-541F28C3.pf
Deleted file - C:\Windows\prefetch\TRUSTEDINSTALLER.EXE-766EFF52.pf
Deleted file - C:\Windows\prefetch\UNSECAPP.EXE-72B9DDB3.pf
Deleted file - C:\Windows\prefetch\UPDATER.EXE-759DBAD6.pf
Deleted file - C:\Windows\prefetch\UPGRADE.EXE-044F39C5.pf
Deleted file - C:\Windows\prefetch\UPGRADETOOL.EXE-FC2B3FA3.pf
Deleted file - C:\Windows\prefetch\USERINIT.EXE-5114915C.pf
Deleted file - C:\Windows\prefetch\USOCLIENT.EXE-4ADC110B.pf
Deleted file - C:\Windows\prefetch\VDS.EXE-2FCA9D16.pf
Deleted file - C:\Windows\prefetch\VDSLDR.EXE-50179B50.pf
Deleted file - C:\Windows\prefetch\VFIND.EXE-A1064BB4.pf
Deleted file - C:\Windows\prefetch\VSSVC.EXE-6C8F0C66.pf
Deleted file - C:\Windows\prefetch\WEVTUTIL.EXE-1E154F39.pf
Deleted file - C:\Windows\prefetch\WINDOWSPACKAGEMANAGERSERVER.E-679AB3DF.pf
Deleted file - C:\Windows\prefetch\WINLOGON.EXE-DEDDC9B6.pf
Deleted file - C:\Windows\prefetch\WINWORD.EXE-AB6EC2FA.pf
Deleted file - C:\Windows\prefetch\WLRMDR.EXE-A7C36FDD.pf
Deleted file - C:\Windows\prefetch\WMIADAP.EXE-BB21CD77.pf
Deleted file - C:\Windows\prefetch\WMIC.EXE-311B5CB4.pf
Deleted file - C:\Windows\prefetch\WMIPRVSE.EXE-E8B8DD29.pf
Deleted file - C:\Windows\prefetch\WUSA.EXE-BC40B6DD.pf
Deleted file - C:\Windows\prefetch\ZIP.EXE-B806BB98.pf
Deleted file - C:\Windows\prefetch\ReadyBoot\rblayout.xin
Deleted file - C:\Windows\prefetch\ReadyBoot\Trace1.fx
Deleted file - C:\Windows\prefetch\ReadyBoot\Trace10.fx
Deleted file - C:\Windows\prefetch\ReadyBoot\Trace2.fx
Deleted file - C:\Windows\prefetch\ReadyBoot\Trace8.fx
Deleted file - C:\Windows\prefetch\ReadyBoot\Trace9.fx


========= End of CMD: =========


=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15820426 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 7104 B
Windows/system/drivers => 3613100 B
Edge => 0 B
Firefox => 32307448 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 355 B
LocalService => 355 B
NetworkService => 1525 B
markc => 40345102 B
Jessica => 91093184 B
Sophie => 140828008 B

RecycleBin => 47837272 B
EmptyTemp: => 354.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:03:05 ====

 

Thank you for your ongoing help. I appreciate it.

I attach the requested information in the next post (no. 16).

 

Unortunately, MajorGeeks says the post is too long. Therefore, I attach the Notepad log file (Fixlog.txt).

 

I have nothing to report, yet. I started the scan yesterday around 8 pm. When it had not finished by 1 am I couldn't stay awake any longer. So I ended the scan. I hadn't realised it took so long. It's also very annoying. It may say, for example, estimated time remaining 36 min. You give it a bit long, say, 45 min. You come back to it and it still hasn't finished and now giving an even longer estimated time.

When I cancelled the scan it said it had found an "unwanted program". I was too tired to notice which and proceeded to shut down the computer. Have I ruined whatever useful information was to be gleaned? I hope not.

I am not running the scan again until you tell me yes, it's OK, just do it again. As it takes so long I may not do it until Sunday. I'm out most of today. If when I get in and there is enough time and I've had your response I may do it. If not I will start it on Sunday morning.

Do I need to watch it or just leave it? If it finishes and I'm not watching will the results sit there until I check them? May seem a silly question but if you don't know you don't know.

 

I saw this too late to run such a long scan this evening (Saturday).

I’m home all Sunday (New Year’s Eve) so will start it Sunday morning. Then I’ll report.

I’m conscious it’s New Year so not anticipating your usual same day reply.

 

I cannot send you an ESET report. It does not generate one. It asked for my email and said they would be emailed to me. No email but what a surprise I am now subscribed to them exactly as I thought I would end up being when they requested my email. I am fed up of organisations lying to me.

