Recovering From Ransomware

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Ebmocwen, Jan 9, 2025.

  1. Ebmocwen

    Ebmocwen Private E-2

    Hi, I have an HP laptop with Windows 10 and a couple years ago it got hit with ransomware and all my files disappeared. It wasn't so bad because it happened not long after a back up, and I was still using the computer off and on but I found it was really slow and the hard drive always seemed to be spinning. Then one day I opened the laptop and all the files were back. I did a back up again, and I installed and ran BitDefender (which did identify some malware and I let it remove what it found) but I thought I should come here and make sure I clean out the system thoroughly.
    I worked my way through the READ ME FIRST thread (got a little confused here and there :p) so I will attach the logs here. I did notice some of the tools selected a couple programs I use as malware although they are legit, such as Lightwave 3D and it's associated files, but I didn't delete anything, as instructed.
    Hope someone wouldn't mind looking over the logs and give some advice on what step to take next. Thanks :)
     

    Attached Files:

    Ebmocwen, Jan 9, 2025
    #1
  2. Oh My!

    Oh My! Malware Expert Staff Member

    Greetings and welcome to the Major Geeks Malware Forum.

    Please do this

    ===================================================

    Farbar Recovery Scan Tool (FRST)

    --------------------
    • Download FRST64 and save the file on your Desktop
    • If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
    • Right click on the icon and select Run as administrator
    • Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
    • Click Yes to the disclaimer
    • Click Scan and allow the program to run
    • When completed, FRST.txt and Addition.txt reports will be saved on the Desktop
    • Please attach the reports to your reply
    ===================================================

    Things I would like to see in your next reply.
    • Attached reports
     
    Oh My!, Jan 9, 2025
    #2
  3. Ebmocwen

    Ebmocwen Private E-2

    Ok, scan is complete and files are attached! Thank you for the help, it is much appreciated.
     

    Attached Files:

    Ebmocwen, Jan 11, 2025
    #3
  4. Oh My!

    Oh My! Malware Expert Staff Member

    My pleasure to help.

    I don't see any active malware but there are some things we should address.

    Let's start with this.

    ===================================================

    Uninstalling Programs Using Revo Uninstaller Free Portable

    --------------------

    • Download Revo Uninstaller Free Portable and save it to your Desktop
    • Right click on the folder and select Extract All..., then click Extract
    • Double click on the RevoUninstaller-Portable folder
    • Right click on RevoUPort and select Run as administrator
    • Click OK on the License Agreement
    • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
    Code:
    Adobe Shockwave Player 12.1
    • If the program's uninstaller appears work through the steps to remove the program(s)
    • Be sure the Advanced option is selected then click Scan
    • For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion
    • Once done click Finish
    • Reboot your computer
    ===================================================

    Deleting Chrome Notifications

    --------------------
    • Launch Chrome
    • Type chrome://settings/syncSetup in the address bar and hit Enter
    • Report whether the page says Turn on sync... or Turn off
    • Type chrome://settings/content/notifications and hit Enter
    • Scroll down to Allowed to send notifications
    • For any entry you are not familiar with or do not want click on the 3 horizontal dots to the right and select Remove
    ===================================================

    Farbar Recovery Scan Tool Fix

    --------------------
    • Right click on the FRST64 icon and select Run as administrator
    • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
    • There is no need to paste the information anywhere, FRST64 will do it for you
    Code:
    Start::
CreateRestorePoint:
CloseProcesses:
C:\Program Files\McAfee
Task: {C6F3DCC6-3CB7-4357-9CEC-F98D75E4D875} - System32\Tasks\McAfee\WPS\amwebapitriggertask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {215E1A22-7894-4B93-B978-D573CB01C018} - System32\Tasks\McAfee\WPS\AntiTrackerTask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {AE55C8F9-6A78-4532-8DD9-6045F3EEC645} - System32\Tasks\McAfee\WPS\datupdatetask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {38355A7E-73A4-4020-BB5B-063218EDF9E4} - System32\Tasks\McAfee\WPS\mcpcoscanner => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {8414FBED-F05E-44D1-944D-1E811C7E269D} - System32\Tasks\McAfee\WPS\NGMCadence => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {EB1444DE-686B-4A32-B417-65C6DDA37DE1} - System32\Tasks\McAfee\WPS\odsscheduledtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {585B9442-2A40-45F4-ADC2-2ABBAC37ABBF} - System32\Tasks\McAfee\WPS\systemrebootedtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {05C2E658-CF05-4FA0-9D2E-1DEDAA3AA533} - System32\Tasks\McAfee\WPS\tracker_remover => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
FW: McAfee (Enabled) {2FDD6819-222E-5E9F-F5E7-E13A2241D502}
S2 DigiRefresh; C:\Program Files\Avid\Pro Tools First\MMERefresh.exe -s [X] 
S3 digiSPTIService64; "C:\Program Files\Avid\Pro Tools First\digisptiservice64.exe" [X] 
S3 MpKsle4231fa0; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C9DF7023-CF0D-4A0D-9012-0AF7B2421B93}\MpKslDrv.sys [X] 
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\85.0.25.0\GoogleDriveFS.exe --startup_mode (No File) 
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\85.0.25.0\GoogleDriveFS.exe --startup_mode (No File) 
HKU\S-1-5-21-1975915644-1811057847-2465535352-1004\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\85.0.25.0\GoogleDriveFS.exe --startup_mode (No File) 
HKU\S-1-5-21-1975915644-1811057847-2465535352-1005\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\85.0.25.0\GoogleDriveFS.exe --startup_mode (No File) 
Task: {34511420-FD42-4F7E-9CC8-DB82D4E2C329} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION 
Task: {ED9F7FFD-68B1-4806-B147-3270EB47E8AE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe  /DeviceScanR6 (No File) 
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} =>  -> No File 
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} =>  -> No File 
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} =>  -> No File 
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File 
FirewallRules: [{FF4ACDE5-5565-430A-B68B-28440B08EAD5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{DFA5CB27-CC34-4A5E-98D1-5B96678C63CF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{BD948F06-081A-4AFE-9D18-9874BD2A4BFF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{4D732DB8-216E-4945-8683-D205C013194D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [UDP Query User{77C7C0D1-032C-4D71-AF54-174202CA070C}C:\program files\windowsapps\xbmcfoundation.kodi_19.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_19.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File 
FirewallRules: [TCP Query User{54DACD85-FF17-422F-88CB-4A288207F5EE}C:\program files\windowsapps\xbmcfoundation.kodi_19.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_19.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File 
FirewallRules: [{5E1BF7BE-A63F-44BF-87CF-1B89915BDE30}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{FDB821D7-C5DE-42A5-8DD5-4E11A76B3FB9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{398E5895-5F61-4BE6-A6BC-69AD0760B16D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{25C4AAF8-4E27-49AF-A91B-EA7357254A9B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [UDP Query User{D9C22BB6-D454-494F-8ED5-4BC898D29291}C:\program files (x86)\jamulus\jamulus.exe] => (Allow) C:\program files (x86)\jamulus\jamulus.exe => No File 
FirewallRules: [TCP Query User{1CC59D99-5DBB-4F0F-B8B4-51E60D159754}C:\program files (x86)\jamulus\jamulus.exe] => (Allow) C:\program files (x86)\jamulus\jamulus.exe => No File 
FirewallRules: [{0A9290C7-7EE6-4F63-8155-A27210725E56}] => (Allow) C:\Program Files\Avid\Avid Link\AvidAppManHelper.exe => No File 
FirewallRules: [{22FE96C7-A1F0-468A-B3FD-7CF4566BCC49}] => (Allow) C:\Program Files\Avid\Avid Link\Avid Link.exe => No File 
FirewallRules: [{705FF403-0CE3-434B-A0E2-85F880CB3682}] => (Allow) C:\Program Files\Avid\Avid Link\jre\bin\java.exe => No File 
FirewallRules: [UDP Query User{3910A6DB-530B-4C96-B331-EB5590EEBDF1}C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe => No File 
FirewallRules: [TCP Query User{5391481F-B50C-4F04-BF72-C7AC3424F18E}C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe => No File 
FirewallRules: [{0D78D04A-32F2-4736-BDAE-B8E5387A48E7}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE => No File 
FirewallRules: [{A8E96D84-141A-4E36-95A3-CC888A159504}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File 
FirewallRules: [{A4944596-6370-454E-8492-6FCD6CC3A283}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File 
FirewallRules: [{61AD9F13-A882-46CF-9F86-9641423C0972}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe => No File 
FirewallRules: [{7B564DE5-B736-4D8A-92B9-5037CC223A44}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe => No File 
FirewallRules: [{64FEBE67-558B-4BF6-BD73-233F1A1BCFDE}] => (Allow) C:\Users\ebmoc\AppData\Local\Temp\7zS6424\setup\hpznui40.exe => No File 
FirewallRules: [{93FCDEB6-CE0E-40FF-8A41-311CBB07CDD1}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File 
FirewallRules: [{529868D8-C568-467B-8458-8B6CD2E1A945}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\OxygenPanelDaemon.exe => No File 
FirewallRules: [{C89A7F7C-B8A9-4670-A77F-4F2D32844442}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe => No File 
FirewallRules: [{E5266013-6654-482F-9870-6411BD9224CE}] => (Allow) C:\Users\ebmoc\AppData\Roaming\uTorrent\uTorrent.exe => No File 
FirewallRules: [{93E32E13-8954-4BB9-AF77-700F128E5FA6}] => (Allow) C:\Users\ebmoc\AppData\Roaming\uTorrent\uTorrent.exe => No File 
FirewallRules: [{4ED83E31-FE90-4B45-BEF0-0E74D99FEE8B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{0693EC22-EBC4-4C79-AA9F-19F2BA9D53AA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{FE0FACDA-E51D-4594-8217-3867D1D30A9F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{BCC44B6C-83FC-4869-BE51-D8D853F94F97}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{7507FF59-CCCC-4FE2-B3DB-D103DDEEA54C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{FCF05594-B093-492C-87C2-89B4AC8A65C6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{6167816C-1F4B-405A-8F4D-189360578E65}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{A570956B-C892-47D5-B1D6-0D4BB2F05928}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{CA3C90AE-3EFD-41B2-96E5-F9FB159E51A5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{B775AD89-2D85-4B63-BD46-C78231E028E4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{31B85548-CDC4-4B5C-BAB4-23E38FC3A349}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
FirewallRules: [{202FB359-2B95-4905-BFD1-EAD66C42AB5C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File 
U3 aspnet_state; no ImagePath 
U1 bdvedisk; no ImagePath 
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found 
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION 
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) 
AlternateDataStreams: C:\ProgramData\PACE:F1FD6BF18E6C48B1 [217] 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0] 
AlternateDataStreams: C:\Users\ebmoc\Desktop\FRST64.exe:MBAM.Zone.Identifier [225] 
AlternateDataStreams: C:\Users\ebmoc\Desktop\HitmanPro_x64.exe:BDU [0] 
AlternateDataStreams: C:\Users\ebmoc\Desktop\setup.exe:BDU [0] 
AlternateDataStreams: C:\Users\ebmoc\Downloads\AdwCleaner.exe:BDU [0] 
AlternateDataStreams: C:\Users\ebmoc\Downloads\expressvpn_windows_12.64.0.8_release.exe:BDU [0] 
AlternateDataStreams: C:\Users\ebmoc\Downloads\mb.exe:BDU [0] 
2025-01-08 07:15 - 2020-12-27 06:29 - 000008192 ___SH C:\DumpStack.log.tmp 
Path: containerfile:_C:\Users\ebmoc\Downloads\9576a2d0-926b-498f-b5b6-bd15a26fd76f.tmp; file:_C:\Users\ebmoc\Downloads\9576a2d0-926b-498f-b5b6-bd15a26fd76f.tmp->(SCRIPT0025); file:_C:\Users\ebmoc\Downloads\9576a2d0-926b-498f-b5b6-bd15a26fd76f.tmp->(SCRIPT0026) 
Path: containerfile:_C:\Users\ebmoc\Downloads\9576a2d0-926b-498f-b5b6-bd15a26fd76f.tmp; file:_C:\Users\ebmoc\Downloads\9576a2d0-926b-498f-b5b6-bd15a26fd76f.tmp->(SCRIPT0037) 
CHR HKLM-x32\...\Chrome\Extension: [mfhcmdonhekjhfbjmeacdjbhlfgpjabp] 
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
Emptytemp: 
End::
    • Click Fix
    • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
    • Note: The Emptytemp: command will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Shockwave removed?
    • Chrome Sync Status?
    • Chrome Notifications reviewed?
    • Fixlog
     