Seven hours it took to scan my PC and we are no nearer finding out my problem or resolving it because we've got no report. It found seven things. Nothing in the list sounded like I wanted to keep it so I let it get rid of them. Plus I suspect some were false positives as I do remember one was MGTools.

Please note my frustration is aimed at IT in general and ESET in particular, not you.

There's no rush to answer. I'm turning this machine off and going to enjoy New Year's Eve.

 

Thank you for your apology but it is quite unnecessary. I really do appreciate your knowledge and especially the free donation of your time. It is most certainly not your fault but the system.

I want to say a resounding no but yesterday evening just as ESET was finishing Defender popped up with a dialogue to say it had found something. I made the rash assumption it would be what ESET had found and in my annoyance just closed the dialogue box and continued to try and work through your instructions to complete the ESET process.

As far as I am able to assess, yes, it is. However, since I reported this problem I haven't used it other than to carry out the tasks you requested I do. I have another PC so wasn't without computer and thought it safer to stay off the one on which we're working. However, from today I could do with both but I don't know what would be safe to do on the computer in question.

 

The next post is pasted, as requested, from the Fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 01.01.2024
Ran by Mark (01-01-2024 21:01:17) Run:3
Running from C:\Users\markc\Desktop
Loaded Profiles: Mark
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
Powershell: Get-MpThreatDetection
End::
*****************


========= Get-MpThreatDetection =========



ActionSuccess : True
AdditionalActionsBitMask : 0
AMProductVersion : 4.18.23110.3
CleaningActionID : 9
CurrentThreatExecutionStatusID : 0
DetectionID : {01D3D02D-CF19-44E2-AD15-6E875F97F0B7}
DetectionSourceTypeID : 1
DomainUser : LAPTOP-UB40L2H8\Mark
InitialDetectionTime : 30/12/2023 00:59:55
LastThreatStatusChangeTime : 30/12/2023 00:59:55
ProcessName : Unknown
RemediationTime :
Resources : {containerfile:_C:\Users\markc\Documents\Everything_On_External_Hard_Drive\Send to
other acer\Old_Acer_Downloads\driverfusionsetup.exe,
file:_C:\Users\markc\Documents\Everything_On_External_Hard_Drive\Send to other
acer\Old_Acer_Downloads\driverfusionsetup.exe->(nsis-6-?š€\OCSetupHlp.dll)}
ThreatID : 311936
ThreatStatusErrorCode : 0
ThreatStatusID : 106
PSComputerName :

ActionSuccess : True
AdditionalActionsBitMask : 0
AMProductVersion : 4.18.23110.3
CleaningActionID : 2
CurrentThreatExecutionStatusID : 1
DetectionID : {D75E8E48-A3DC-42C1-B12E-FA07E609B7A3}
DetectionSourceTypeID : 3
DomainUser : LAPTOP-UB40L2H8\Mark
InitialDetectionTime : 27/12/2023 04:24:02
LastThreatStatusChangeTime : 27/12/2023 04:28:33
ProcessName : C:\Program Files (x86)\Glary Utilities\Integrator.exe
RemediationTime : 27/12/2023 04:28:33
Resources : {file:_C:\Users\Jessica\AppData\Local\Mozilla\Firefox\Profiles\2kjfjrzc.default-releas
e\cache2\entries\30DA536D4A5D56FF0D85DAA6CA4D6E70F41C5F38, file:_C:\Users\Jessica\AppD
ata\Local\Mozilla\Firefox\Profiles\2kjfjrzc.default-release\cache2\entries\359278D304B
886558D985EC4298294F687C3626B, file:_C:\Users\Jessica\AppData\Local\Mozilla\Firefox\Pr
ofiles\2kjfjrzc.default-release\cache2\entries\49F27BE05E570284BFD40DB783E3280D3EA07BE
F}
ThreatID : 2147888341
ThreatStatusErrorCode : 0
ThreatStatusID : 3
PSComputerName :

ActionSuccess : True
AdditionalActionsBitMask : 0
AMProductVersion : 4.18.23110.3
CleaningActionID : 9
CurrentThreatExecutionStatusID : 1
DetectionID : {4C96AD0B-D72D-4233-B077-2F995DB67E5A}
DetectionSourceTypeID : 2
DomainUser : NT AUTHORITY\SYSTEM
InitialDetectionTime : 31/12/2023 09:22:33
LastThreatStatusChangeTime : 31/12/2023 12:56:39
ProcessName : C:\Users\markc\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
RemediationTime :
Resources : {containerfile:_C:\Users\markc\Documents\Everything_On_External_Hard_Drive\Send to
other acer\Old_Acer_Downloads\driverfusionsetup.exe,
file:_C:\Users\markc\Documents\Everything_On_External_Hard_Drive\Send to other
acer\Old_Acer_Downloads\driverfusionsetup.exe,
file:_C:\Users\markc\Documents\Everything_On_External_Hard_Drive\Send to other
acer\Old_Acer_Downloads\driverfusionsetup.exe->(nsis-6-?š€\OCSetupHlp.dll)}
ThreatID : 311936
ThreatStatusErrorCode : 0
ThreatStatusID : 106
PSComputerName :

ActionSuccess : True
AdditionalActionsBitMask : 0
AMProductVersion : 4.18.23110.3
CleaningActionID : 3
CurrentThreatExecutionStatusID : 1
DetectionID : {848665C3-79D5-4F96-B104-11D86446A6DB}
DetectionSourceTypeID : 3
DomainUser : LAPTOP-UB40L2H8\Mark
InitialDetectionTime : 17/10/2022 20:41:19
LastThreatStatusChangeTime : 18/10/2022 15:19:38
ProcessName : C:\Windows\explorer.exe
RemediationTime : 18/10/2022 15:19:38
Resources : {file:_D:\Everything_On_External_Hard_Drive\Send to other
acer\Old_Acer_Downloads\driverfusionsetup.exe}
ThreatID : 311936
ThreatStatusErrorCode : 0
ThreatStatusID : 4
PSComputerName :

ActionSuccess : True
AdditionalActionsBitMask : 0
AMProductVersion : 4.18.23110.3
CleaningActionID : 3
CurrentThreatExecutionStatusID : 1
DetectionID : {00E1339E-B587-4EE5-82FD-60B804EB8A3D}
DetectionSourceTypeID : 3
DomainUser : LAPTOP-UB40L2H8\Mark
InitialDetectionTime : 09/11/2021 11:16:53
LastThreatStatusChangeTime : 09/11/2021 11:19:02
ProcessName : C:\Windows\explorer.exe
RemediationTime : 09/11/2021 11:19:02
Resources : {file:_C:\Program Files (x86)\Glary Utilities 5\Integrator.exe,
file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk,
file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5\Glary
Utilities 5.lnk, file:_C:\WINDOWS\System32\Tasks\GU5SkipUAC->(UTF-16LE)...}
ThreatID : 240849
ThreatStatusErrorCode : 0
ThreatStatusID : 4
PSComputerName :

ActionSuccess : True
AdditionalActionsBitMask : 0
AMProductVersion : 4.18.23110.3
CleaningActionID : 2
CurrentThreatExecutionStatusID : 1
DetectionID : {0FC52C9E-9316-4FAF-AD72-82E0E784C357}
DetectionSourceTypeID : 3
DomainUser : LAPTOP-UB40L2H8\Mark
InitialDetectionTime : 27/12/2023 04:24:40
LastThreatStatusChangeTime : 27/12/2023 04:31:16
ProcessName : C:\Program Files (x86)\Glary Utilities\Integrator.exe
RemediationTime : 27/12/2023 04:31:16
Resources : {file:_C:\Users\Jessica\AppData\Local\Mozilla\Firefox\Profiles\2kjfjrzc.default-releas
e\cache2\entries\A369523890BC9FD6E5D94BD5AB9969FA19D4685B}
ThreatID : 2147888341
ThreatStatusErrorCode : 0
ThreatStatusID : 3
PSComputerName :




========= End of Powershell: =========

 

If the time is from my PC at the time Defender hollered, then no. That’s quite a number of hours earlier. It was nearer to 7.00 pm. I remember I was about to launch the computer through the window if the scan hadn’t finished before I was ready for going out.

 

Yes, it is.

Earlier this year (oh, it's last year now) on this PC, a laptop, the keyboard just stopped working. I copied as many folders and files as I could think of off the laptop beccause I thought I'd have to discard it and replace it. Then all of a sudden the keyboard worked again. What I don't recognise is driverfusionsetup.exe. I've no idea what that is. What I moved onto the external hard drive were work files (Word/Excel/PowerPoint), my photos, videos and music. I didn't transfer any applcations so don't know why anything ending .exe is there.

 

I did as requested. I have pasted the log in the next post. Even I understood the results. It said "not found". In File Explorer, the external hard drive is showing up as both drives D and E. So I ran the fix again changing the D in your code to E. Same result so I've only posted the first one.