    Oh My!, Jan 11, 2025
    #4
  5. Ebmocwen

    Ebmocwen Private E-2

    Shockwave removed: check!
    Chrome Sync Status: I have this set to "on", so the option available was to turn it off.
    Chrome Notifications: I saw one that I didn't recognize and deleted
    Fixlog pasted below:
    Fix result of Farbar Recovery Scan Tool (x64) Version: 14-01-2025
    Ran by ebmoc (16-01-2025 07:59:58) Run:1
    Running from C:\Users\ebmoc\Desktop
    Loaded Profiles: ebmoc & CDFAccount
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    Start::
    CreateRestorePoint:
    CloseProcesses:
    C:\Program Files\McAfee
    Task: {C6F3DCC6-3CB7-4357-9CEC-F98D75E4D875} - System32\Tasks\McAfee\WPS\amwebapitriggertask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
    Task: {215E1A22-7894-4B93-B978-D573CB01C018} - System32\Tasks\McAfee\WPS\AntiTrackerTask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
    Task: {AE55C8F9-6A78-4532-8DD9-6045F3EEC645} - System32\Tasks\McAfee\WPS\datupdatetask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
    Task: {38355A7E-73A4-4020-BB5B-063218EDF9E4} - System32\Tasks\McAfee\WPS\mcpcoscanner => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
    Task: {8414FBED-F05E-44D1-944D-1E811C7E269D} - System32\Tasks\McAfee\WPS\NGMCadence => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
    Task: {EB1444DE-686B-4A32-B417-65C6DDA37DE1} - System32\Tasks\McAfee\WPS\odsscheduledtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
    Task: {585B9442-2A40-45F4-ADC2-2ABBAC37ABBF} - System32\Tasks\McAfee\WPS\systemrebootedtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
    Task: {05C2E658-CF05-4FA0-9D2E-1DEDAA3AA533} - System32\Tasks\McAfee\WPS\tracker_remover => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
    FW: McAfee (Enabled) {2FDD6819-222E-5E9F-F5E7-E13A2241D502}
    S2 DigiRefresh; C:\Program Files\Avid\Pro Tools First\MMERefresh.exe -s [X]
    S3 digiSPTIService64; "C:\Program Files\Avid\Pro Tools First\digisptiservice64.exe" [X]
    S3 MpKsle4231fa0; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C9DF7023-CF0D-4A0D-9012-0AF7B2421B93}\MpKslDrv.sys [X]
    HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\85.0.25.0\GoogleDriveFS.exe --startup_mode (No File)
    HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\85.0.25.0\GoogleDriveFS.exe --startup_mode (No File)
    HKU\S-1-5-21-1975915644-1811057847-2465535352-1004\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\85.0.25.0\GoogleDriveFS.exe --startup_mode (No File)
    HKU\S-1-5-21-1975915644-1811057847-2465535352-1005\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\85.0.25.0\GoogleDriveFS.exe --startup_mode (No File)
    Task: {34511420-FD42-4F7E-9CC8-DB82D4E2C329} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {ED9F7FFD-68B1-4806-B147-3270EB47E8AE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe /DeviceScanR6 (No File)
    ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File
    ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File
    ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    FirewallRules: [{FF4ACDE5-5565-430A-B68B-28440B08EAD5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
    FirewallRules: [{DFA5CB27-CC34-4A5E-98D1-5B96678C63CF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
    FirewallRules: [{BD948F06-081A-4AFE-9D18-9874BD2A4BFF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
    FirewallRules: [{4D732DB8-216E-4945-8683-D205C013194D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
    FirewallRules: [UDP Query User{77C7C0D1-032C-4D71-AF54-174202CA070C}C:\program files\windowsapps\xbmcfoundation.kodi_19.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_19.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
    FirewallRules: [TCP Query User{54DACD85-FF17-422F-88CB-4A288207F5EE}C:\program files\windowsapps\xbmcfoundation.kodi_19.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_19.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe => No File
    FirewallRules: [{5E1BF7BE-A63F-44BF-87CF-1B89915BDE30}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
    FirewallRules: [{FDB821D7-C5DE-42A5-8DD5-4E11A76B3FB9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
    FirewallRules: [{398E5895-5F61-4BE6-A6BC-69AD0760B16D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
    FirewallRules: [{25C4AAF8-4E27-49AF-A91B-EA7357254A9B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
    FirewallRules: [UDP Query User{D9C22BB6-D454-494F-8ED5-4BC898D29291}C:\program files (x86)\jamulus\jamulus.exe] => (Allow) C:\program files (x86)\jamulus\jamulus.exe => No File
    FirewallRules: [TCP Query User{1CC59D99-5DBB-4F0F-B8B4-51E60D159754}C:\program files (x86)\jamulus\jamulus.exe] => (Allow) C:\program files (x86)\jamulus\jamulus.exe => No File
    FirewallRules: [{0A9290C7-7EE6-4F63-8155-A27210725E56}] => (Allow) C:\Program Files\Avid\Avid Link\AvidAppManHelper.exe => No File
    FirewallRules: [{22FE96C7-A1F0-468A-B3FD-7CF4566BCC49}] => (Allow) C:\Program Files\Avid\Avid Link\Avid Link.exe => No File
    FirewallRules: [{705FF403-0CE3-434B-A0E2-85F880CB3682}] => (Allow) C:\Program Files\Avid\Avid Link\jre\bin\java.exe => No File
    FirewallRules: [UDP Query User{3910A6DB-530B-4C96-B331-EB5590EEBDF1}C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe => No File
    FirewallRules: [TCP Query User{5391481F-B50C-4F04-BF72-C7AC3424F18E}C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe => No File
    FirewallRules: [{0D78D04A-32F2-4736-BDAE-B8E5387A48E7}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE => No File
    FirewallRules: [{A8E96D84-141A-4E36-95A3-CC888A159504}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File
    FirewallRules: [{A4944596-6370-454E-8492-6FCD6CC3A283}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
    FirewallRules: [{61AD9F13-A882-46CF-9F86-9641423C0972}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe => No File
    FirewallRules: [{7B564DE5-B736-4D8A-92B9-5037CC223A44}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe => No File
    FirewallRules: [{64FEBE67-558B-4BF6-BD73-233F1A1BCFDE}] => (Allow) C:\Users\ebmoc\AppData\Local\Temp\7zS6424\setup\hpznui40.exe => No File
    FirewallRules: [{93FCDEB6-CE0E-40FF-8A41-311CBB07CDD1}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File
    FirewallRules: [{529868D8-C568-467B-8458-8B6CD2E1A945}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\OxygenPanelDaemon.exe => No File
    FirewallRules: [{C89A7F7C-B8A9-4670-A77F-4F2D32844442}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe => No File
    FirewallRules: [{E5266013-6654-482F-9870-6411BD9224CE}] => (Allow) C:\Users\ebmoc\AppData\Roaming\uTorrent\uTorrent.exe => No File
    FirewallRules: [{93E32E13-8954-4BB9-AF77-700F128E5FA6}] => (Allow) C:\Users\ebmoc\AppData\Roaming\uTorrent\uTorrent.exe => No File
    FirewallRules: [{4ED83E31-FE90-4B45-BEF0-0E74D99FEE8B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
    FirewallRules: [{0693EC22-EBC4-4C79-AA9F-19F2BA9D53AA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
    FirewallRules: [{FE0FACDA-E51D-4594-8217-3867D1D30A9F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
    FirewallRules: [{BCC44B6C-83FC-4869-BE51-D8D853F94F97}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
    FirewallRules: [{7507FF59-CCCC-4FE2-B3DB-D103DDEEA54C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
    FirewallRules: [{FCF05594-B093-492C-87C2-89B4AC8A65C6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
    FirewallRules: [{6167816C-1F4B-405A-8F4D-189360578E65}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
    FirewallRules: [{A570956B-C892-47D5-B1D6-0D4BB2F05928}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
    FirewallRules: [{CA3C90AE-3EFD-41B2-96E5-F9FB159E51A5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
    FirewallRules: [{B775AD89-2D85-4B63-BD46-C78231E028E4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
    FirewallRules: [{31B85548-CDC4-4B5C-BAB4-23E38FC3A349}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
    FirewallRules: [{202FB359-2B95-4905-BFD1-EAD66C42AB5C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
    U3 aspnet_state; no ImagePath
    U1 bdvedisk; no ImagePath
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
    HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
    HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    AlternateDataStreams: C:\ProgramData\PACE:F1FD6BF18E6C48B1 [217]
    AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
    AlternateDataStreams: C:\Users\ebmoc\Desktop\FRST64.exe:MBAM.Zone.Identifier [225]
    AlternateDataStreams: C:\Users\ebmoc\Desktop\HitmanPro_x64.exe:BDU [0]
    AlternateDataStreams: C:\Users\ebmoc\Desktop\setup.exe:BDU [0]
    AlternateDataStreams: C:\Users\ebmoc\Downloads\AdwCleaner.exe:BDU [0]
    AlternateDataStreams: C:\Users\ebmoc\Downloads\expressvpn_windows_12.64.0.8_release.exe:BDU [0]
    AlternateDataStreams: C:\Users\ebmoc\Downloads\mb.exe:BDU [0]
    2025-01-08 07:15 - 2020-12-27 06:29 - 000008192 ___SH C:\DumpStack.log.tmp
    Path: containerfile:_C:\Users\ebmoc\Downloads\9576a2d0-926b-498f-b5b6-bd15a26fd76f.tmp; file:_C:\Users\ebmoc\Downloads\9576a2d0-926b-498f-b5b6-bd15a26fd76f.tmp->(SCRIPT0025); file:_C:\Users\ebmoc\Downloads\9576a2d0-926b-498f-b5b6-bd15a26fd76f.tmp->(SCRIPT0026)
    Path: containerfile:_C:\Users\ebmoc\Downloads\9576a2d0-926b-498f-b5b6-bd15a26fd76f.tmp; file:_C:\Users\ebmoc\Downloads\9576a2d0-926b-498f-b5b6-bd15a26fd76f.tmp->(SCRIPT0037)
    CHR HKLM-x32\...\Chrome\Extension: [mfhcmdonhekjhfbjmeacdjbhlfgpjabp]
    cmd: sfc /scannow
    cmd: DISM /Online /Cleanup-Image /CheckHealth
    Emptytemp:
    End::
    *****************

    Restore point was successfully created.
    Processes closed successfully.

    "C:\Program Files\McAfee" Folder move:

    Could not move "C:\Program Files\McAfee" => Scheduled to move on reboot.

    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6F3DCC6-3CB7-4357-9CEC-F98D75E4D875}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6F3DCC6-3CB7-4357-9CEC-F98D75E4D875}" => removed successfully
    C:\WINDOWS\System32\Tasks\McAfee\WPS\amwebapitriggertask => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\amwebapitriggertask" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{215E1A22-7894-4B93-B978-D573CB01C018}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{215E1A22-7894-4B93-B978-D573CB01C018}" => removed successfully
    C:\WINDOWS\System32\Tasks\McAfee\WPS\AntiTrackerTask => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\AntiTrackerTask" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE55C8F9-6A78-4532-8DD9-6045F3EEC645}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE55C8F9-6A78-4532-8DD9-6045F3EEC645}" => removed successfully
    C:\WINDOWS\System32\Tasks\McAfee\WPS\datupdatetask => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\datupdatetask" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38355A7E-73A4-4020-BB5B-063218EDF9E4}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38355A7E-73A4-4020-BB5B-063218EDF9E4}" => removed successfully
    C:\WINDOWS\System32\Tasks\McAfee\WPS\mcpcoscanner => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\mcpcoscanner" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8414FBED-F05E-44D1-944D-1E811C7E269D}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8414FBED-F05E-44D1-944D-1E811C7E269D}" => removed successfully
    C:\WINDOWS\System32\Tasks\McAfee\WPS\NGMCadence => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\NGMCadence" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB1444DE-686B-4A32-B417-65C6DDA37DE1}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB1444DE-686B-4A32-B417-65C6DDA37DE1}" => removed successfully
    C:\WINDOWS\System32\Tasks\McAfee\WPS\odsscheduledtask => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\odsscheduledtask" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{585B9442-2A40-45F4-ADC2-2ABBAC37ABBF}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{585B9442-2A40-45F4-ADC2-2ABBAC37ABBF}" => removed successfully
    C:\WINDOWS\System32\Tasks\McAfee\WPS\systemrebootedtask => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\systemrebootedtask" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{05C2E658-CF05-4FA0-9D2E-1DEDAA3AA533}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05C2E658-CF05-4FA0-9D2E-1DEDAA3AA533}" => removed successfully
    C:\WINDOWS\System32\Tasks\McAfee\WPS\tracker_remover => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\tracker_remover" => removed successfully
    "FW: McAfee (Enabled) {2FDD6819-222E-5E9F-F5E7-E13A2241D502}" => not found
    HKLM\System\CurrentControlSet\Services\DigiRefresh => removed successfully
    DigiRefresh => service removed successfully
    HKLM\System\CurrentControlSet\Services\digiSPTIService64 => removed successfully
    digiSPTIService64 => service removed successfully
    HKLM\System\CurrentControlSet\Services\MpKsle4231fa0 => removed successfully
    MpKsle4231fa0 => service removed successfully
    "HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleDriveFS" => removed successfully
    "HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleDriveFS" => removed successfully
    "HKU\S-1-5-21-1975915644-1811057847-2465535352-1004\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleDriveFS" => removed successfully
    "HKU\S-1-5-21-1975915644-1811057847-2465535352-1005\Software\Microsoft\Windows\CurrentVersion\Run" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34511420-FD42-4F7E-9CC8-DB82D4E2C329}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34511420-FD42-4F7E-9CC8-DB82D4E2C329}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED9F7FFD-68B1-4806-B147-3270EB47E8AE}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED9F7FFD-68B1-4806-B147-3270EB47E8AE}" => removed successfully
    C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" => removed successfully
    HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\DriveFS 28 or later => removed successfully
    HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\DriveFS 28 or later => removed successfully
    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\DriveFS 28 or later => removed successfully
    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FF4ACDE5-5565-430A-B68B-28440B08EAD5}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DFA5CB27-CC34-4A5E-98D1-5B96678C63CF}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BD948F06-081A-4AFE-9D18-9874BD2A4BFF}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4D732DB8-216E-4945-8683-D205C013194D}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{77C7C0D1-032C-4D71-AF54-174202CA070C}C:\program files\windowsapps\xbmcfoundation.kodi_19.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{54DACD85-FF17-422F-88CB-4A288207F5EE}C:\program files\windowsapps\xbmcfoundation.kodi_19.3.500.0_x64__4n2hpmxwrvr6p\kodi.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E1BF7BE-A63F-44BF-87CF-1B89915BDE30}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FDB821D7-C5DE-42A5-8DD5-4E11A76B3FB9}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{398E5895-5F61-4BE6-A6BC-69AD0760B16D}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{25C4AAF8-4E27-49AF-A91B-EA7357254A9B}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D9C22BB6-D454-494F-8ED5-4BC898D29291}C:\program files (x86)\jamulus\jamulus.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1CC59D99-5DBB-4F0F-B8B4-51E60D159754}C:\program files (x86)\jamulus\jamulus.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0A9290C7-7EE6-4F63-8155-A27210725E56}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{22FE96C7-A1F0-468A-B3FD-7CF4566BCC49}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{705FF403-0CE3-434B-A0E2-85F880CB3682}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3910A6DB-530B-4C96-B331-EB5590EEBDF1}C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5391481F-B50C-4F04-BF72-C7AC3424F18E}C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0D78D04A-32F2-4736-BDAE-B8E5387A48E7}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A8E96D84-141A-4E36-95A3-CC888A159504}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A4944596-6370-454E-8492-6FCD6CC3A283}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{61AD9F13-A882-46CF-9F86-9641423C0972}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7B564DE5-B736-4D8A-92B9-5037CC223A44}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{64FEBE67-558B-4BF6-BD73-233F1A1BCFDE}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{93FCDEB6-CE0E-40FF-8A41-311CBB07CDD1}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{529868D8-C568-467B-8458-8B6CD2E1A945}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C89A7F7C-B8A9-4670-A77F-4F2D32844442}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E5266013-6654-482F-9870-6411BD9224CE}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{93E32E13-8954-4BB9-AF77-700F128E5FA6}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4ED83E31-FE90-4B45-BEF0-0E74D99FEE8B}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0693EC22-EBC4-4C79-AA9F-19F2BA9D53AA}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FE0FACDA-E51D-4594-8217-3867D1D30A9F}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BCC44B6C-83FC-4869-BE51-D8D853F94F97}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7507FF59-CCCC-4FE2-B3DB-D103DDEEA54C}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FCF05594-B093-492C-87C2-89B4AC8A65C6}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6167816C-1F4B-405A-8F4D-189360578E65}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A570956B-C892-47D5-B1D6-0D4BB2F05928}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CA3C90AE-3EFD-41B2-96E5-F9FB159E51A5}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B775AD89-2D85-4B63-BD46-C78231E028E4}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{31B85548-CDC4-4B5C-BAB4-23E38FC3A349}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{202FB359-2B95-4905-BFD1-EAD66C42AB5C}" => removed successfully
    HKLM\System\CurrentControlSet\Services\aspnet_state => removed successfully
    aspnet_state => service removed successfully
    HKLM\System\CurrentControlSet\Services\bdvedisk => removed successfully
    bdvedisk => service removed successfully
    "HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}" => removed successfully
    HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
    HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) => Error: No automatic fix found for this entry.
    C:\ProgramData\PACE => ":F1FD6BF18E6C48B1" ADS removed successfully
    C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully
    "C:\Users\ebmoc\Desktop\FRST64.exe" => ":MBAM.Zone.Identifier" ADS not found.
    C:\Users\ebmoc\Desktop\HitmanPro_x64.exe => ":BDU" ADS removed successfully
    C:\Users\ebmoc\Desktop\setup.exe => ":BDU" ADS removed successfully
    C:\Users\ebmoc\Downloads\AdwCleaner.exe => ":BDU" ADS removed successfully
    C:\Users\ebmoc\Downloads\expressvpn_windows_12.64.0.8_release.exe => ":BDU" ADS removed successfully
    C:\Users\ebmoc\Downloads\mb.exe => ":BDU" ADS removed successfully
    Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
    Path: containerfile:_C:\Users\ebmoc\Downloads\9576a2d0-926b-498f-b5b6-bd15a26fd76f.tmp; file:_C:\Users\ebmoc\Downloads\9576a2d0-926b-498f-b5b6-bd15a26fd76f.tmp->(SCRIPT0025); file:_C:\Users\ebmoc\Downloads\9576a2d0-926b-498f-b5b6-bd15a26fd76f.tmp->(SCRIPT0026) => Error: No automatic fix found for this entry.
    Path: containerfile:_C:\Users\ebmoc\Downloads\9576a2d0-926b-498f-b5b6-bd15a26fd76f.tmp; file:_C:\Users\ebmoc\Downloads\9576a2d0-926b-498f-b5b6-bd15a26fd76f.tmp->(SCRIPT0037) => Error: No automatic fix found for this entry.
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mfhcmdonhekjhfbjmeacdjbhlfgpjabp => removed successfully

    ========= sfc /scannow =========



    Beginning system scan. This process will take some time.



    Beginning verification phase of system scan.