If the external hard drive is the source of the problem I'm now concerned because it's also been connected to my relatively new desktop. What I propose to do with the desktop is run full scans using Microsoft Defender, Malwarebytes (MBAM) and SuperANTI SPYWARE (SAS). If they all report no problem should I quit worrying?

I think I should mention for the avoidance of doubt I only have defender providing "live" protection. I just has MBAM and SAS for scanning. For example, if I have downloaded a PDF file I scan it with all three prior to opening it.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 01.01.2024
Ran by Mark (02-01-2024 13:51:42) Run:4
Running from C:\Users\markc\Desktop
Loaded Profiles: Mark
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
D:\Everything_On_External_Hard_Drive\Send to other acer\Old_Acer_Downloads\driverfusionsetup.exe
End::
*****************

"D:\Everything_On_External_Hard_Drive\Send to other acer\Old_Acer_Downloads\driverfusionsetup.exe" => not found

 

Good evening.

That is good to hear; however, I'd like to ask you a question. I clicked on Start to view a list of things on my PC as I don't recall having third party software to update drivers. I think I had one but unistalled a while ago. Anyway, back to my question, listed as new is something called BlackJack+ (I attach an image). Have you heard of this or know what it is? I haven't downloaded it.

Does it tell us what it is? I could try locating it and uninstalling it.

My next post will provide the requested.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 01.01.2024
Ran by Mark (02-01-2024 16:48:11) Run:6
Running from C:\Users\markc\Desktop
Loaded Profiles: Mark
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
Zip: C:\Users\markc\AppData\Local\ESET\ESETOnlineScanner\Quarantine
End::
*****************

================== Zip: ===================
C:\Users\markc\AppData\Local\ESET\ESETOnlineScanner\Quarantine -> copied successfully to C:\Users\markc\Desktop\02.01.2024_16.48.11.zip
=========== Zip: End ===========

==== End of Fixlog 16:49:00 ====

 

I pasted the info from Fixlog.txt in the previous post as requested. It said the .zip file was too large to attach. I'm going to attempt to attach it to this post. If it won't let me I don't know what to do. If it isn't attached it wouldn't let me.

I right-clicked the ZIP file and then on Properties which says it's 227 MB. Does that exceed MG's limits?

It won't be attached, sorry. MajorGeeks still insists the file is too large.

 

Doing as requested in post no. 39 and uploading to Gofile. The estimated time is 55 min. I don't understand why a ZIP file would take so long.

When that's complete I will do what you request I do in post no. 40.

I'm fed up with IT. We ordered food tonight online. The order was completely wrong. You can't speak to a human to resolve the issue. Grrrr.

Tomorrow I'm going to go out and purchase a quill, some ink and a roll of parchment.

 

The link for you to be able to access the 02.01.2024_16.48.11.zip file is at: https://gofile.io/d/DFiqZQ

I will paste the results from FRST64 in the next post.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 01.01.2024
Ran by Mark (02-01-2024 20:46:00) Run:7
Running from C:\Users\markc\Desktop
Loaded Profiles: Mark
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
cmd: wmic product get name
cmd: >tasklist /apps /fo list
FindFolder: BlackJack*
End::
*****************


========= wmic product get name =========

Name

Office 16 Click-to-Run Extensibility Component

Office 16 Click-to-Run Licensing Component

Microsoft Update Health Tools

User Experience Improvement Program Service

Qualcomm Atheros Bluetooth Installer (64)

Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24123

ExpressVPN

Care Center

Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026

AMD Settings - Branding

Adobe Refresh Manager

Qualcomm Atheros Setup

Windows PC Health Check

Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24123



calibre 64bit

Update for Windows 10 for x64-based Systems (KB5001716)

Acer Jumpstart

Quick Access Service

Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026

Acer Configuration Manager

AMD Radeon Settings

Forge of Empires

PDF-XChange Editor

AMD Settings





========= End of CMD: =========


========= >tasklist /apps /fo list =========


========= End of CMD: =========

================== FindFolder: "BlackJack*" ===================

No File

=== End of FindFolder ===

==== End of Fixlog 20:53:19 ====

 

Erm, strange. I think I used to have DriverFusion. I'm sure I never had Comodo.

My next post contains the contents of thr Search.txt

 

I cannot paste it because when I did and clicked Post Reply I am again told the post is too long. Perhaps MajorGeeks needs to change this, at least for this Malware Forum. How can specialist's instructions be followed if MajorGeeks prevents it. I'm going to attach the Search.txt (if it will allow me).

 

Wild Tangent games came pre-installed on the computer. I have never played any of them.

 

WildTanget Games uninstalled using Revo Uninstaller.