    Verification 0% complete.
    Verification 1% complete.
    Verification 1% complete.
    Verification 2% complete.
    Verification 3% complete.
    Verification 3% complete.
    Verification 4% complete.
    Verification 4% complete.
    Verification 5% complete.
    Verification 6% complete.
    Verification 6% complete.
    Verification 7% complete.
    Verification 7% complete.
    Verification 8% complete.
    Verification 9% complete.
    Verification 9% complete.
    Verification 10% complete.
    Verification 10% complete.
    Verification 11% complete.
    Verification 12% complete.
    Verification 12% complete.
    Verification 13% complete.
    Verification 13% complete.
    Verification 14% complete.
    Verification 15% complete.
    Verification 15% complete.
    Verification 16% complete.
    Verification 16% complete.
    Verification 17% complete.
    Verification 18% complete.
    Verification 18% complete.
    Verification 19% complete.
    Verification 19% complete.
    Verification 20% complete.
    Verification 21% complete.
    Verification 21% complete.
    Verification 22% complete.
    Verification 22% complete.
    Verification 23% complete.
    Verification 24% complete.
    Verification 24% complete.
    Verification 25% complete.
    Verification 25% complete.
    Verification 26% complete.
    Verification 27% complete.
    Verification 27% complete.
    Verification 28% complete.
    Verification 28% complete.
    Verification 29% complete.
    Verification 30% complete.
    Verification 30% complete.
    Verification 31% complete.
    Verification 31% complete.
    Verification 32% complete.
    Verification 33% complete.
    Verification 33% complete.
    Verification 34% complete.
    Verification 34% complete.
    Verification 35% complete.
    Verification 36% complete.
    Verification 36% complete.
    Verification 37% complete.
    Verification 37% complete.
    Verification 38% complete.
    Verification 39% complete.
    Verification 39% complete.
    Verification 40% complete.
    Verification 40% complete.
    Verification 41% complete.
    Verification 42% complete.
    Verification 42% complete.
    Verification 43% complete.
    Verification 43% complete.
    Verification 44% complete.
    Verification 45% complete.
    Verification 45% complete.
    Verification 46% complete.
    Verification 46% complete.
    Verification 47% complete.
    Verification 48% complete.
    Verification 48% complete.
    Verification 49% complete.
    Verification 49% complete.
    Verification 50% complete.
    Verification 51% complete.
    Verification 51% complete.
    Verification 52% complete.
    Verification 52% complete.
    Verification 53% complete.
    Verification 54% complete.
    Verification 54% complete.
    Verification 55% complete.
    Verification 55% complete.
    Verification 56% complete.
    Verification 57% complete.
    Verification 57% complete.
    Verification 58% complete.
    Verification 58% complete.
    Verification 59% complete.
    Verification 60% complete.
    Verification 60% complete.
    Verification 61% complete.
    Verification 61% complete.
    Verification 62% complete.
    Verification 63% complete.
    Verification 63% complete.
    Verification 64% complete.
    Verification 64% complete.
    Verification 65% complete.
    Verification 66% complete.
    Verification 66% complete.
    Verification 67% complete.
    Verification 67% complete.
    Verification 68% complete.
    Verification 69% complete.
    Verification 69% complete.
    Verification 70% complete.
    Verification 70% complete.
    Verification 71% complete.
    Verification 72% complete.
    Verification 72% complete.
    Verification 73% complete.
    Verification 73% complete.
    Verification 74% complete.
    Verification 75% complete.
    Verification 75% complete.
    Verification 76% complete.
    Verification 76% complete.
    Verification 77% complete.
    Verification 78% complete.
    Verification 78% complete.
    Verification 79% complete.
    Verification 79% complete.
    Verification 80% complete.
    Verification 81% complete.
    Verification 81% complete.
    Verification 82% complete.
    Verification 82% complete.
    Verification 83% complete.
    Verification 84% complete.
    Verification 84% complete.
    Verification 85% complete.
    Verification 85% complete.
    Verification 86% complete.
    Verification 87% complete.
    Verification 87% complete.
    Verification 88% complete.
    Verification 88% complete.
    Verification 89% complete.
    Verification 90% complete.
    Verification 90% complete.
    Verification 91% complete.
    Verification 91% complete.
    Verification 92% complete.
    Verification 93% complete.
    Verification 93% complete.
    Verification 94% complete.
    Verification 94% complete.
    Verification 95% complete.
    Verification 96% complete.
    Verification 96% complete.
    Verification 97% complete.
    Verification 97% complete.
    Verification 98% complete.
    Verification 99% complete.
    Verification 99% complete.
    Verification 100% complete.


    Windows Resource Protection found corrupt files and successfully repaired them.

    For online repairs, details are included in the CBS log file located at

    windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline

    repairs, details are included in the log file provided by the /OFFLOGFILE flag.



    ========= End of CMD: =========


    ========= DISM /Online /Cleanup-Image /CheckHealth =========


    Deployment Image Servicing and Management tool
    Version: 10.0.19041.3636

    Image Version: 10.0.19045.5371

    No component store corruption detected.
    The operation completed successfully.


    ========= End of CMD: =========


    =========== EmptyTemp: ==========

    FlushDNS => completed
    BITS transfer queue => 4980736 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 54880854 B
    Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
    Windows/system/drivers => 388776476 B
    Edge => 0 B
    Chrome => 847520534 B
    Firefox => 0 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 6656 B
    ProgramData => 6656 B
    Public => 6656 B
    systemprofile => 311514 B
    systemprofile32 => 311514 B
    LocalService => 40292977 B
    NetworkService => 98487913 B
    ebmoc => 289869810 B
    CDFAccount => 289879153 B
    defaultuser100000 => 289886321 B

    RecycleBin => 0 B
    EmptyTemp: => 2.1 GB temporary data Removed.

    ================================

    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 16-01-2025 17:21:58)

    C:\Program Files\McAfee => Is moved successfully
    C:\DumpStack.log.tmp => Could not move

    ==== End of Fixlog 17:21:59 ====
     
    Ebmocwen, Jan 16, 2025
    #5
  6. Oh My!

    Oh My! Malware Expert Staff Member

    Thank you for the information. How is the computer running?
     
    Oh My!, Jan 16, 2025
    #6
  7. Ebmocwen

    Ebmocwen Private E-2

    well, it seems ok. I would even say it seems to start up a little quicker. (btw I forgot to mention Windows did an update before I good run the last instructions). It still seems slow and like the hard drive is being accessed a lot. I was thinking after this step I should move to a tutorial about regular windows maintenance, like checking on what's in the start up folder and defrag the HD?? Should I worry about the items that the other programs like Malwarebytes and so on identified?
     
    Ebmocwen, Jan 17, 2025
    #7
  8. Oh My!

    Oh My! Malware Expert Staff Member

    Greetings.

    These components are quite old and there is only so much you can expect from them. Having said that, let's see what we can do.

    Please do this.

    Run a new FRST Scan and attach both reports to your reply.

    ===================================================

    Autoruns

    --------------------
    • Please download Autoruns and save it to your Desktop
    • Right click on the autoruns64 icon on your Desktop and select Run as administrator
    • Wait until the lower left hand corner of the window shows Ready
    • Hit the Ctrl + S key at the same time
    • Save the file onto your Desktop using the default File name:
    • Please zip and attach it to your reply
    ===================================================

    GSmartControl for Windows - Portable

    -------------------
    • Download GSmartControl for Windows - Portable and save it to your desktop
    • Right click on gsmartcontrol.zip icon and select Extract All... then Extract
    • Double click on the gsmartcontrol folder
    • Right click on gsmartcontrol.exe (not .manifest) and select Run as administrator
    • Allow the program to search for and list your hard drive(s)
    • Double click your drive C: drive
    • Go to the Self-tests tab
    • Make sure that the Test Type is set to Short Self-test
    • Click the Execute button
    • After the test completes, click the View Output button and copy and paste the contents in your reply
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Attached FRST.txt and Addition.txt reports
    • Attached Autoruns file
    • GSmart report
     
    Oh My!, Jan 17, 2025
    #8
  9. Ebmocwen

    Ebmocwen Private E-2

    Ok, think I got it all here:

    smartctl 6.6 2017-11-05 r4594 [x86_64-w64-mingw32-w10-b19045] (sf-6.6-1)
    Copyright (C) 2002-17, Bruce Allen, Christian Franke, www.smartmontools.org

    === START OF INFORMATION SECTION ===
    Model Family: Western Digital Blue Mobile
    Device Model: WDC WD10JPVX-60JC3T0
    Serial Number: WD-WX91A861X8UU
    LU WWN Device Id: 5 0014ee 05994f861
    Firmware Version: 01.01A01
    User Capacity: 1,000,204,886,016 bytes [1.00 TB]
    Sector Sizes: 512 bytes logical, 4096 bytes physical
    Rotation Rate: 5400 rpm
    Form Factor: 2.5 inches
    Device is: In smartctl database [for details use: -P show]
    ATA Version is: ACS-2 (minor revision not indicated)
    SATA Version is: SATA 3.0, 6.0 Gb/s (current: 6.0 Gb/s)
    Local Time is: Tue Jan 21 21:33:18 2025 AST
    SMART support is: Available - device has SMART capability.
    SMART support is: Enabled
    AAM feature is: Unavailable
    APM level is: 128 (minimum power consumption without standby)
    Rd look-ahead is: Enabled
    Write cache is: Enabled
    DSN feature is: Unavailable
    ATA Security is: Disabled, NOT FROZEN [SEC1]

    === START OF READ SMART DATA SECTION ===
    SMART overall-health self-assessment test result: PASSED

    General SMART Values:
    Offline data collection status: (0x00) Offline data collection activity
    was never started.
    Auto Offline Data Collection: Disabled.
    Self-test execution status: ( 0) The previous self-test routine completed
    without error or no self-test has ever
    been run.
    Total time to complete Offline
    data collection: (18960) seconds.
    Offline data collection
    capabilities: (0x51) SMART execute Offline immediate.
    No Auto Offline data collection support.
    Suspend Offline collection upon new
    command.
    No Offline surface scan supported.
    Self-test supported.
    No Conveyance Self-test supported.
    Selective Self-test supported.
    SMART capabilities: (0x0003) Saves SMART data before entering
    power-saving mode.
    Supports SMART auto save timer.
    Error logging capability: (0x01) Error logging supported.
    General Purpose Logging supported.
    Short self-test routine
    recommended polling time: ( 2) minutes.
    Extended self-test routine
    recommended polling time: ( 212) minutes.
    SCT capabilities: (0x703d) SCT Status supported.
    SCT Error Recovery Control supported.
    SCT Feature Control supported.
    SCT Data Table supported.

    SMART Attributes Data Structure revision number: 16
    Vendor Specific SMART Attributes with Thresholds:
    ID# ATTRIBUTE_NAME FLAGS VALUE WORST THRESH FAIL RAW_VALUE
    1 Raw_Read_Error_Rate POSR-K 200 200 051 - 0
    3 Spin_Up_Time POS--K 181 179 021 - 1941
    4 Start_Stop_Count -O--CK 097 097 000 - 3909
    5 Reallocated_Sector_Ct PO--CK 200 200 140 - 0
    7 Seek_Error_Rate POSR-K 200 200 051 - 0
    9 Power_On_Hours -O--CK 073 073 000 - 20052
    10 Spin_Retry_Count PO--CK 100 100 051 - 0
    11 Calibration_Retry_Count -O--CK 100 100 000 - 0
    12 Power_Cycle_Count -O--CK 097 097 000 - 3537
    183 Runtime_Bad_Block -O--CK 100 100 000 - 0
    184 End-to-End_Error PO--CK 100 100 097 - 0
    187 Reported_Uncorrect -O--CK 100 100 000 - 0
    188 Command_Timeout -O--CK 100 100 000 - 0
    190 Airflow_Temperature_Cel -O---K 068 050 040 - 32 (Min/Max 20/35)
    191 G-Sense_Error_Rate -O--CK 038 038 000 - 62
    192 Power-Off_Retract_Count -O--CK 200 200 000 - 112
    193 Load_Cycle_Count -O--CK 179 179 000 - 65114
    194 Temperature_Celsius -O---K 115 097 000 - 32
    196 Reallocated_Event_Count -O--CK 200 200 000 - 0
    197 Current_Pending_Sector -O--CK 200 200 000 - 0
    198 Offline_Uncorrectable ----CK 100 253 000 - 0
    199 UDMA_CRC_Error_Count -O--CK 200 200 000 - 0
    200 Multi_Zone_Error_Rate P--R-- 100 253 051 - 0
    ||||||_ K auto-keep
    |||||__ C event count
    ||||___ R error rate
    |||____ S speed/performance
    ||_____ O updated online
    |______ P prefailure warning

    General Purpose Log Directory Version 1
    SMART Log Directory Version 1 [multi-sector log support]
    Address Access R/W Size Description
    0x00 GPL,SL R/O 1 Log Directory
    0x01 SL R/O 1 Summary SMART error log
    0x02 SL R/O 5 Comprehensive SMART error log
    0x03 GPL R/O 6 Ext. Comprehensive SMART error log
    0x06 SL R/O 1 SMART self-test log
    0x07 GPL R/O 1 Extended self-test log
    0x09 SL R/W 1 Selective self-test log
    0x10 GPL R/O 1 NCQ Command Error log
    0x11 GPL R/O 1 SATA Phy Event Counters log
    0x80-0x9f GPL,SL R/W 16 Host vendor specific log
    0xa0-0xa7 GPL,SL VS 16 Device vendor specific log
    0xa8-0xb6 GPL,SL VS 1 Device vendor specific log
    0xb7 GPL,SL VS 38 Device vendor specific log
    0xbd GPL,SL VS 1 Device vendor specific log
    0xc0 GPL,SL VS 1 Device vendor specific log
    0xc1 GPL VS 93 Device vendor specific log
    0xe0 GPL,SL R/W 1 SCT Command/Status
    0xe1 GPL,SL R/W 1 SCT Data Transfer

    SMART Extended Comprehensive Error Log Version: 1 (6 sectors)
    No Errors Logged

    SMART Extended Self-test Log Version: 1 (1 sectors)
    Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error
    # 1 Short offline Completed without error 00% 20052 -
    # 2 Short offline Completed without error 00% 991 -

    SMART Selective self-test log data structure revision number 1
    SPAN MIN_LBA MAX_LBA CURRENT_TEST_STATUS
    1 0 0 Not_testing
    2 0 0 Not_testing
    3 0 0 Not_testing
    4 0 0 Not_testing
    5 0 0 Not_testing
    Selective self-test flags (0x0):
    After scanning selected spans, do NOT read-scan remainder of disk.
    If Selective self-test is pending on power-up, resume after 0 minute delay.

    SCT Status Version: 3
    SCT Version (vendor specific): 258 (0x0102)
    SCT Support Level: 1
    Device State: Active (0)
    Current Temperature: 32 Celsius
    Power Cycle Min/Max Temperature: 20/35 Celsius
    Lifetime Min/Max Temperature: 0/50 Celsius
    Under/Over Temperature Limit Count: 0/0
    Vendor specific:
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

    SCT Temperature History Version: 2
    Temperature Sampling Period: 1 minute
    Temperature Logging Interval: 1 minute
    Min/Max recommended Temperature: 0/60 Celsius
    Min/Max Temperature Limit: -41/85 Celsius
    Temperature History Size (Index): 128 (71)

    Index Estimated Time Temperature Celsius
    72 2025-01-21 19:26 24 *****
    73 2025-01-21 19:27 25 ******
    74 2025-01-21 19:28 26 *******
    75 2025-01-21 19:29 26 *******
    76 2025-01-21 19:30 27 ********
    ... ..( 2 skipped). .. ********
    79 2025-01-21 19:33 27 ********
    80 2025-01-21 19:34 28 *********
    81 2025-01-21 19:35 28 *********
    82 2025-01-21 19:36 29 **********
    83 2025-01-21 19:37 29 **********
    84 2025-01-21 19:38 29 **********
    85 2025-01-21 19:39 30 ***********
    ... ..( 5 skipped). .. ***********
    91 2025-01-21 19:45 30 ***********
    92 2025-01-21 19:46 31 ************
    ... ..( 3 skipped). .. ************
    96 2025-01-21 19:50 31 ************
    97 2025-01-21 19:51 32 *************
    ... ..( 7 skipped). .. *************
    105 2025-01-21 19:59 32 *************
    106 2025-01-21 20:00 33 **************
    ... ..( 6 skipped). .. **************
    113 2025-01-21 20:07 33 **************
    114 2025-01-21 20:08 34 ***************
    ... ..( 36 skipped). .. ***************
    23 2025-01-21 20:45 34 ***************
    24 2025-01-21 20:46 35 ****************
    ... ..( 14 skipped). .. ****************
    39 2025-01-21 21:01 35 ****************
    40 2025-01-21 21:02 34 ***************
    41 2025-01-21 21:03 34 ***************
    42 2025-01-21 21:04 33 **************
    43 2025-01-21 21:05 33 **************
    44 2025-01-21 21:06 33 **************
    45 2025-01-21 21:07 32 *************
    46 2025-01-21 21:08 31 ************
    ... ..( 2 skipped). .. ************
    49 2025-01-21 21:11 31 ************
    50 2025-01-21 21:12 32 *************
    ... ..( 2 skipped). .. *************
    53 2025-01-21 21:15 32 *************
    54 2025-01-21 21:16 33 **************
    55 2025-01-21 21:17 33 **************
    56 2025-01-21 21:18 33 **************
    57 2025-01-21 21:19 32 *************
    ... ..( 4 skipped). .. *************
    62 2025-01-21 21:24 32 *************
    63 2025-01-21 21:25 31 ************
    64 2025-01-21 21:26 31 ************
    65 2025-01-21 21:27 31 ************
    66 2025-01-21 21:28 32 *************
    ... ..( 4 skipped). .. *************
    71 2025-01-21 21:33 32 *************

    SCT Error Recovery Control:
    Read: 85 (8.5 seconds)
    Write: 85 (8.5 seconds)

    Device Statistics (GP/SMART Log 0x04) not supported

    SATA Phy Event Counters (GP Log 0x11)
    ID Size Value Description
    0x0001 2 0 Command failed due to ICRC error
    0x0002 2 0 R_ERR response for data FIS
    0x0003 2 0 R_ERR response for device-to-host data FIS
    0x0004 2 0 R_ERR response for host-to-device data FIS
    0x0005 2 0 R_ERR response for non-data FIS
    0x0006 2 0 R_ERR response for device-to-host non-data FIS
    0x0007 2 0 R_ERR response for host-to-device non-data FIS
    0x0008 2 0 Device-to-host non-data FIS retries
    0x0009 2 28124 Transition from drive PhyRdy to drive PhyNRdy
    0x000a 2 2 Device-to-host register FISes sent due to a COMRESET
    0x000b 2 0 CRC errors within host-to-device FIS
    0x000f 2 0 R_ERR response for host-to-device data FIS, CRC
    0x0012 2 0 R_ERR response for host-to-device non-data FIS, CRC
    0x8000 4 7954 Vendor specific
     

    Attached Files:

    Ebmocwen, Jan 21, 2025
    #9
  10. Oh My!

    Oh My! Malware Expert Staff Member

    Thank you for the reports.

    Currently there is more available RAM than was the case previously. Is your computer running any better now?

    I would like you to review the autoruns report to identify items you no longer need or don't use. For example, OneDrive, Huion Tablet, HP Digital Imaging (from 2011) etc. Let me know what you identify.
     
    Oh My!, Jan 22, 2025
    #10
  11. Ebmocwen

    Ebmocwen Private E-2

    The computer does seem to start a little faster now. The hard drive is still running constantly (well, the indicator light never stops flashing and I believe I can hear it operating)

    The only thing that really jumps out at me is reference to McAffee antivirus. And although I uninstalled it, I do still get pop ups from it. I still use the Huion Tablet, although I suppose it doesn't need to start with Windows. I guess that is so when I plug it in it gets recognized? One Drive too, I suppose I could uninstall the desktop app and just use the web interface, for how often I use it. My laptop is an HP, and I have an HP printer, so I assume all the HP references are legit?
    I see Malware Bytes and Rogue Killer etc in that list, do I need to keep all that stuff installed?
     
    Ebmocwen, Jan 25, 2025
    #11
  12. Oh My!

    Oh My! Malware Expert Staff Member

    Thank you for the information.

    It should not be necessary to uninstall the programs if you use them. We can stop them from running automatically (autorun). Let's approach things this way.

    ===================================================

    Disabling Autoruns Entries

    --------------------

    Autoruns Explained

    Many programs, when installed, create registry or file entries which instruct the program to launch at system startup whether or not that program is essential or advantageous to run in the background. By disabling the autorun feature we do not delete or otherwise prohibit the program from running, rather the program is not started until it is needed. Think of it like a car. Sometime today you might to use the car to go to the store. The car can be in one of two conditions before you decide. You can leave the car running all day long even though you may or may not use it (enabling autorun) or you can start the car when you are ready (disabling autorun then launching a program). Either way the car will work for you it is just a matter of how ready it will be if/when it is time. Just as gas is wasted by leaving the car running, your computer resources are "wasted" because programs are running in the background that you may not be using.


    ===================================================

    Disabling Autoruns Entries

    --------------------
    • If necessary, download AutoRuns and save it to your desktop
    • Double click the AutoRuns.zip folder (or if necessary right click and select Extract)
    • Right click on autoruns.exe (not autorunsc.exe), then select Run as administrator
    • Click on the Logon tab
    • In light of the above explanation, uncheck any programs you do not need to run at startup and continue to run behind the scenes
    • Reboot your computer and check the memory usage
    ===================================================

    Farbar Recovery Scan Tool SearchAll

    --------------------
    • Launch FRST
    • Type the following in the Search: box
    Code:
    SearchAll: McAfee
    • Click Search Files button
    • When completed click OK and a Search.txt document will open on your desktop
    • Attach the report to your reply
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Results?
    • Attached Search.txt
     
    Oh My!, Jan 25, 2025
    #12
  13. Ebmocwen

    Ebmocwen Private E-2

    Ok, I unchecked things like onedrive, HP services and express vpn, I don't need them to start with windows. After rebooting, Task Manager says that about 60% of memory is being used. I did notice that the programs I unchecked are still using memory?

    Attached the search.txt report :)
     

    Attached Files:

    Ebmocwen, Jan 27, 2025
    #13
  14. Oh My!

    Oh My! Malware Expert Staff Member

    Is it a minimal amount of memory being used?

    Please do this.

    ===================================================

    Farbar Recovery Scan Tool Fix

    --------------------
    • Right click on the FRST64 icon and select Run as administrator
    • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
    • There is no need to paste the information anywhere, FRST64 will do it for you
    Code:
    Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
C:\Windows\System32\Tasks_Migrated\McAfee Remediation (Prepare)
C:\Windows\System32\Tasks_Migrated\McAfeeLogon
C:\Windows\System32\Tasks_Migrated\McAfee\McAfee Auto Maintenance Task Agent
C:\Users\ebmoc\Downloads\McAfee_Installer_serial_xIeGGNErop5jLx-Bi3KEPg2_key_affid_105_akey.exe
C:\Users\CDFAccount\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\McAfee_McAgent
C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.41.29.0_x64__v10z8vjag6ke6\
C:\Program Files\HP\HP Welcome\Modules\Garage.McAfee.dll
C:\Program Files\HP\HP Welcome\Content\DEFAULT\ZH-TW\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\ZH-HK\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\ZH-CN\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\TR-TR\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\TH-TH\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\SV-SE\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\SR-LATN-RS\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\SL-SI\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\SK-SK\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\RU-RU\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\RO-RO\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\PT-PT\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\PT-BR\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\PL-PL\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\NL-NL\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\NB-NO\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\LV-LV\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\LT-LT\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\KO-KR\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\JA-JP\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\IT-IT\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\HU-HU\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\HR-HR\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\HE-IL\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\GL-ES\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\FR-FR\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\FR-CA\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\FI-FI\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\EU-ES\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\ET-EE\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\ES-MX\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\ES-ES\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\EN-US\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\en-GB\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\EL-GR\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\DE-DE\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\DA-DK\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\CS-CZ\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\CA-ES\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\BG-BG\McAfeeModuleContent.resjson
C:\Program Files\HP\HP Welcome\Content\DEFAULT\AR-SA\McAfeeModuleContent.resjson
2020-12-27 07:19 - 2020-12-27 07:20 _____ C:\Windows\System32\Tasks_Migrated\McAfee
2023-10-24 19:30 - 2023-10-24 19:30 _____ C:\Windows\System32\Tasks\McAfee
2016-11-25 23:29 - 2017-01-08 19:13 _____ C:\Users\ebmoc\AppData\Roaming\Macromedia
2016-09-21 03:08 - 2016-09-21 03:08 _____ C:\SWSetup\APP\Applications\McAfee
2016-09-21 03:26 - 2023-11-11 14:05 _____ C:\ProgramData\McAfee
2023-10-24 19:35 - 2023-10-24 19:35 _____ C:\ProgramData\Packages\McAfeeWPSSparsePackage_1ez856j3kr9ae
2016-09-21 03:00 - 2016-09-21 03:00 _____ C:\hp\McAfeeRules
2025-01-16 08:02 - 2025-01-16 08:02 _____ C:\FRST\Quarantine\C\WINDOWS\System32\Tasks\McAfee
2023-10-24 19:28 - 2023-11-11 14:04 _____ C:\FRST\Quarantine\C\Program Files\McAfee
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C146D72-9229-49D8-B2C9-D805EF5C69A9}\InProcServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33264B15-ECBD-4191-87A7-6B6422CB3A54}\InProcServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{590AB12E-F706-4BA8-9D08-A1EEC69A687D}\InProcServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60CCDA22-6301-439F-897B-08806DA744F2}\InProcServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94478404-6236-40C4-8850-DF09CE6D95BC}\InProcServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF1B3E19-651E-4406-852B-9B7C4BABC82E}\InProcServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0827905-82D3-4566-ABA1-C67E4447F27E}\InProcServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F33B322A-8757-4E91-ACE3-28FE07AF968E}\InProcServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A95B959F-64A9-43E4-A874-C8A77905854A}\InprocServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\webadvisor.mcafee.chrome.extension|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\MSC\Settings\protcat\AA747A62-493D-4082-A2EF-C4AD2049AA21\0F167695-3F7C-421c-89E8-40544CE9D1A2\installed|LinkContext
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\MSC\Settings\toc\A12341F7-A130-4447-97AD-2675F46516FB|LinkContext
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{2FDD6819-222E-5E9F-F5E7-E13A2241D502}|DISPLAYNAME
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{2FDD6819-222E-5E9F-F5E7-E13A2241D502}|PRODUCTEXE
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{2FDD6819-222E-5E9F-F5E7-E13A2241D502}|REPORTINGEXE
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-1975915644-1811057847-2465535352-1001\McAfeeWPSSparsePackage_1.0.0.0_neutral__1ez856j3kr9ae|Path
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\HP\HPActiveSupport\HPSF\ObjectState|McAfeeNoAV_A
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\cfwids|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ClientAnalyticsService|Path
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ClientAnalyticsService|Path.Org
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ClientAnalyticsService|Path.Win32
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\HipShieldK|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\HomeNetSvc|Path
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\HomeNetSvc|Path.Org
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\HomeNetSvc|Path.Win32
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\HomeNetSvc|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAPExe|Path
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAPExe|Path.Org
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAPExe|Path.Win32
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAPExe|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAWFwk|Path
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAWFwk|Path.Org
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAWFwk|Path.Win32
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAWFwk|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mcbootdelaystartsvc|Path
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mcbootdelaystartsvc|Path.Org
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mcbootdelaystartsvc|Path.Win32
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mcbootdelaystartsvc|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ModuleCoreService|Path
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ModuleCoreService|Path.Org
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ModuleCoreService|Path.Win32
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ModuleCoreService|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\MSK80Service|Path
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\MSK80Service|Path.Org
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\MSK80Service|Path.Win32
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\MSK80Service|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1975915644-1811057847-2465535352-1001|\Device\HarddiskVolume3\PROGRA~1\COMMON~1\McAfee\platform\McUICnt.exe
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1975915644-1811057847-2465535352-1001|\Device\HarddiskVolume3\Program Files\Common Files\McAfee\platform\McUICnt.exe
DeleteValue: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\UserData\UninstallTimes|McAfeeWPSSparsePackage_1ez856j3kr9ae
DeleteValue: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|McAfeeAppLauncher
DeleteValue: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|{6D809377-6AF0-444B-8957-A3773F02200E}\McAfee\WPS\1.11.279.1\mc-wns-client\mc-wns-client.exe
DeleteValue: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Users\ebmoc\Downloads\McAfee_Installer_serial_xIeGGNErop5jLx-Bi3KEPg2_key_affid_105_akey.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\webadvisor.mcafee.chrome.extension
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\McAfee
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\WebAdvisor
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\webadvisor.mcafee.chrome.extension
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\McAfeeWPSSparsePackage_1ez856j3kr9ae
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-1975915644-1811057847-2465535352-1001\McAfeeWPSSparsePackage_1.0.0.0_neutral__1ez856j3kr9ae
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\NativeMessagingHosts\webadvisor.mcafee.chrome.extension
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\NativeMessagingHosts\webadvisor.mcafee.chrome.extension
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee NGI
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Edge\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Edge\NativeMessagingHosts\webadvisor.mcafee.chrome.extension
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Mozilla\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Mozilla\NativeMessagingHosts\webadvisor.mcafee.chrome.extension
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mccspsvc
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McNaiAnn
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McODS
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McOobeSv2
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mcpltsvc
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McProxy
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfeaack
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfeavfk
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfeelamk
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfefire
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfefirek
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfehidk
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfemms
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfencbdc
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfencrk
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfeplk
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfevtp
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfewfpk
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfee WebAdvisor
DeleteKey: HKEY_USERS\.DEFAULT\Software\McAfee
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust
DeleteKey: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\McAfee
DeleteKey: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mcafee.com
DeleteKey: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\SystemCertificates\McAfee Trust
DeleteKey: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{fcb705c0-a974-47dc-a36a-e1b3bb15fb2c}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$w~mcafee.mcagent
DeleteKey: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{fcb705c0-a974-47dc-a36a-e1b3bb15fb2c}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$w~mcafeeapplauncher
DeleteKey: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{fcb705c0-a974-47dc-a36a-e1b3bb15fb2c}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$mcafee.wps
DeleteKey: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{fcb705c0-a974-47dc-a36a-e1b3bb15fb2c}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$mcafeewpssparsepackage_1ez856j3kr9ae
DeleteKey: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{fcb705c0-a974-47dc-a36a-e1b3bb15fb2c}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$w~mcafee.mcagent
DeleteKey: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{fcb705c0-a974-47dc-a36a-e1b3bb15fb2c}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$w~mcafeeapplauncher
DeleteKey: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{fcb705c0-a974-47dc-a36a-e1b3bb15fb2c}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$mcafee.wps
DeleteKey: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{fcb705c0-a974-47dc-a36a-e1b3bb15fb2c}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$mcafeewpssparsepackage_1ez856j3kr9ae
DeleteKey: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PolicyCache\McAfeeWPSSparsePackage_1ez856j3kr9ae
End::
    • Click Fix
    • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Minimal about of memory?
    • Fixlog
     
    Oh My!, Jan 27, 2025
    #14
  15. Ebmocwen

    Ebmocwen Private E-2

    Those programs seem to be using about 80mb? So I guess that is minimal.

    Here is the Fixlog:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 21-01-2025
    Ran by ebmoc (29-01-2025 08:02:49) Run:2
    Running from C:\Users\ebmoc\Desktop
    Loaded Profiles: ebmoc
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    Start::
    SystemRestore: On
    CreateRestorePoint:
    CloseProcesses:
    C:\Windows\System32\Tasks_Migrated\McAfee Remediation (Prepare)
    C:\Windows\System32\Tasks_Migrated\McAfeeLogon
    C:\Windows\System32\Tasks_Migrated\McAfee\McAfee Auto Maintenance Task Agent
    C:\Users\ebmoc\Downloads\McAfee_Installer_serial_xIeGGNErop5jLx-Bi3KEPg2_key_affid_105_akey.exe
    C:\Users\CDFAccount\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\McAfee_McAgent
    C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.41.29.0_x64__v10z8vjag6ke6\
    C:\Program Files\HP\HP Welcome\Modules\Garage.McAfee.dll
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\ZH-TW\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\ZH-HK\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\ZH-CN\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\TR-TR\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\TH-TH\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\SV-SE\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\SR-LATN-RS\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\SL-SI\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\SK-SK\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\RU-RU\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\RO-RO\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\PT-PT\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\PT-BR\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\PL-PL\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\NL-NL\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\NB-NO\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\LV-LV\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\LT-LT\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\KO-KR\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\JA-JP\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\IT-IT\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\HU-HU\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\HR-HR\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\HE-IL\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\GL-ES\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\FR-FR\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\FR-CA\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\FI-FI\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\EU-ES\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\ET-EE\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\ES-MX\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\ES-ES\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\EN-US\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\en-GB\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\EL-GR\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\DE-DE\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\DA-DK\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\CS-CZ\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\CA-ES\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\BG-BG\McAfeeModuleContent.resjson
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\AR-SA\McAfeeModuleContent.resjson
    2020-12-27 07:19 - 2020-12-27 07:20 _____ C:\Windows\System32\Tasks_Migrated\McAfee
    2023-10-24 19:30 - 2023-10-24 19:30 _____ C:\Windows\System32\Tasks\McAfee
    2016-11-25 23:29 - 2017-01-08 19:13 _____ C:\Users\ebmoc\AppData\Roaming\Macromedia
    2016-09-21 03:08 - 2016-09-21 03:08 _____ C:\SWSetup\APP\Applications\McAfee
    2016-09-21 03:26 - 2023-11-11 14:05 _____ C:\ProgramData\McAfee
    2023-10-24 19:35 - 2023-10-24 19:35 _____ C:\ProgramData\Packages\McAfeeWPSSparsePackage_1ez856j3kr9ae
    2016-09-21 03:00 - 2016-09-21 03:00 _____ C:\hp\McAfeeRules
    2025-01-16 08:02 - 2025-01-16 08:02 _____ C:\FRST\Quarantine\C\WINDOWS\System32\Tasks\McAfee
    2023-10-24 19:28 - 2023-11-11 14:04 _____ C:\FRST\Quarantine\C\Program Files\McAfee
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C146D72-9229-49D8-B2C9-D805EF5C69A9}\InProcServer32|""
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}|""
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32|""
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33264B15-ECBD-4191-87A7-6B6422CB3A54}\InProcServer32|""
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{590AB12E-F706-4BA8-9D08-A1EEC69A687D}\InProcServer32|""
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60CCDA22-6301-439F-897B-08806DA744F2}\InProcServer32|""
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94478404-6236-40C4-8850-DF09CE6D95BC}\InProcServer32|""
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF1B3E19-651E-4406-852B-9B7C4BABC82E}\InProcServer32|""
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0827905-82D3-4566-ABA1-C67E4447F27E}\InProcServer32|""
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F33B322A-8757-4E91-ACE3-28FE07AF968E}\InProcServer32|""
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}|""
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32|""
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A95B959F-64A9-43E4-A874-C8A77905854A}\InprocServer32|""
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension|""
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\webadvisor.mcafee.chrome.extension|""
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\MSC\Settings\protcat\AA747A62-493D-4082-A2EF-C4AD2049AA21\0F167695-3F7C-421c-89E8-40544CE9D1A2\installed|LinkContext
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\MSC\Settings\toc\A12341F7-A130-4447-97AD-2675F46516FB|LinkContext
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{2FDD6819-222E-5E9F-F5E7-E13A2241D502}|DISPLAYNAME
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{2FDD6819-222E-5E9F-F5E7-E13A2241D502}|PRODUCTEXE
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{2FDD6819-222E-5E9F-F5E7-E13A2241D502}|REPORTINGEXE
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-1975915644-1811057847-2465535352-1001\McAfeeWPSSparsePackage_1.0.0.0_neutral__1ez856j3kr9ae|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\HP\HPActiveSupport\HPSF\ObjectState|McAfeeNoAV_A
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\cfwids|DisplayName
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ClientAnalyticsService|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ClientAnalyticsService|Path.Org
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ClientAnalyticsService|Path.Win32
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\HipShieldK|DisplayName
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\HomeNetSvc|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\HomeNetSvc|Path.Org
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\HomeNetSvc|Path.Win32
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\HomeNetSvc|DisplayName
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAPExe|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAPExe|Path.Org
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAPExe|Path.Win32
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAPExe|DisplayName
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAWFwk|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAWFwk|Path.Org
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAWFwk|Path.Win32
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAWFwk|DisplayName
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mcbootdelaystartsvc|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mcbootdelaystartsvc|Path.Org
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mcbootdelaystartsvc|Path.Win32
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mcbootdelaystartsvc|DisplayName
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ModuleCoreService|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ModuleCoreService|Path.Org
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ModuleCoreService|Path.Win32
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ModuleCoreService|DisplayName
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\MSK80Service|Path
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\MSK80Service|Path.Org
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\MSK80Service|Path.Win32
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\MSK80Service|DisplayName
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1975915644-1811057847-2465535352-1001|\Device\HarddiskVolume3\PROGRA~1\COMMON~1\McAfee\platform\McUICnt.exe
    DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1975915644-1811057847-2465535352-1001|\Device\HarddiskVolume3\Program Files\Common Files\McAfee\platform\McUICnt.exe
    DeleteValue: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\UserData\UninstallTimes|McAfeeWPSSparsePackage_1ez856j3kr9ae
    DeleteValue: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|McAfeeAppLauncher
    DeleteValue: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|{6D809377-6AF0-444B-8957-A3773F02200E}\McAfee\WPS\1.11.279.1\mc-wns-client\mc-wns-client.exe
    DeleteValue: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Users\ebmoc\Downloads\McAfee_Installer_serial_xIeGGNErop5jLx-Bi3KEPg2_key_affid_105_akey.exe
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\webadvisor.mcafee.chrome.extension
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\McAfee
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\WebAdvisor
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\webadvisor.mcafee.chrome.extension
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\McAfeeWPSSparsePackage_1ez856j3kr9ae
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-1975915644-1811057847-2465535352-1001\McAfeeWPSSparsePackage_1.0.0.0_neutral__1ez856j3kr9ae
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\NativeMessagingHosts\webadvisor.mcafee.chrome.extension
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\NativeMessagingHosts\webadvisor.mcafee.chrome.extension
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee NGI
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Edge\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Edge\NativeMessagingHosts\webadvisor.mcafee.chrome.extension
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Mozilla\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Mozilla\NativeMessagingHosts\webadvisor.mcafee.chrome.extension
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mccspsvc
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McNaiAnn
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McODS
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McOobeSv2
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mcpltsvc
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McProxy
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfeaack
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfeavfk
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfeelamk
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfefire
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfefirek
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfehidk
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfemms
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfencbdc
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfencrk
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfeplk
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfevtp
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfewfpk
    DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfee WebAdvisor
    DeleteKey: HKEY_USERS\.DEFAULT\Software\McAfee
    DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust
    DeleteKey: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\McAfee
    DeleteKey: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mcafee.com
    DeleteKey: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\SystemCertificates\McAfee Trust
    DeleteKey: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{fcb705c0-a974-47dc-a36a-e1b3bb15fb2c}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$w~mcafee.mcagent
    DeleteKey: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{fcb705c0-a974-47dc-a36a-e1b3bb15fb2c}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$w~mcafeeapplauncher
    DeleteKey: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{fcb705c0-a974-47dc-a36a-e1b3bb15fb2c}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$mcafee.wps
    DeleteKey: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{fcb705c0-a974-47dc-a36a-e1b3bb15fb2c}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$mcafeewpssparsepackage_1ez856j3kr9ae
    DeleteKey: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{fcb705c0-a974-47dc-a36a-e1b3bb15fb2c}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$w~mcafee.mcagent
    DeleteKey: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{fcb705c0-a974-47dc-a36a-e1b3bb15fb2c}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$w~mcafeeapplauncher
    DeleteKey: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{fcb705c0-a974-47dc-a36a-e1b3bb15fb2c}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$mcafee.wps
    DeleteKey: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{fcb705c0-a974-47dc-a36a-e1b3bb15fb2c}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$mcafeewpssparsepackage_1ez856j3kr9ae
    DeleteKey: HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PolicyCache\McAfeeWPSSparsePackage_1ez856j3kr9ae
    End::
    *****************

    SystemRestore: On => completed
    Restore point was successfully created.
    Processes closed successfully.
    C:\Windows\System32\Tasks_Migrated\McAfee Remediation (Prepare) => moved successfully
    C:\Windows\System32\Tasks_Migrated\McAfeeLogon => moved successfully
    C:\Windows\System32\Tasks_Migrated\McAfee\McAfee Auto Maintenance Task Agent => moved successfully
    C:\Users\ebmoc\Downloads\McAfee_Installer_serial_xIeGGNErop5jLx-Bi3KEPg2_key_affid_105_akey.exe => moved successfully
    C:\Users\CDFAccount\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\McAfee_McAgent => moved successfully

    "C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.41.29.0_x64__v10z8vjag6ke6" Folder move:

    C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.41.29.0_x64__v10z8vjag6ke6 => moved successfully
    C:\Program Files\HP\HP Welcome\Modules\Garage.McAfee.dll => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\ZH-TW\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\ZH-HK\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\ZH-CN\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\TR-TR\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\TH-TH\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\SV-SE\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\SR-LATN-RS\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\SL-SI\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\SK-SK\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\RU-RU\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\RO-RO\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\PT-PT\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\PT-BR\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\PL-PL\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\NL-NL\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\NB-NO\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\LV-LV\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\LT-LT\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\KO-KR\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\JA-JP\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\IT-IT\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\HU-HU\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\HR-HR\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\HE-IL\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\GL-ES\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\FR-FR\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\FR-CA\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\FI-FI\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\EU-ES\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\ET-EE\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\ES-MX\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\ES-ES\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\EN-US\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\en-GB\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\EL-GR\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\DE-DE\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\DA-DK\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\CS-CZ\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\CA-ES\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\BG-BG\McAfeeModuleContent.resjson => moved successfully
    C:\Program Files\HP\HP Welcome\Content\DEFAULT\AR-SA\McAfeeModuleContent.resjson => moved successfully

    "C:\Windows\System32\Tasks_Migrated\McAfee" Folder move:

    C:\Windows\System32\Tasks_Migrated\McAfee => moved successfully

    "C:\Windows\System32\Tasks\McAfee" Folder move:

    C:\Windows\System32\Tasks\McAfee => moved successfully

    "C:\Users\ebmoc\AppData\Roaming\Macromedia" Folder move:

    C:\Users\ebmoc\AppData\Roaming\Macromedia => moved successfully

    "C:\SWSetup\APP\Applications\McAfee" Folder move:

    C:\SWSetup\APP\Applications\McAfee => moved successfully

    "C:\ProgramData\McAfee" Folder move:

    C:\ProgramData\McAfee => moved successfully

    "C:\ProgramData\Packages\McAfeeWPSSparsePackage_1ez856j3kr9ae" Folder move:

    C:\ProgramData\Packages\McAfeeWPSSparsePackage_1ez856j3kr9ae => moved successfully

    "C:\hp\McAfeeRules" Folder move:

    C:\hp\McAfeeRules => moved successfully

    "C:\FRST\Quarantine\C\WINDOWS\System32\Tasks\McAfee" Folder move:

    C:\FRST\Quarantine\C\WINDOWS\System32\Tasks\McAfee => moved successfully

    "C:\FRST\Quarantine\C\Program Files\McAfee" Folder move:

    C:\FRST\Quarantine\C\Program Files\McAfee => moved successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C146D72-9229-49D8-B2C9-D805EF5C69A9}\InProcServer32\\" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\\" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\\" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33264B15-ECBD-4191-87A7-6B6422CB3A54}\InProcServer32\\" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{590AB12E-F706-4BA8-9D08-A1EEC69A687D}\InProcServer32\\" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60CCDA22-6301-439F-897B-08806DA744F2}\InProcServer32\\" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94478404-6236-40C4-8850-DF09CE6D95BC}\InProcServer32\\" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF1B3E19-651E-4406-852B-9B7C4BABC82E}\InProcServer32\\" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0827905-82D3-4566-ABA1-C67E4447F27E}\InProcServer32\\" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F33B322A-8757-4E91-ACE3-28FE07AF968E}\InProcServer32\\" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\\" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\\" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A95B959F-64A9-43E4-A874-C8A77905854A}\InprocServer32\\" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension\\" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\webadvisor.mcafee.chrome.extension\\" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\MSC\Settings\protcat\AA747A62-493D-4082-A2EF-C4AD2049AA21\0F167695-3F7C-421c-89E8-40544CE9D1A2\installed\\LinkContext" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\MSC\Settings\toc\A12341F7-A130-4447-97AD-2675F46516FB\\LinkContext" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{2FDD6819-222E-5E9F-F5E7-E13A2241D502}\\DISPLAYNAME" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{2FDD6819-222E-5E9F-F5E7-E13A2241D502}\\PRODUCTEXE" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{2FDD6819-222E-5E9F-F5E7-E13A2241D502}\\REPORTINGEXE" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-1975915644-1811057847-2465535352-1001\McAfeeWPSSparsePackage_1.0.0.0_neutral__1ez856j3kr9ae\\Path" => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\HP\HPActiveSupport\HPSF\ObjectState\\McAfeeNoAV_A" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\cfwids\\DisplayName" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ClientAnalyticsService\\Path" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ClientAnalyticsService\\Path.Org" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ClientAnalyticsService\\Path.Win32" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\HipShieldK\\DisplayName" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\HomeNetSvc\\Path" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\HomeNetSvc\\Path.Org" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\HomeNetSvc\\Path.Win32" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\HomeNetSvc\\DisplayName" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAPExe\\Path" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAPExe\\Path.Org" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAPExe\\Path.Win32" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAPExe\\DisplayName" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAWFwk\\Path" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAWFwk\\Path.Org" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAWFwk\\Path.Win32" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McAWFwk\\DisplayName" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mcbootdelaystartsvc\\Path" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mcbootdelaystartsvc\\Path.Org" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mcbootdelaystartsvc\\Path.Win32" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mcbootdelaystartsvc\\DisplayName" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ModuleCoreService\\Path" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ModuleCoreService\\Path.Org" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ModuleCoreService\\Path.Win32" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\ModuleCoreService\\DisplayName" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\MSK80Service\\Path" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\MSK80Service\\Path.Org" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\MSK80Service\\Path.Win32" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\MSK80Service\\DisplayName" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1975915644-1811057847-2465535352-1001\\\Device\HarddiskVolume3\PROGRA~1\COMMON~1\McAfee\platform\McUICnt.exe" => removed successfully
    "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1975915644-1811057847-2465535352-1001\\\Device\HarddiskVolume3\Program Files\Common Files\McAfee\platform\McUICnt.exe" => removed successfully
    "HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\UserData\UninstallTimes\\McAfeeWPSSparsePackage_1ez856j3kr9ae" => removed successfully
    "HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched\\McAfeeAppLauncher" => removed successfully
    "HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched\\{6D809377-6AF0-444B-8957-A3773F02200E}\McAfee\WPS\1.11.279.1\mc-wns-client\mc-wns-client.exe" => removed successfully
    "HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Users\ebmoc\Downloads\McAfee_Installer_serial_xIeGGNErop5jLx-Bi3KEPg2_key_affid_105_akey.exe" => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\webadvisor.mcafee.chrome.extension => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\McAfee => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\WebAdvisor" => not found
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\webadvisor.mcafee.chrome.extension => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\McAfeeWPSSparsePackage_1ez856j3kr9ae => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-1975915644-1811057847-2465535352-1001\McAfeeWPSSparsePackage_1.0.0.0_neutral__1ez856j3kr9ae => removed successfully
    "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee" => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\NativeMessagingHosts\webadvisor.mcafee.chrome.extension => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\NativeMessagingHosts\webadvisor.mcafee.chrome.extension => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee => not found
    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee NGI => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Edge\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Edge\NativeMessagingHosts\webadvisor.mcafee.chrome.extension => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A} => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Mozilla\NativeMessagingHosts\siteadvisor.mcafee.chrome.extension => removed successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Mozilla\NativeMessagingHosts\webadvisor.mcafee.chrome.extension => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mccspsvc => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McNaiAnn => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McODS => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McOobeSv2 => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mcpltsvc => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\McProxy => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfeaack => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfeavfk => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfeelamk => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfefire => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfefirek => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfehidk => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfemms => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfencbdc => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfencrk => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfeplk => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfevtp => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\mfewfpk => removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfee WebAdvisor => removed successfully
    HKEY_USERS\.DEFAULT\Software\McAfee => removed successfully
    HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust => removed successfully
    HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\McAfee => removed successfully
    HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mcafee.com => removed successfully
    HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\SystemCertificates\McAfee Trust => removed successfully
    HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{fcb705c0-a974-47dc-a36a-e1b3bb15fb2c}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$w~mcafee.mcagent => removed successfully
    HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{fcb705c0-a974-47dc-a36a-e1b3bb15fb2c}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$w~mcafeeapplauncher => removed successfully
    HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{fcb705c0-a974-47dc-a36a-e1b3bb15fb2c}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$mcafee.wps => removed successfully
    HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{fcb705c0-a974-47dc-a36a-e1b3bb15fb2c}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$mcafeewpssparsepackage_1ez856j3kr9ae => removed successfully
    HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{fcb705c0-a974-47dc-a36a-e1b3bb15fb2c}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$w~mcafee.mcagent => removed successfully
    HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{fcb705c0-a974-47dc-a36a-e1b3bb15fb2c}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$w~mcafeeapplauncher => removed successfully
    HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{fcb705c0-a974-47dc-a36a-e1b3bb15fb2c}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$mcafee.wps => removed successfully
    HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{fcb705c0-a974-47dc-a36a-e1b3bb15fb2c}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$mcafeewpssparsepackage_1ez856j3kr9ae => removed successfully
    HKEY_USERS\S-1-5-21-1975915644-1811057847-2465535352-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PolicyCache\McAfeeWPSSparsePackage_1ez856j3kr9ae => removed successfully


    The system needed a reboot.

    ==== End of Fixlog 08:10:45 ====
     
    Ebmocwen, Jan 29, 2025
    #15
  16. Oh My!

    Oh My! Malware Expert Staff Member

    Yes, 80 MB is negligible.

    The Fixlog looks great.

    Please do this.

    ===================================================

    Sophos Scan & Clean

    --------------------

    • Download Sophos Scan & Clean and save it to your Desktop
    • Right click on the icon and select Run as administrator
    • Click Next, review the Terms and conditions and if you agree click Next again
    • When completed click Next twice
    • Click Save Log and save the log onto the Desktop
    • Copy and paste the contents of the report in your reply
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Sophos report
     
    Oh My!, Jan 29, 2025
    #16
  17. Ebmocwen

    Ebmocwen Private E-2

    Okay, log attached
     

    Attached Files:

    Ebmocwen, Jan 29, 2025
    #17
  18. Oh My!

    Oh My! Malware Expert Staff Member

    Thanks.

    The Sophos report is clean.

    I wanted to run Sophos because it removes HP Touchpoint Analytics Client which is an HP program that sends information back to HP. It is not malicious software, just undesirable.

    Things look good. Are there any remaining questions or concerns you might have before I post some tool/log clean up instructions and other information for you to consider going forward?
     
    Oh My!, Jan 29, 2025
    #18
  19. Ebmocwen

    Ebmocwen Private E-2

    No, everything seems to be running well, just need to tidy up now :)
     
    Ebmocwen, Jan 30, 2025
    #19
  20. Oh My!

    Oh My! Malware Expert Staff Member

    Very good.

    Here is our final step and some additional information to consider.

    ===================================================

    KpRm by Kernel-panik

    --------------
    • Download KpRm and save it to your Desktop (see here if you must use Chrome)
    • Note: If the file is detected as malware it is not and it is safe to download. The detection is a false positive.
    • Right click on the icon and select Run as administrator
    • Click Yes on the Disclaimer
    • Place a check mark in Delete Tools, Create Restore Point, and Delete in 7 days
    • Click Run
    • Click OK on All operations are completed
    • KpRm will delete itself from you Desktop and you can either save or remove the report that is generated
    • You are free to remove any other tools/reports still remaining
    ===================================================

    All Clean!

    --------------

    Your computer is now clean. Please consider this going forward.

    ===================================================

    Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean.

    Thank you for placing your trust in Major Geeks. It was a pleasure serving you.
     
    Oh My!, Jan 30, 2025
    #20
  21. Ebmocwen

    Ebmocwen Private E-2

    Thank you so much for this help, it's great knowing everything is clean and safe! I will get started on this reading list.
    Of all these programs I downloaded, do you recommend any that I should keep and run regularly as maintenance? What about following up with Windows disk clean up tools?
    Very appreciative of your time and help. This was so useful, perhaps I will start another thread to clean up my work computer now! :)
     
    Ebmocwen, Jan 31, 2025
    #21
  22. Oh My!

    Oh My! Malware Expert Staff Member

    Malwarebytes is good to run. You can run Disk Cleanup but you shouldn't need to do it that often. Maybe once a quarter or sooner if you notice performance issues or warnings about disk space.

    Post for the work computer when you are ready and we will get started. For now, just post the FRST Scan reports. That is sufficient to start.
     
    Oh My!, Jan 31, 2025
    #22

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds