Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    BORN Ontario child registry data breach affects 3.4 million people

Featured Deal: Get started in AI or make your own with this $19.97 course bundle

Latest Buyer's Guide:    Best VPNs to unblock Stan outside Australia in 2023

Generic User Avatar

Please help!! I have some type of browser hijack/redirect.

Started by sunny90 , Sep 17 2023 04:56 PM

  • Please log in to reply
14 replies to this topic

#1 sunny90

sunny90

  • Avatar image
  • Members
  • 8 posts
  • OFFLINE
    •  
  • Local time:09:24 PM

Posted 17 September 2023 - 04:56 PM

Hi!

 

There is some type of browser hijack on my computer or something. In the middle of searching, I will get redirected to other websites asking me to download MacAfee or some other software. How do I remove this?


BC AdBot (Login to Remove)

 

#2 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:24 PM

Posted 17 September 2023 - 07:49 PM

Greetings and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
  • It is important to not run any tools or take any steps other than those I will provide for you.
  • Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
  • Please copy and paste all logs into your post unless otherwise requested.
  • When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
  • If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for 64 bit systems and save it to your Desktop. <<< Important
  • If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
  • Right click on the icon and select Run as administrator
  • Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of each report in separate reply windows
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST.txt
  • Addition.txt

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#3 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:24 PM

Posted 21 September 2023 - 01:48 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#4 sunny90

sunny90
  • Topic Starter

  • Avatar image
  • Members
  • 8 posts
  • OFFLINE
    •  
  • Local time:09:24 PM

Posted 21 September 2023 - 03:05 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2023
Ran by Jess (administrator) on DESKTOP-4IV8REG (ASUSTeK COMPUTER INC. Zen AIO 24 ZN242GD_ZN242GD) (21-09-2023 15:59:09)
Running from C:\Users\Jess\Downloads\FRST64.exe
Loaded Profiles: Jess
Platform: Microsoft Windows 10 Home Version 22H2 19045.3448 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUS) C:\Program Files\WindowsApps\b9eced6f.splendid_1.0.15.0_x64__qmba6cd70vzyy\ACMON.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\ATKOSD2.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe ->) (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exe <2>
(C:\Users\Jess\AppData\Roaming\DesktopCal\desktopcal.exe ->) (Beijing CloudStory Inc. -> Beijing Xiaowei Cloud Inc.) C:\Users\Jess\AppData\Roaming\DesktopCal\dkdockhost.exe
(DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsLdrSrv64.exe ->) (ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsMonStartupTask64.exe
(explorer.exe ->) (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTek Computer Inc.) C:\Program Files\WindowsApps\b9eced6f.asuskeyboardhotkeys_1.0.12.0_x86__qmba6cd70vzyy\ATK Package\HControl.exe
(explorer.exe ->) (Beijing CloudStory Inc. -> Beijing Xiaowei Cloud Inc.) C:\Users\Jess\AppData\Roaming\DesktopCal\desktopcal.exe
(explorer.exe ->) (Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mspaint.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mstsc.exe <14>
(explorer.exe ->) (RealDefense, LLC -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(explorer.exe ->) (The Chromium Authors) [File not signed] C:\Users\Jess\Downloads\chrome-win (1)\chrome-win\chrome.exe <37>
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <31>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\net.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\net1.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <12>
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsHidSrv64.exe
(services.exe ->) (ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsLdrSrv64.exe
(services.exe ->) (Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82b77f8c4618e2d0\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\piecomponent.inf_amd64_c6fd2d54422ec157\Intel_PIE_Service.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_31a8dbbf39dcdc3b\jhi_service.exe
(services.exe ->) (Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(sihost.exe ->) (649690DD-9BE8-48E7-8019-88DCA877AF4E -> McAfee, LLC) C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\Win32\mcafee-security-ft.exe
(svchost.exe ->) (649690DD-9BE8-48E7-8019-88DCA877AF4E -> McAfee LLC) C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\mcafee-security.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) (Adobe Systems Incorporated -> ) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2308.3.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.3385_none_7e1c800a7c81ffd9\TiWorker.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [1076728 2020-03-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [109324536 2021-03-12] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [781552 2021-11-17] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2044568 2023-04-28] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe" (No File)
HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-3983067033-3805247150-532412538-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2607648 2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3983067033-3805247150-532412538-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Jess\AppData\Local\Microsoft\Teams\Update.exe [2454240 2021-07-28] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3983067033-3805247150-532412538-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [8659928 2023-09-06] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3983067033-3805247150-532412538-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\Jess\AppData\Local\WebEx\WebexHost.exe [6989648 2022-01-20] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-3983067033-3805247150-532412538-1001\...\Run: [MicrosoftEdgeAutoLaunch_543DCE2EBAC5426B3931C8C27BFE2EAF] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4210216 2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3983067033-3805247150-532412538-1001\...\Run: [DesktopCal] => C:\Users\Jess\AppData\Roaming\DesktopCal\desktopcal.exe [708168 2023-01-08] (Beijing CloudStory Inc. -> Beijing Xiaowei Cloud Inc.)
HKU\S-1-5-21-3983067033-3805247150-532412538-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11190504 2023-05-05] (RealDefense, LLC -> SUPERAntiSpyware)
HKU\S-1-5-21-3983067033-3805247150-532412538-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [42614688 2023-09-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [203936 2021-12-24] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\PDF-XChange Lite Port Monitor: C:\Windows\system32\pxcpmL.dll [2061184 2021-07-19] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\116.0.5845.188\Installer\chrmstp.exe [2023-09-13] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01F61F8F-02EB-4312-83AA-804D25201735} - \NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {047A8DE3-0350-4C4C-8E83-B2CD0FA25DDA} - \NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {20B2D89C-703D-45EC-8B1E-A10D82586ED5} - \NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {2BB692C1-F60F-479E-ADC2-1CAF9422A2AC} - \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask -> No File <==== ATTENTION
Task: {56F76C3E-3D7F-4E0D-A9A4-30E7CF353E16} - \Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display -> No File <==== ATTENTION
Task: {6791C057-CABC-4177-BED0-D4FB72AFE9DB} - \NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A} - \Microsoft\Windows\UpdateOrchestrator\Reboot -> No File <==== ATTENTION
Task: {8C4DB214-07ED-4426-B5E4-3C3CC2FE5462} - \NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {8C94E823-C58F-46BA-A99D-D40725594D4E} - \NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {8F2D4224-3A2C-4D2C-B82D-A06C88CF4807} - \NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {97E8D66D-0085-423C-BA11-DD777A1258AB} - \Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask -> No File <==== ATTENTION
Task: {A7F57D42-2E20-4756-AB5E-40D70E537937} - \Update Checker -> No File <==== ATTENTION
Task: {B6E67297-4E2A-4BAB-9C4A-63B62EDBF591} - \Microsoft\Windows\Management\Provisioning\PostResetBoot -> No File <==== ATTENTION
Task: {C2098BE2-A29A-4EB1-97F6-F0C57E086D4F} - \Microsoft\Windows\Speech\HeadsetButtonPress -> No File <==== ATTENTION
Task: {C4143BD1-BDD8-4AA6-83E1-57F4C83800BA} - \Microsoft\Windows\Setup\SetupCleanupTask -> No File <==== ATTENTION
Task: {C48D50E5-71A9-48D8-B7C1-3DA9AECBDEC3} - \Microsoft\Windows\WindowsUpdate\sih -> No File <==== ATTENTION
Task: {D56C12EF-75A3-4184-BFEE-D3658B91E914} - \NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {033BFC09-B719-4496-8BD4-4F1E1FB11D57} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-08-02] (Adobe Inc. -> Adobe Inc.)
Task: {AD3BD9CC-A3C1-47E1-B3A9-EC6164983C3A} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsHotkeyExec64.exe [176064 2019-03-04] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
Task: {5AF5B05F-9F02-4A82-AD52-598914DED605} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-09-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {156304AB-DE9D-41B0-A6BD-64A7C617A040} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-09-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "6a045e4b-8a4c-4888-a566-254547261b76" --version "6.16.10662" --silent
Task: {5C97EEB9-5854-429E-8642-F601FA417EE0} - System32\Tasks\CCleanerSkipUAC - Jess => C:\Program Files\CCleaner\CCleaner.exe [35675552 2023-09-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {262988BA-A3F7-4A7A-9DEC-4E7E0CB9C34D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-24] (Google LLC -> Google LLC)
Task: {897D8AB3-6148-4F0D-BFA4-A7C7D732C456} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-24] (Google LLC -> Google LLC)
Task: {2B4C95B0-CA9B-41AD-8486-5472970D8987} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {60319BA4-4208-410E-B953-EC188DFCC534} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {B7542E06-BA49-463C-A362-24907C2DD712} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {B88EF86E-A64F-4B59-B429-97CF0D08EF2F} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {38FA8770-5164-484C-AE84-7A765A92F85B} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {F3CBD3C2-24E5-4D7F-AC3D-B7BC1D2414B5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1271528 2023-09-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {7539D311-9E84-4AEE-921E-B45B3718A355} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B86A2E05-BDE8-4973-971F-86D5272E200B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2EF9E9A7-1231-406D-9101-6C383BF8470E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E0130231-5B54-45CF-9899-F3D91334FFB2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D77B9C57-86E6-47F7-AD11-81F8175B7B7A} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [675232 2023-09-12] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {29FB1A75-4923-48B5-8F3F-9E03D4AD60BB} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [722336 2023-09-12] (Mozilla Corporation -> Mozilla Foundation)
Task: {DFBD5FBD-0B29-4CB3-B0D0-E3281D060085} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {F3EDD56A-7A45-470D-A674-E8D4988419A0} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3983067033-3805247150-532412538-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{00b73b8b-4166-4f97-9f82-e93302821cc6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c49b63c3-99ff-4a54-9770-c3b1591d9a03}: [NameServer] 150.216.1.205,150.216.1.206
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Jess\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-21]
Edge Notifications: Default -> hxxps://eastcarolina.lightning.force.com; hxxps://voice.google.com
Edge Extension: (Google Docs Offline) - C:\Users\Jess\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-28]
Edge Extension: (Edge relevant text changes) - C:\Users\Jess\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-18]
 
FireFox:
========
FF DefaultProfile: 4nfxtbef.default
FF ProfilePath: C:\Users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\4nfxtbef.default [2021-08-31]
FF ProfilePath: C:\Users\Jess\AppData\Roaming\Mozilla\Firefox\Profiles\4svjg5hc.default-release [2023-09-21]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-10-05]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2021-07-19] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-11-17] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-18] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-18] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2021-07-19] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-09-06] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-11-17] (Adobe Inc. -> Adobe Systems)
 
Chrome: 
=======
CHR Profile: C:\Users\Jess\AppData\Local\Google\Chrome\User Data\Default [2023-09-21]
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Jess\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-08-27]
CHR Extension: (Google Docs Offline) - C:\Users\Jess\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-09]
CHR Extension: (Klarna | Shop now. Pay later.) - C:\Users\Jess\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfapbcheiepjppjbnkphkmegjlipojba [2023-09-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jess\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-24]
CHR HKU\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-08-02] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [844528 2021-11-17] (Adobe Inc. -> Adobe Inc.)
R2 AsHidService; C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsHidSrv64.exe [173504 2019-03-04] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
R2 ASLDRService; C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsLdrSrv64.exe [227776 2019-03-04] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817040 2023-09-15] (Microsoft Corporation -> Microsoft Corporation)
S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [326032 2018-06-05] (ASUSTeK Computer Inc. -> )
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncHelper.exe [3518480 2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9286168 2023-09-09] (Malwarebytes Inc. -> Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.180.0828.0001\OneDriveUpdaterService.exe [3855376 2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [16184216 2022-06-23] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ZenAnywhere; C:\Program Files\Orbweb Inc\ASUS ZenAnywhere\ZenAnywhere.exe [156056 2018-05-17] (Orbweb Taiwan Inc. -> Orbweb Inc.)
S3 ZenAnywhere Updater; C:\Program Files\Orbweb Inc\ASUS ZenAnywhere\updater.exe [156056 2018-05-17] (Orbweb Taiwan Inc. -> Orbweb Inc.)
S3 ZenAnywhereNetworkService; C:\Program Files\Orbweb Inc\ASUS ZenAnywhere\bin\ZenAnywhereNetworkService.exe [69016 2017-04-07] (Orbweb Taiwan Inc. -> Orbweb Inc.)
S3 MyWiFiDHCPDNS; "C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe" [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 acsock; C:\Windows\system32\DRIVERS\acsock64.sys [310216 2023-04-28] (Microsoft Windows Hardware Compatibility Publisher -> Cisco Systems, Inc.)
S3 AmUStor; C:\Windows\system32\drivers\AmUStor.SYS [109008 2017-10-17] (Alcor Micro, Corp. -> )
R1 ATKWMIACPIIO; C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\atkwmiacpi64.sys [36368 2019-03-04] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [284672 2021-04-14] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [66952 2018-07-29] (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [222672 2023-08-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-05-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35960 2014-12-28] (ManyCam -> Visicom Media Inc.)
R3 MpKslde1ce998; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{98D124AA-A59B-43DA-94D1-83D934F665CA}\MpKslDrv.sys [222464 2023-09-21] (Microsoft Windows -> Microsoft Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [26696 2018-01-22] (NVIDIA Corporation -> Windows ® Win 7 DDK provider)
S3 RealWoW60; C:\Windows\system32\DRIVERS\RealWoW60.sys [39432 2017-04-07] (Realtek Semiconductor Corp. -> Realtek semiconductor corp)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ssudqcfilter; C:\Windows\System32\drivers\ssudqcfilter.sys [64880 2020-11-11] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
S3 ss_conn_usb_driver; C:\Windows\System32\Drivers\ss_conn_usb_driver.sys [43368 2019-12-17] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [74064 2023-04-28] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55872 2023-08-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [574872 2023-08-31] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-08-31] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-09-21 15:59 - 2023-09-21 16:00 - 000032101 _____ C:\Users\Jess\Downloads\FRST.txt
2023-09-21 15:58 - 2023-09-21 15:59 - 000000000 ____D C:\FRST
2023-09-21 15:58 - 2023-09-21 15:58 - 002382848 _____ (Farbar) C:\Users\Jess\Downloads\FRST64.exe
2023-09-21 14:47 - 2023-09-21 15:56 - 000034164 _____ C:\Users\Jess\Downloads\Draft 2024 Spring.xlsx
2023-09-21 14:47 - 2023-09-21 14:47 - 000000165 ____H C:\Users\Jess\Downloads\~$Draft 2024 Spring.xlsx
2023-09-21 02:12 - 2023-09-21 02:12 - 000123392 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-09-21T021237.282.xls
2023-09-20 21:34 - 2023-09-20 21:34 - 000002270 _____ C:\Users\Jess\Downloads\package_detail - 2023-09-20T213412.778.csv
2023-09-20 21:04 - 2023-09-20 21:04 - 000001850 _____ C:\Users\Jess\Desktop\9-21-23.csv
2023-09-19 21:40 - 2023-09-19 21:40 - 000002363 _____ C:\Users\Jess\Downloads\package_detail - 2023-09-19T214020.443.csv
2023-09-19 21:33 - 2023-09-19 21:33 - 000007633 _____ C:\Users\Jess\Downloads\1695173584-logs_detail.csv
2023-09-19 21:33 - 2023-09-19 21:33 - 000007633 _____ C:\Users\Jess\Downloads\1695173584-logs_detail (1).csv
2023-09-19 21:29 - 2023-09-19 21:29 - 000090112 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-09-19T212900.534.xls
2023-09-19 20:53 - 2023-09-19 20:53 - 000002363 _____ C:\Users\Jess\Downloads\package_detail - 2023-09-19T205346.739.csv
2023-09-19 00:56 - 2023-09-19 00:56 - 000087552 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-09-19T005648.685.xls
2023-09-18 20:54 - 2023-09-18 20:54 - 000002171 _____ C:\Users\Jess\Downloads\package_detail - 2023-09-18T205406.280.csv
2023-09-17 23:44 - 2023-09-17 23:44 - 000015872 _____ C:\Users\Jess\Downloads\SF_COMPANY_RESULTS - 2023-09-17T234432.931.xls
2023-09-17 23:38 - 2023-09-17 23:38 - 000150528 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-09-17T233830.256.xls
2023-09-17 23:37 - 2023-09-17 23:37 - 000043008 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-09-17T233715.038.xls
2023-09-17 20:46 - 2023-09-17 20:46 - 000002149 _____ C:\Users\Jess\Downloads\package_detail - 2023-09-17T204625.063.csv
2023-09-17 20:41 - 2023-09-17 20:41 - 000002153 _____ C:\Users\Jess\Downloads\package_detail - 2023-09-17T204151.607.csv
2023-09-17 20:41 - 2023-09-17 20:41 - 000002153 _____ C:\Users\Jess\Downloads\package_detail - 2023-09-17T204132.023.csv
2023-09-17 17:44 - 2023-09-17 17:44 - 000388608 _____ (Trend Micro Inc.) C:\Users\Jess\Downloads\HijackThis (1).exe
2023-09-15 21:13 - 2023-09-15 21:13 - 000001925 _____ C:\Users\Jess\Downloads\package_detail - 2023-09-15T211344.364.csv
2023-09-15 20:18 - 2023-09-15 20:18 - 000145408 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-09-15T201816.234.xls
2023-09-15 10:13 - 2023-09-15 10:13 - 000000000 ___HD C:\$WinREAgent
2023-09-14 23:47 - 2023-09-14 23:47 - 000002372 _____ C:\Users\Jess\Downloads\package_detail - 2023-09-14T234738.988.csv
2023-09-14 20:57 - 2023-09-14 20:57 - 000123904 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-09-14T205709.735.xls
2023-09-14 14:51 - 2023-09-16 18:44 - 000658042 _____ C:\Users\Jess\Desktop\MOM.pptx
2023-09-13 20:43 - 2023-09-13 20:43 - 000002318 _____ C:\Users\Jess\Downloads\package_detail - 2023-09-13T204356.277.csv
2023-09-13 20:42 - 2023-09-13 20:42 - 000104960 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-09-13T204258.102.xls
2023-09-13 20:39 - 2023-09-13 20:39 - 000002322 _____ C:\Users\Jess\Downloads\package_detail - 2023-09-13T203936.857.csv
2023-09-12 21:05 - 2023-09-12 21:05 - 000002433 _____ C:\Users\Jess\Downloads\package_detail - 2023-09-12T210524.477.csv
2023-09-12 21:04 - 2023-09-12 21:04 - 000002433 _____ C:\Users\Jess\Downloads\package_detail - 2023-09-12T210447.298.csv
2023-09-12 20:45 - 2023-09-12 20:45 - 000083968 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-09-12T204516.932.xls
2023-09-12 18:07 - 2023-09-12 18:07 - 000137024 _____ (Zoom Video Communications, Inc.) C:\Users\Jess\Downloads\Zoom_cm_fo42mnktZ9vvrZo4_mma0PrfVTjqSszqjrkYS5Li3W5cjvENwAUeg@CC-aL13jtBLjrOlf_k59b6ea5ab6d49bf7_.exe
2023-09-12 18:07 - 2023-09-12 18:07 - 000000000 ____D C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2023-09-12 17:22 - 2023-09-16 03:06 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-09-12 00:13 - 2023-09-12 00:13 - 000078848 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-09-12T001301.579.xls
2023-09-11 21:55 - 2023-09-11 21:55 - 000002313 _____ C:\Users\Jess\Downloads\package_detail - 2023-09-11T215501.457.csv
2023-09-11 20:22 - 2023-09-11 20:22 - 000062464 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-09-11T202243.875.xls
2023-09-11 00:36 - 2023-09-11 00:36 - 000015360 _____ C:\Users\Jess\Downloads\SF_COMPANY_RESULTS (100).xls
2023-09-10 20:57 - 2023-09-10 20:57 - 000152064 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-09-10T205743.531.xls
2023-09-10 20:56 - 2023-09-10 20:56 - 000043520 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-09-10T205650.121.xls
2023-09-10 20:43 - 2023-09-10 20:43 - 000002233 _____ C:\Users\Jess\Downloads\package_detail - 2023-09-10T204330.108.csv
2023-09-09 00:10 - 2023-09-09 00:10 - 000150016 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-09-09T001010.757.xls
2023-09-08 21:02 - 2023-09-08 21:02 - 000002002 _____ C:\Users\Jess\Downloads\package_detail - 2023-09-08T210235.945.csv
2023-09-07 21:27 - 2023-09-07 21:27 - 000002454 _____ C:\Users\Jess\Downloads\package_detail - 2023-09-07T212711.892.csv
2023-09-07 21:08 - 2023-09-07 21:08 - 000119296 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-09-07T210825.357.xls
2023-09-06 20:45 - 2023-09-06 20:45 - 002363878 _____ C:\Users\Jess\Downloads\Please_DocuSign_WPL_Onboarding_Docments (27).pdf
2023-09-06 20:44 - 2023-09-06 20:44 - 002882084 _____ C:\Users\Jess\Downloads\Please_DocuSign_WPL_Onboarding_Docments (26).pdf
2023-09-06 20:44 - 2023-09-06 20:44 - 002154139 _____ C:\Users\Jess\Downloads\Please_DocuSign_WPL_Onboarding_Docments (25).pdf
2023-09-06 20:39 - 2023-09-06 20:39 - 000098816 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-09-06T203933.398.xls
2023-09-06 20:37 - 2023-09-06 20:37 - 000002453 _____ C:\Users\Jess\Downloads\package_detail - 2023-09-06T203758.533.csv
2023-09-06 00:36 - 2023-09-06 00:36 - 000007781 _____ C:\Users\Jess\Downloads\1693974929-logs_detail.csv
2023-09-06 00:30 - 2023-09-06 00:30 - 000096256 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-09-06T003010.275.xls
2023-09-05 20:55 - 2023-09-05 20:55 - 000002456 _____ C:\Users\Jess\Downloads\package_detail - 2023-09-05T205543.198.csv
2023-09-05 17:49 - 2023-09-05 17:49 - 000293218 _____ C:\Users\Jess\Downloads\Medical Summary Report.pdf
2023-09-05 17:49 - 2023-09-05 17:49 - 000134651 _____ C:\Users\Jess\Downloads\records.pdf
2023-09-05 16:21 - 2023-09-05 16:21 - 003423785 _____ C:\Users\Jess\Downloads\HACU Poster Display.pdf
2023-09-04 23:08 - 2023-09-04 23:08 - 000015360 _____ C:\Users\Jess\Downloads\SF_COMPANY_RESULTS (99).xls
2023-09-04 20:59 - 2023-09-04 20:59 - 000141824 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-09-04T205922.369.xls
2023-09-04 20:58 - 2023-09-04 20:58 - 000059392 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-09-04T205828.973.xls
2023-09-04 20:42 - 2023-09-04 20:42 - 000002469 _____ C:\Users\Jess\Downloads\package_detail - 2023-09-04T204222.726.csv
2023-09-02 00:01 - 2023-09-02 00:01 - 000140288 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-09-02T000108.683.xls
2023-09-01 22:39 - 2023-09-01 22:39 - 000001998 _____ C:\Users\Jess\Downloads\package_detail - 2023-09-01T223904.021.csv
2023-09-01 17:39 - 2023-09-01 17:39 - 000076989 _____ C:\Users\Jess\Downloads\WPL pay stubs.zip
2023-09-01 17:38 - 2023-09-01 17:38 - 001020945 _____ C:\Users\Jess\Downloads\ECU pay stubs.zip
2023-08-31 23:04 - 2023-08-31 23:04 - 000069825 _____ C:\Users\Jess\Downloads\Property Boss Solutions _ Powerful property management software.pdf
2023-08-31 23:02 - 2023-08-31 23:02 - 000292814 _____ C:\Users\Jess\Downloads\Russell Property Management Rental Application.pdf
2023-08-31 22:15 - 2023-09-01 17:38 - 000000000 ____D C:\Users\Jess\Downloads\WPL pay stubs
2023-08-31 22:14 - 2023-09-01 17:38 - 000000000 ____D C:\Users\Jess\Downloads\ECU pay stubs
2023-08-31 21:12 - 2023-08-31 21:12 - 000119808 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-08-31T211214.897.xls
2023-08-31 20:51 - 2023-08-31 20:51 - 000002335 _____ C:\Users\Jess\Downloads\package_detail - 2023-08-31T205131.884.csv
2023-08-30 20:43 - 2023-08-30 20:43 - 000002331 _____ C:\Users\Jess\Downloads\package_detail - 2023-08-30T204324.454.csv
2023-08-30 20:32 - 2023-08-30 20:32 - 000100864 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-08-30T203217.446.xls
2023-08-30 17:10 - 2023-08-30 17:10 - 000029913 _____ C:\Users\Jess\Downloads\Paycheck_2023-08-12_2023-08-18.pdf
2023-08-30 17:10 - 2023-08-30 17:10 - 000029911 _____ C:\Users\Jess\Downloads\Paycheck_2023-07-22_2023-07-28.pdf
2023-08-30 17:10 - 2023-08-30 17:10 - 000029910 _____ C:\Users\Jess\Downloads\Paycheck_2023-08-05_2023-08-11.pdf
2023-08-30 17:10 - 2023-08-30 17:10 - 000029910 _____ C:\Users\Jess\Downloads\Paycheck_2023-07-29_2023-08-04.pdf
2023-08-30 17:06 - 2023-08-30 17:06 - 000260979 _____ C:\Users\Jess\Downloads\PayStub20230731.pdf
2023-08-30 17:06 - 2023-08-30 17:06 - 000260970 _____ C:\Users\Jess\Downloads\PayStub20230815.pdf
2023-08-30 17:06 - 2023-08-30 17:06 - 000260968 _____ C:\Users\Jess\Downloads\PayStub20230714 (1).pdf
2023-08-30 17:06 - 2023-08-30 17:06 - 000260958 _____ C:\Users\Jess\Downloads\PayStub20230831.pdf
2023-08-29 21:51 - 2023-08-29 21:51 - 000082432 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-08-29T215100.453.xls
2023-08-29 21:12 - 2023-08-29 21:12 - 000002353 _____ C:\Users\Jess\Downloads\package_detail - 2023-08-29T211249.693.csv
2023-08-29 00:13 - 2023-08-29 00:13 - 000009129 _____ C:\Users\Jess\Downloads\1693282368-logs_detail.csv
2023-08-29 00:09 - 2023-08-29 00:09 - 000078848 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-08-29T000917.272.xls
2023-08-28 20:35 - 2023-08-28 20:35 - 000002220 _____ C:\Users\Jess\Downloads\package_detail - 2023-08-28T203548.041.csv
2023-08-27 21:22 - 2023-08-27 21:22 - 000015360 _____ C:\Users\Jess\Downloads\SF_COMPANY_RESULTS (98).xls
2023-08-27 21:18 - 2023-08-27 21:18 - 000139264 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-08-27T211831.119.xls
2023-08-27 21:17 - 2023-08-27 21:17 - 000043008 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-08-27T211758.514.xls
2023-08-27 20:27 - 2023-08-27 20:27 - 000002225 _____ C:\Users\Jess\Downloads\package_detail - 2023-08-27T202719.742.csv
2023-08-25 21:05 - 2023-08-25 21:05 - 000001976 _____ C:\Users\Jess\Downloads\package_detail - 2023-08-25T210520.793.csv
2023-08-25 21:00 - 2023-08-25 21:00 - 000001977 _____ C:\Users\Jess\Downloads\package_detail - 2023-08-25T210028.985.csv
2023-08-25 20:58 - 2023-08-25 20:58 - 000139264 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-08-25T205825.101.xls
2023-08-25 20:46 - 2023-08-25 20:46 - 000001979 _____ C:\Users\Jess\Downloads\package_detail - 2023-08-25T204649.880.csv
2023-08-24 22:03 - 2023-08-24 22:03 - 000002226 _____ C:\Users\Jess\Downloads\package_detail - 2023-08-24T220309.240.csv
2023-08-24 20:56 - 2023-08-24 20:56 - 000121856 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-08-24T205603.263.xls
2023-08-24 00:08 - 2023-08-24 00:08 - 000009687 _____ C:\Users\Jess\Downloads\1692850058-logs_detail.csv
2023-08-24 00:04 - 2023-08-24 00:04 - 000118784 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-08-24T000406.747.xls
2023-08-23 23:55 - 2023-08-23 23:55 - 000002336 _____ C:\Users\Jess\Downloads\package_detail - 2023-08-23T235541.263.csv
2023-08-23 20:57 - 2023-08-23 20:57 - 000002336 _____ C:\Users\Jess\Downloads\package_detail - 2023-08-23T205757.215.csv
2023-08-22 21:06 - 2023-08-22 21:06 - 000085504 _____ C:\Users\Jess\Downloads\weekly service worksheet - 2023-08-22T210617.252.xls
2023-08-22 21:03 - 2023-08-22 21:03 - 000002340 _____ C:\Users\Jess\Downloads\package_detail - 2023-08-22T210357.119.csv
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-09-21 16:00 - 2021-07-24 21:51 - 000000000 ____D C:\ProgramData\NVIDIA
2023-09-21 15:58 - 2021-07-24 19:50 - 000000000 ____D C:\Windows\INF
2023-09-21 15:35 - 2021-12-17 03:30 - 000000000 ____D C:\Windows\SystemTemp
2023-09-21 15:35 - 2021-07-24 20:09 - 000000000 ____D C:\Program Files (x86)\Google
2023-09-21 15:34 - 2021-07-24 21:07 - 000000000 ____D C:\Users\Jess\AppData\Roaming\Microsoft\Excel
2023-09-21 15:07 - 2021-07-24 19:51 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-09-21 14:47 - 2021-07-24 20:06 - 000000000 ____D C:\Users\Jess\AppData\Local\Packages
2023-09-21 14:09 - 2022-02-09 08:48 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-09-21 13:55 - 2021-07-24 19:51 - 000000000 ___HD C:\Program Files\WindowsApps
2023-09-21 13:55 - 2021-07-24 19:51 - 000000000 ____D C:\Windows\AppReadiness
2023-09-21 13:51 - 2023-08-12 01:13 - 000002346 ____H C:\Users\Jess\Documents\Default.rdp
2023-09-21 13:50 - 2021-07-24 19:53 - 000000000 ____D C:\Windows\system32\FxsTmp
2023-09-21 13:42 - 2021-07-24 21:50 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-09-21 12:55 - 2021-08-31 22:16 - 000000000 ____D C:\Program Files\TeamViewer
2023-09-21 08:55 - 2021-07-24 21:50 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-09-21 08:55 - 2021-07-24 21:50 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-09-20 19:36 - 2021-10-12 01:17 - 000000000 ____D C:\Users\Jess\AppData\Local\CrashDumps
2023-09-20 10:23 - 2021-07-25 00:00 - 000000000 ____D C:\Users\Jess\AppData\Roaming\Microsoft\Word
2023-09-18 15:31 - 2021-12-13 05:09 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3983067033-3805247150-532412538-1001
2023-09-18 15:31 - 2021-09-11 23:29 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-09-18 15:31 - 2021-07-24 21:07 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-09-18 15:31 - 2021-07-24 21:06 - 000002134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-09-18 15:29 - 2021-07-24 20:09 - 000003714 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2023-09-18 15:29 - 2021-07-24 20:09 - 000003590 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2023-09-16 14:35 - 2023-05-07 01:54 - 000000000 ____D C:\Program Files\CCleaner
2023-09-16 03:23 - 2023-05-07 01:54 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update
2023-09-16 03:23 - 2023-05-07 01:54 - 000003474 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting
2023-09-16 03:23 - 2023-05-07 01:54 - 000000760 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2023-09-16 03:14 - 2021-07-24 22:01 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2023-09-16 03:07 - 2021-07-24 21:50 - 000463752 _____ C:\Windows\system32\FNTCACHE.DAT
2023-09-16 03:06 - 2021-08-31 17:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-09-16 03:06 - 2021-07-24 21:50 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-09-16 03:06 - 2021-07-24 19:51 - 000000000 ___RD C:\Windows\PrintDialog
2023-09-16 03:06 - 2021-07-24 19:51 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-09-16 03:06 - 2021-07-24 19:51 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-09-16 03:06 - 2021-07-24 19:51 - 000000000 ____D C:\Windows\SystemResources
2023-09-16 03:06 - 2021-07-24 19:51 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-09-16 03:06 - 2021-07-24 19:51 - 000000000 ____D C:\Windows\system32\oobe
2023-09-16 03:06 - 2021-07-24 19:51 - 000000000 ____D C:\Windows\system32\appraiser
2023-09-16 03:06 - 2021-07-24 19:51 - 000000000 ____D C:\Windows\ShellExperiences
2023-09-16 03:06 - 2021-07-24 19:51 - 000000000 ____D C:\Windows\ServiceState
2023-09-16 03:06 - 2021-07-24 19:51 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-09-16 03:06 - 2021-07-24 19:51 - 000000000 ____D C:\Windows\bcastdvr
2023-09-16 03:06 - 2021-07-24 19:46 - 000524288 _____ C:\Windows\system32\config\BBI
2023-09-16 03:05 - 2021-10-15 03:10 - 000000000 ____D C:\Users\Jess\AppData\Roaming\Microsoft\Paint
2023-09-15 10:24 - 2021-07-24 19:47 - 000000000 ____D C:\Windows\CbsTemp
2023-09-15 10:21 - 2021-07-24 21:52 - 003014144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-09-15 09:48 - 2021-07-24 21:00 - 000000000 ____D C:\Program Files\Microsoft Office
2023-09-14 21:25 - 2021-11-17 18:19 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2023-09-14 21:24 - 2022-10-13 23:32 - 000002116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2023-09-14 21:24 - 2022-10-13 23:32 - 000002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-09-14 20:31 - 2021-07-24 21:07 - 000000000 ____D C:\Users\Jess\AppData\Roaming\Microsoft\Office
2023-09-14 14:51 - 2021-08-20 01:20 - 000000000 ____D C:\Users\Jess\AppData\Roaming\Microsoft\PowerPoint
2023-09-13 21:56 - 2021-12-13 06:08 - 000000000 ___RD C:\Users\Jess\Documents\1 NEW
2023-09-13 21:56 - 2020-12-08 13:55 - 000000000 ___RD C:\Users\Jess\Documents\COMPLETELY UPDATED
2023-09-13 09:15 - 2021-07-26 22:18 - 000000000 ____D C:\Windows\system32\MRT
2023-09-13 09:13 - 2021-07-26 22:18 - 177941912 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-09-13 00:54 - 2021-07-24 20:09 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-09-13 00:54 - 2021-07-24 20:09 - 000002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-09-12 22:25 - 2021-08-31 17:14 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-09-12 18:07 - 2021-08-02 17:40 - 000001930 _____ C:\Users\Jess\Desktop\Zoom.lnk
2023-09-12 18:07 - 2021-07-29 20:29 - 000000000 ____D C:\Users\Jess\AppData\Roaming\Zoom
2023-09-10 16:46 - 2023-06-06 22:03 - 000000000 ____D C:\Users\Jess\AppData\Local\Malwarebytes
2023-09-09 15:06 - 2021-07-24 20:05 - 000000000 ____D C:\Users\Jess
2023-09-05 22:06 - 2021-07-26 22:19 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-09-05 20:51 - 2022-12-01 22:44 - 000033201 _____ C:\Users\Jess\Desktop\FEDEX CONTACT LIST (1) - Copy.xlsx
2023-09-02 23:25 - 2021-07-24 20:06 - 000000000 ____D C:\Users\Jess\AppData\Local\D3DSCache
2023-09-01 15:08 - 2021-07-24 21:50 - 000008192 ___SH C:\DumpStack.log.tmp
2023-08-31 15:49 - 2021-07-24 21:50 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-08-30 21:44 - 2021-08-31 22:16 - 000000000 ____D C:\Users\Jess\AppData\Roaming\TeamViewer
 
==================== Files in the root of some directories ========
 
2021-10-12 01:29 - 2021-10-15 15:21 - 000000205 _____ () C:\Users\Jess\AppData\Local\oobelibMkey.log
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-09-2023
Ran by Jess (21-09-2023 16:03:16)
Running from C:\Users\Jess\Downloads
Microsoft Windows 10 Home Version 22H2 19045.3448 (X64) (2021-07-25 01:58:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-3983067033-3805247150-532412538-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3983067033-3805247150-532412538-503 - Limited - Disabled)
Guest (S-1-5-21-3983067033-3805247150-532412538-501 - Limited - Disabled)
Jess (S-1-5-21-3983067033-3805247150-532412538-1001 - Administrator - Enabled) => C:\Users\Jess
WDAGUtilityAccount (S-1-5-21-3983067033-3805247150-532412538-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 23.006.20320 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.6.0.788 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601052}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.4.0 - ASUSTeK COMPUTER INC.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.8 - ASUSTeK COMPUTER INC.)
ASUS ZenAnywhere (HKLM\...\{8596252F-FCA3-4333-8574-BF0C6A8F2A7B}) (Version: 4.6.1 - Orbweb Inc.) Hidden
ASUS ZenAnywhere (HKLM-x32\...\ASUS ZenAnywhere 4.6.1) (Version: 4.6.1 - Orbweb Inc.)
CalendarTask 3.2.138.6030 (HKU\S-1-5-21-3983067033-3805247150-532412538-1001\...\XDiarys) (Version: 3.2.138.6030 - Xiaowei Cloud, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 6.16 - Piriform)
Cisco AnyConnect Diagnostics and Reporting Tool (HKLM-x32\...\{C46A2E06-2082-464C-9D8E-EF22CB8571C9}) (Version: 4.10.07061 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.10.07061 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{11E16B39-0FA6-4DF0-9736-73BB638C9924}) (Version: 4.10.07061 - Cisco Systems, Inc.) Hidden
Cisco Webex Meetings (HKU\S-1-5-21-3983067033-3805247150-532412538-1001\...\ActiveTouchMeetingClient) (Version: 42.1.3 - Cisco Webex LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 116.0.5845.188 - Google LLC)
Intel® Chipset Device Software (HKLM\...\{C844CC39-BC28-46CA-8239-3F37D8FE2A59}) (Version: 10.1.17541.8066 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.4.10500.5526 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1805.12.0.1097 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{A6D99F91-2039-4560-A476-1E8B954E0C70}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{BF1D4FDD-6613-4F36-AE24-EDE3D7E30CF4}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{50DC6FA9-9221-495B-B9BF-EF39D7BC4FDE}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.0.2.1086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{64A94A93-B0C4-4B16-8CDC-FDB06E8CC306}) (Version: 16.0.2.1086 - Intel Corporation) Hidden
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1727.1 - Intel Corporation)
Intel® Serial IO (HKLM\...\{FDA51260-818D-4F38-B39B-FD808ED54E5E}) (Version: 30.100.1727.1 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00002030-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.30.2 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{86310f5b-bdb9-47b7-9ff9-d633944adc43}) (Version: 20.80.0.0u - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{93F6B213-9CEE-49BA-AD28-BC849B4100DE}) (Version: 20.80.0.1991 - Intel Corporation) Hidden
Malwarebytes version 4.6.1.280 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.1.280 - Malwarebytes)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.16731.20234 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.36 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.36 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.180.0828.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3983067033-3805247150-532412538-1001\...\Teams) (Version: 1.4.00.19572 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{2953E19B-9F91-4A49-A23B-7E25970A1951}) (Version: 3.73.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{484EF395-8BDF-417B-AF02-35777C5AFC32}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{C79060C7-3052-431F-92F9-609B83317A77}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.23.27820 (HKLM\...\{9CA7111B-263D-45DE-B898-61FAD30B3237}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.23.27820 (HKLM\...\{A94EC1B2-932B-49D7-8AF2-4FBD29FF314B}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.23.27820 (HKLM-x32\...\{86BE78D9-65A1-4E69-86F8-C1F5281F8553}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.23.27820 (HKLM-x32\...\{00AC3934-26B4-406E-807C-1692AC7329EC}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 117.0.1 (x64 en-US)) (Version: 117.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 91.0.2 - Mozilla)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.73 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.12.0.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.12.0.84 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.73 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.13.7500 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
PDF-XChange Editor (HKLM\...\{292E1494-19E6-456B-B4A5-0418CAA26F1D}) (Version: 9.1.356.0 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Editor (HKLM-x32\...\{dfe99c19-edbd-4d93-ae19-76f8b67e3e00}) (Version: 9.1.356.0 - Tracker Software Products (Canada) Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1252 - SUPERAntiSpyware.com)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.7174 - Microsoft Corporation)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.31.5 - TeamViewer)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.9.0 - ASUSTeK COMPUTER INC.)
Zoom (HKU\S-1-5-21-3983067033-3805247150-532412538-1001\...\ZoomUMX) (Version: 5.15.7 (20303) - Zoom Video Communications, Inc.)
 
Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-11-17] (Adobe Systems Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2021-11-17] (Adobe Systems Incorporated)
ASUS GIFTBOX -> C:\Program Files\WindowsApps\B9ECED6F.ASUSGIFTBOX_3.2.4.0_x64__qmba6cd70vzyy [2022-03-15] (ASUSTeK COMPUTER INC.)
ASUS Keyboard Hotkeys -> C:\Program Files\WindowsApps\b9eced6f.asuskeyboardhotkeys_1.0.12.0_x86__qmba6cd70vzyy [2021-07-24] (ASUSTeK COMPUTER INC.) [Startup Task]
ASUS Product Registration Program -> C:\Program Files\WindowsApps\b9eced6f.asusproductregistrationprogram_3.0.3.0_x86__qmba6cd70vzyy [2021-07-24] (ASUSTeK COMPUTER INC.) [Startup Task]
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-10] (Microsoft Corporation)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_3.0.11.0_x64__w1wdnht996qgy [2023-09-12] (LinkedIn) [Startup Task]
McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy [2023-06-08] (McAfee LLC.)
MyASUS-Service Center -> C:\Program Files\WindowsApps\b9eced6f.myasus_3.3.11.0_x86__qmba6cd70vzyy [2021-07-24] (ASUSTeK COMPUTER INC.) [Startup Task]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.10.216.0_x64__dt26b99r8h8gj [2021-07-24] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8180.0_x64__8wekyb3d8bbwe [2023-08-24] (Microsoft Studios) [MS Ad]
Splendid -> C:\Program Files\WindowsApps\b9eced6f.splendid_1.0.15.0_x64__qmba6cd70vzyy [2021-07-24] (ASUSTeK COMPUTER INC.) [Startup Task]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1216.0_x64__zpdnekdrzrea0 [2023-09-19] (Spotify AB) [Startup Task]
Windows Package Manager Source (winget) -> C:\Program Files\WindowsApps\Microsoft.Winget.Source_2023.921.916.809_neutral__8wekyb3d8bbwe [2023-09-21] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3983067033-3805247150-532412538-1001_Classes\CLSID\{1019ADC7-17CB-4489-AFD5-6642C7400ACE}\localserver32 -> C:\Users\Jess\AppData\Local\Webex\Webex\Applications\ptOIEx64.exe (Cisco WebEx LLC -> Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-3983067033-3805247150-532412538-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Jess\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21105.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3983067033-3805247150-532412538-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-3983067033-3805247150-532412538-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\Jess\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3983067033-3805247150-532412538-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [    OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers-x32: [    OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2023-09-06] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2021-07-19] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-07] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.180.0828.0001\FileSyncShell64.dll [2023-09-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2020-02-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2023-09-06] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-07] (Malwarebytes Inc. -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Jess\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\95830eb0c44b1852\Chromium.lnk -> C:\Users\Jess\Downloads\chrome-win (1)\chrome-win\chrome.exe (The Chromium Authors) -> --profile-directory=Default
 
==================== Loaded Modules (Whitelisted) =============
 
2023-01-05 23:21 - 2023-01-05 23:21 - 000139264 _____ () [File not signed] C:\Users\Jess\AppData\Roaming\DesktopCal\lua51.dll
2023-01-05 23:21 - 2023-01-05 23:21 - 000565827 _____ () [File not signed] C:\Users\Jess\AppData\Roaming\DesktopCal\sqlite3.dll
2021-07-25 17:02 - 2021-07-25 21:22 - 000410112 _____ () [File not signed] C:\Users\Jess\Downloads\chrome-win (1)\chrome-win\libegl.dll
2021-07-25 17:02 - 2021-07-25 21:22 - 006744576 _____ () [File not signed] C:\Users\Jess\Downloads\chrome-win (1)\chrome-win\libglesv2.dll
2023-01-05 23:21 - 2023-01-05 23:21 - 000097280 _____ (Microsoft Corporation) [File not signed] C:\Users\Jess\AppData\Roaming\DesktopCal\ATL80.DLL
2023-01-05 23:21 - 2023-01-05 23:21 - 000592384 _____ (Microsoft Corporation) [File not signed] C:\Users\Jess\AppData\Roaming\DesktopCal\msftedit.dll
2021-07-24 21:04 - 2021-07-24 21:04 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Client\AppVIsvSubsystems64.dll
2021-07-24 21:04 - 2021-07-24 21:04 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2021-07-24 21:04 - 2021-07-24 21:04 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2021-07-24 21:04 - 2021-07-24 21:04 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\c2r64.dll
2021-07-25 17:28 - 2021-07-25 21:21 - 163107840 _____ (The Chromium Authors) [File not signed] C:\Users\Jess\Downloads\chrome-win (1)\chrome-win\chrome.dll
2021-07-25 17:02 - 2021-07-25 21:21 - 001086464 _____ (The Chromium Authors) [File not signed] C:\Users\Jess\Downloads\chrome-win (1)\chrome-win\chrome_elf.dll
2023-01-05 23:21 - 2023-01-05 23:21 - 000493568 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Users\Jess\AppData\Roaming\DesktopCal\libcurl.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-3983067033-3805247150-532412538-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus17win10.msn.com/?pc=ASTE
HKU\S-1-5-21-3983067033-3805247150-532412538-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-3983067033-3805247150-532412538-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3983067033-3805247150-532412538-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-15] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2018-04-11 19:38 - 2018-04-11 19:36 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-3983067033-3805247150-532412538-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 150.216.1.205 - 150.216.1.206
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
 
Network Binding:
=============
Ethernet 2: Realtek RealWoW Protocol Driver -> rtk_realwow60 (enabled) 
Bluetooth Network Connection 2: Realtek RealWoW Protocol Driver -> rtk_realwow60 (enabled) 
Ethernet 3: Realtek RealWoW Protocol Driver -> rtk_realwow60 (enabled) 
Wi-Fi 2: Realtek RealWoW Protocol Driver -> rtk_realwow60 (enabled) 
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-3983067033-3805247150-532412538-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3983067033-3805247150-532412538-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-3983067033-3805247150-532412538-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-3983067033-3805247150-532412538-1001\...\StartupApproved\Run: => "CiscoMeetingDaemon"
HKU\S-1-5-21-3983067033-3805247150-532412538-1001\...\StartupApproved\Run: => "ManyCam"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{4909244A-EF8C-4EE5-8FE2-CE50EB1F3DFD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8FAF8D61-72BC-43E8-AC15-F278566DDCA3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E208915B-BFB4-49B5-8759-89FD49D1235F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A88A2DDD-6462-429D-A885-CE1C3D83638D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A8AA28C2-6C89-45D4-89BC-A5CB5930BEBB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{83D57E35-2D4D-49B6-8735-E8BB292B6315}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8E3FFA1D-1AB8-4368-A45D-C0EC85839279}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16010.9126.2116.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe => No File
FirewallRules: [{749DA268-0A61-40A0-9BAE-65C822381256}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe => No File
FirewallRules: [{F7FB640C-A316-4277-8ADD-961B697EF64B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4D95BD22-2E50-4C27-8471-32B7D6EB42CA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4ABE2FF9-F336-4968-94AC-A459B041F938}] => (Allow) C:\Users\Jess\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{F4961566-7E4F-4E0F-AB42-67EA0CBF4131}] => (Allow) C:\Users\Jess\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{D3B4036A-9453-43BC-8AAB-B4E952341479}] => (Allow) C:\Users\Jess\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{C5B6404C-30CD-4F0A-AE04-AF09DBF1F21C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E3E6CEA0-1AD6-4E92-88F9-8FF07E6DC6FD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{91B50599-52A2-4847-8933-A8ED56C41996}C:\users\jess\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\jess\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{D965B8D7-F0C7-4455-9795-ECBBBFC4D0BC}C:\users\jess\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\jess\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D2178DFC-26B6-4E82-BE44-5274C590FA95}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{0CD6F41D-93E1-4B18-9BF5-172F0431EF12}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{C8142D0F-949A-4BC7-9A08-1E95BDEF463C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{03252572-C2A9-46AB-8A5F-AEA88DC8AC38}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [TCP Query User{238186A0-C170-4901-A087-C3320D2CDC21}C:\users\jess\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\jess\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{69068790-34CC-402E-8DEE-52709A083013}C:\users\jess\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\jess\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9CD67320-A3C6-4B54-9FE5-9619A1DF7A70}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2D9D7B83-24FE-4853-8C9A-DC8562D31B06}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A2E4D027-378C-43FA-AC87-5F2D173BB041}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6F535C78-6D45-4ACE-8E8A-F188DB9F2805}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.103.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{66A629A3-FADE-4B08-B8B1-D45985DD2B08}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.103.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6FD0A07E-7FE8-4A32-8DE5-2870C73B1238}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.103.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DB01A0F6-723A-4FB3-9D34-75A5F54A8A33}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.103.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DA0C2B01-A476-4AB6-918C-0562112C13B3}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{DD5F2797-9FB1-444C-94AE-22286D90326B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1216.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{17D2F939-8456-4C76-8331-AF3F37FBD149}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1216.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{81287C89-9795-4220-AE52-DA9757AE7524}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1216.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{DED8BD19-BF43-405D-898C-33D6097ED36A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1216.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B7BC4D97-A607-4EC7-9FF2-8F316FF3EA75}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1216.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CA2CB3EB-0717-4D2A-8295-EBBB96BDE73C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1216.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CE87BB2A-2365-4A54-A6CC-92B239B67675}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1216.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{6193A7D5-0D55-4890-B716-6F1C239F4658}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1216.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{2B9F899D-D28E-4543-9669-A50AA751BEC1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1216.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{5AE7B971-000A-4B42-A4AE-776F4183B9C1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1216.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7EDB0026-E6F6-4304-BCC5-7932E59D6B3E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.36\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled (Total:118.19 GB) (Free:21.35 GB) (18%)
 
==================== Faulty Device Manager Devices ============
 
Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (09/20/2023 07:36:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3393, time stamp: 0x81c6e58e
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3393, time stamp: 0x6b4de7c9
Exception code: 0xc000027b
Fault offset: 0x000000000012d9b2
Faulting process id: 0x1078
Faulting application start time: 0x01d9e86c77ddb22e
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 140d6c92-9942-4bdf-a750-1c0123f4719e
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
 
Error: (09/17/2023 11:31:32 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on DATA (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (09/10/2023 11:37:36 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on DATA (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (09/04/2023 11:50:53 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on DATA (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (09/02/2023 09:23:30 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007
 
Error: (09/02/2023 09:23:30 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (09/02/2023 09:22:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WLANExt.exe, version: 10.0.19041.1, time stamp: 0x45c477dd
Faulting module name: Intel_PIE_IHV.dll, version: 22.1080.0.1, time stamp: 0x612b9595
Exception code: 0xc0000005
Fault offset: 0x0000000000021269
Faulting process id: 0xf34
Faulting application start time: 0x01d9ddaebfe6b2ad
Faulting application path: C:\Windows\system32\WLANExt.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\piecomponent.inf_amd64_c6fd2d54422ec157\Intel_PIE_IHV.dll
Report Id: 13448c0a-68af-4e5c-b44b-87c8b2d1dc49
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/27/2023 11:35:58 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on DATA (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
 
System errors:
=============
Error: (09/21/2023 04:04:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 6000 milliseconds: Restart the service.
 
Error: (09/21/2023 04:04:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The NVIDIA Display Container LS service terminated with the following error: 
A generic command executable returned a result that indicates failure.
 
Error: (09/21/2023 04:04:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly.  It has done this 3 time(s).  The following corrective action will be taken in 10000 milliseconds: Run the configured recovery program.
 
Error: (09/21/2023 04:04:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The NVIDIA Display Container LS service terminated with the following error: 
A generic command executable returned a result that indicates failure.
 
Error: (09/21/2023 04:04:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 8000 milliseconds: Restart the service.
 
Error: (09/21/2023 04:04:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The NVIDIA Display Container LS service terminated with the following error: 
A generic command executable returned a result that indicates failure.
 
Error: (09/21/2023 04:04:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 6000 milliseconds: Restart the service.
 
Error: (09/21/2023 04:04:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The NVIDIA Display Container LS service terminated with the following error: 
A generic command executable returned a result that indicates failure.
 
 
Windows Defender:
================
Date: 2023-09-21 16:02:08
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Program:Win32/Vigram.A
Severity: High
Category: Settings Modifier
Path: file:_C:\Users\Jess\Downloads\MovieBoxPro_2019-09-23-13-14_5.3_44_webRelease_53_jiagu_sign.apk
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\Jess\Downloads\FRST64.exe
Security intelligence Version: AV: 1.397.1344.0, AS: 1.397.1344.0, NIS: 1.397.1344.0
Engine Version: AM: 1.1.23080.2005, NIS: 1.1.23080.2005
 
Date: 2023-09-20 17:40:13
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-09-19 17:10:10
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-09-18 16:00:14
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-09-17 16:38:59
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
 
Date: 2023-06-08 11:11:14
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
 
Date: 2023-05-28 15:06:03
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
 
Date: 2023-05-27 11:49:03
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
 
Date: 2023-05-26 15:26:45
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
 
Date: 2023-05-21 11:39:25
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
 
CodeIntegrity:
===============
Date: 2023-09-16 16:16:19
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2023-08-28 15:57:23
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2023-08-10 11:19:23
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. ZN242GD.305 06/14/2019
Motherboard: ASUSTeK COMPUTER INC. ZN242GD
Processor: Intel® Core™ i7-8750H CPU @ 2.20GHz
Percentage of memory in use: 84%
Total physical RAM: 8125.31 MB
Available physical RAM: 1259.2 MB
Total Virtual: 18158.2 MB
Available Virtual: 3253.82 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:118.19 GB) (Free:21.35 GB) (Model: HFS128G39TND-N210A) NTFS
Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:920.38 GB) (Model: TOSHIBA MQ04ABF100) NTFS
 
\\?\Volume{a766b338-059c-401c-90a9-ad0f829fe543}\ (RECOVERY) (Fixed) (Total:0.78 GB) (Free:0.24 GB) NTFS
\\?\Volume{1a45a564-3c61-4c4b-a0a8-05ebf336828f}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 35983CB0)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: B51D4DB1)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

#5 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:24 PM

Posted 21 September 2023 - 05:30 PM

Let's start with this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
SystemRestore: On
CreateRestorePoint:
SystemRestore: Off
CloseProcesses:
Start::
Powershell: Get-AppxPackage -allusers 5A894077.McAfeeSecurity | Remove-AppxPackage
End::
S3 MyWiFiDHCPDNS; "C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe" [X]
HKLM\...\RunOnce: [Delete Cached Update Binary] =&gt; C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe" (No File)
HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] =&gt; C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
Task: {01F61F8F-02EB-4312-83AA-804D25201735} - \NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -&gt; No File &lt;==== ATTENTION
Task: {047A8DE3-0350-4C4C-8E83-B2CD0FA25DDA} - \NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -&gt; No File &lt;==== ATTENTION
Task: {20B2D89C-703D-45EC-8B1E-A10D82586ED5} - \NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -&gt; No File &lt;==== ATTENTION
Task: {2BB692C1-F60F-479E-ADC2-1CAF9422A2AC} - \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask -&gt; No File &lt;==== ATTENTION
Task: {56F76C3E-3D7F-4E0D-A9A4-30E7CF353E16} - \Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display -&gt; No File &lt;==== ATTENTION
Task: {6791C057-CABC-4177-BED0-D4FB72AFE9DB} - \NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -&gt; No File &lt;==== ATTENTION
Task: {6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A} - \Microsoft\Windows\UpdateOrchestrator\Reboot -&gt; No File &lt;==== ATTENTION
Task: {8C4DB214-07ED-4426-B5E4-3C3CC2FE5462} - \NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -&gt; No File &lt;==== ATTENTION
Task: {8C94E823-C58F-46BA-A99D-D40725594D4E} - \NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -&gt; No File &lt;==== ATTENTION
Task: {8F2D4224-3A2C-4D2C-B82D-A06C88CF4807} - \NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -&gt; No File &lt;==== ATTENTION
Task: {97E8D66D-0085-423C-BA11-DD777A1258AB} - \Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask -&gt; No File &lt;==== ATTENTION
Task: {A7F57D42-2E20-4756-AB5E-40D70E537937} - \Update Checker -&gt; No File &lt;==== ATTENTION
Task: {B6E67297-4E2A-4BAB-9C4A-63B62EDBF591} - \Microsoft\Windows\Management\Provisioning\PostResetBoot -&gt; No File &lt;==== ATTENTION
Task: {C2098BE2-A29A-4EB1-97F6-F0C57E086D4F} - \Microsoft\Windows\Speech\HeadsetButtonPress -&gt; No File &lt;==== ATTENTION
Task: {C4143BD1-BDD8-4AA6-83E1-57F4C83800BA} - \Microsoft\Windows\Setup\SetupCleanupTask -&gt; No File &lt;==== ATTENTION
Task: {C48D50E5-71A9-48D8-B7C1-3DA9AECBDEC3} - \Microsoft\Windows\WindowsUpdate\sih -&gt; No File &lt;==== ATTENTION
Task: {D56C12EF-75A3-4184-BFEE-D3658B91E914} - \NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -&gt; No File &lt;==== ATTENTION
FirewallRules: [{8E3FFA1D-1AB8-4368-A45D-C0EC85839279}] =&gt; (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16010.9126.2116.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe =&gt; No File
FirewallRules: [{749DA268-0A61-40A0-9BAE-65C822381256}] =&gt; (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe =&gt; No File
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Farbar Recovery Scan Tool SearchAll

--------------------
  • Right click on FRST and select Run as administrator
  • Copy/paste the following in the Search: box
SearchAll: McAfee
  • Click Search Files button
  • When completed click OK and a Search.txt document will open on your desktop
  • Zip and upload the file here
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Fixlog
  • Search.txt

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#6 sunny90

sunny90
  • Topic Starter

  • Avatar image
  • Members
  • 8 posts
  • OFFLINE
    •  
  • Local time:09:24 PM

Posted 21 September 2023 - 08:35 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-09-2023
Ran by Jess (21-09-2023 21:20:17) Run:1
Running from C:\Users\Jess\Downloads
Loaded Profiles: Jess
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
SystemRestore: On
CreateRestorePoint:
SystemRestore: Off
CloseProcesses:
Start::
Powershell: Get-AppxPackage -allusers 5A894077.McAfeeSecurity | Remove-AppxPackage
End::
S3 MyWiFiDHCPDNS; "C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe" [X]
HKLM\...\RunOnce: [Delete Cached Update Binary] =&gt; C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe" (No File)
HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] =&gt; C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
Task: {01F61F8F-02EB-4312-83AA-804D25201735} - \NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -&gt; No File &lt;==== ATTENTION
Task: {047A8DE3-0350-4C4C-8E83-B2CD0FA25DDA} - \NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -&gt; No File &lt;==== ATTENTION
Task: {20B2D89C-703D-45EC-8B1E-A10D82586ED5} - \NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -&gt; No File &lt;==== ATTENTION
Task: {2BB692C1-F60F-479E-ADC2-1CAF9422A2AC} - \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask -&gt; No File &lt;==== ATTENTION
Task: {56F76C3E-3D7F-4E0D-A9A4-30E7CF353E16} - \Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display -&gt; No File &lt;==== ATTENTION
Task: {6791C057-CABC-4177-BED0-D4FB72AFE9DB} - \NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -&gt; No File &lt;==== ATTENTION
Task: {6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A} - \Microsoft\Windows\UpdateOrchestrator\Reboot -&gt; No File &lt;==== ATTENTION
Task: {8C4DB214-07ED-4426-B5E4-3C3CC2FE5462} - \NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -&gt; No File &lt;==== ATTENTION
Task: {8C94E823-C58F-46BA-A99D-D40725594D4E} - \NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -&gt; No File &lt;==== ATTENTION
Task: {8F2D4224-3A2C-4D2C-B82D-A06C88CF4807} - \NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -&gt; No File &lt;==== ATTENTION
Task: {97E8D66D-0085-423C-BA11-DD777A1258AB} - \Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask -&gt; No File &lt;==== ATTENTION
Task: {A7F57D42-2E20-4756-AB5E-40D70E537937} - \Update Checker -&gt; No File &lt;==== ATTENTION
Task: {B6E67297-4E2A-4BAB-9C4A-63B62EDBF591} - \Microsoft\Windows\Management\Provisioning\PostResetBoot -&gt; No File &lt;==== ATTENTION
Task: {C2098BE2-A29A-4EB1-97F6-F0C57E086D4F} - \Microsoft\Windows\Speech\HeadsetButtonPress -&gt; No File &lt;==== ATTENTION
Task: {C4143BD1-BDD8-4AA6-83E1-57F4C83800BA} - \Microsoft\Windows\Setup\SetupCleanupTask -&gt; No File &lt;==== ATTENTION
Task: {C48D50E5-71A9-48D8-B7C1-3DA9AECBDEC3} - \Microsoft\Windows\WindowsUpdate\sih -&gt; No File &lt;==== ATTENTION
Task: {D56C12EF-75A3-4184-BFEE-D3658B91E914} - \NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -&gt; No File &lt;==== ATTENTION
FirewallRules: [{8E3FFA1D-1AB8-4368-A45D-C0EC85839279}] =&gt; (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16010.9126.2116.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe =&gt; No File
FirewallRules: [{749DA268-0A61-40A0-9BAE-65C822381256}] =&gt; (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe =&gt; No File
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::
*****************
 
 
========= Get-AppxPackage -allusers 5A894077.McAfeeSecurity | Remove-AppxPackage =========
 
 
========= End of Powershell: =========
 
HKLM\System\CurrentControlSet\Services\MyWiFiDHCPDNS => removed successfully
MyWiFiDHCPDNS => service removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKLM\...\RunOnce: [Delete Cached Update Binary] =&gt; C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe" (No File)" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] =&gt; C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01F61F8F-02EB-4312-83AA-804D25201735}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01F61F8F-02EB-4312-83AA-804D25201735}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{047A8DE3-0350-4C4C-8E83-B2CD0FA25DDA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{047A8DE3-0350-4C4C-8E83-B2CD0FA25DDA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{20B2D89C-703D-45EC-8B1E-A10D82586ED5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20B2D89C-703D-45EC-8B1E-A10D82586ED5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BB692C1-F60F-479E-ADC2-1CAF9422A2AC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BB692C1-F60F-479E-ADC2-1CAF9422A2AC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56F76C3E-3D7F-4E0D-A9A4-30E7CF353E16}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56F76C3E-3D7F-4E0D-A9A4-30E7CF353E16}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6791C057-CABC-4177-BED0-D4FB72AFE9DB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6791C057-CABC-4177-BED0-D4FB72AFE9DB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C4DB214-07ED-4426-B5E4-3C3CC2FE5462}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C4DB214-07ED-4426-B5E4-3C3CC2FE5462}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8C94E823-C58F-46BA-A99D-D40725594D4E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C94E823-C58F-46BA-A99D-D40725594D4E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F2D4224-3A2C-4D2C-B82D-A06C88CF4807}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F2D4224-3A2C-4D2C-B82D-A06C88CF4807}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{97E8D66D-0085-423C-BA11-DD777A1258AB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97E8D66D-0085-423C-BA11-DD777A1258AB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A7F57D42-2E20-4756-AB5E-40D70E537937}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7F57D42-2E20-4756-AB5E-40D70E537937}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{B6E67297-4E2A-4BAB-9C4A-63B62EDBF591}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6E67297-4E2A-4BAB-9C4A-63B62EDBF591}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2098BE2-A29A-4EB1-97F6-F0C57E086D4F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2098BE2-A29A-4EB1-97F6-F0C57E086D4F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4143BD1-BDD8-4AA6-83E1-57F4C83800BA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4143BD1-BDD8-4AA6-83E1-57F4C83800BA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C48D50E5-71A9-48D8-B7C1-3DA9AECBDEC3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C48D50E5-71A9-48D8-B7C1-3DA9AECBDEC3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D56C12EF-75A3-4184-BFEE-D3658B91E914}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D56C12EF-75A3-4184-BFEE-D3658B91E914}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FirewallRules: [{8E3FFA1D-1AB8-4368-A45D-C0EC85839279}] =&gt; (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16010.9126.2116.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe =&gt; No File" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FirewallRules: [{749DA268-0A61-40A0-9BAE-65C822381256}] =&gt; (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe =&gt; No File" => not found
 
========= sfc /scannow =========
 
 
 
Beginning system scan.  This process will take some time.
 
 
 
Beginning verification phase of system scan.
 
 
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 100% complete.
 
 
Windows Resource Protection found corrupt files and successfully repaired them.
 
For online repairs, details are included in the CBS log file located at
 
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
 
repairs, details are included in the log file provided by the /OFFLOGFILE flag.
 
 
 
========= End of CMD: =========
 
 
========= DISM /Online /Cleanup-Image /CheckHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.19041.844
 
Image Version: 10.0.19045.3448
 
No component store corruption detected.
The operation completed successfully.
 
 
========= End of CMD: =========
 
 
==== End of Fixlog 21:25:58 ====

#7 sunny90

sunny90
  • Topic Starter

  • Avatar image
  • Members
  • 8 posts
  • OFFLINE
    •  
  • Local time:09:24 PM

Posted 21 September 2023 - 08:49 PM

I have zipped and attached the Search.txt file.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:24 PM

Posted 21 September 2023 - 09:16 PM

Thank you.

Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
CloseProcesses:
C:\Windows\System32\Tasks_Migrated\McAfee Remediation (Prepare)
C:\Windows\System32\Tasks_Migrated\McAfeeLogon
C:\Windows\System32\Tasks_Migrated\McAfee\McAfee Auto Maintenance Task Agent
C:\Windows\System32\Tasks_Migrated\McAfee\McAfee Idle Detection Task
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~0F1E5F4D-8C42-472F-A47D-6AE884FD8903~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~1174278A-69CD-49FE-B539-2CE8633649AC~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~147144B3-BAD2-4924-B17F-14F055BBC462~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~1E319252-E9BC-4B77-84D2-D1726408C877~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~36E3981C-A539-44E6-A3B1-16A0FFBE3B6A~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~44977A1E-F342-4719-9946-01969736EE75~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~5049DA41-EB67-4411-B66E-D60C9D56FC64~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~5701E163-E1C0-4F02-BD3A-7E05DBC45EFE~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~645C1E24-7E79-4DB3-8DD9-9B2C8EFBD352~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~6BFC8A82-711B-48E4-B95B-B0A049F08748~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~714C512B-D9B0-433A-975E-D40EB6C909F0~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~74110D0F-B486-42D6-B5E2-A4A916F97BB8~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~8498FD9B-2FF4-435E-833A-D465D91F8C0D~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~89F15ED4-BA83-4270-A1F5-735FDE65A125~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~957A0B11-CED4-401E-8759-DF65CD79D954~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~9B2FD39D-052E-4792-BBAF-758EED1183E1~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~B042FA06-0F30-4A77-B316-21144A2B54EF~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~C389B0CB-C144-4D42-B331-12E8938B060D~amd64~~21.4.0.156.5.cat
C:\Users\Jess\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\5A894077_McAfeeSecurity_wafk5atnkzcwy!App
C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-es_wafk5atnkzcwy.xml
C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-fr_wafk5atnkzcwy.xml
C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-100_wafk5atnkzcwy.xml
C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy.xml
C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy.xml
C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\mcafee-security.dll
C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\mcafee-security.exe
C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\McAfee.UWP.ResourceStreamer.winmd
C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\Win32\mcafee-security-ft.exe
C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\Assets\Offline\mcafee-logo.png
2018-08-28 20:35 - 2021-07-24 21:57 _____ C:\Windows\System32\Tasks_Migrated\McAfee
2021-07-24 20:23 - 2021-07-24 20:23 _____ C:\ProgramData\Packages\5A894077.McAfeeSecurity_wafk5atnkzcwy
2023-05-07 11:18 - 2023-05-07 11:18 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_5A894077.McAfeeS_ff2d89a1f4cd8f116632c4c8ab72ee14ecf90c7_eda593ed_248d3a0e-7903-4326-93cd-2594b2dd45b4
2023-05-08 02:01 - 2023-05-08 02:01 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_5A894077.McAfeeS_ff2d89a1f4cd8f116632c4c8ab72ee14ecf90c7_eda593ed_50d68887-5e08-428f-b1d6-ba81c0312a9a
2022-11-14 18:23 - 2022-11-14 18:23 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_5A894077.McAfeeS_9f32712cb0ebf6dacdd0ea849810d423494cfd9_eda593ed_35c242b8-7802-4f08-a464-6a0960bf99f8
2023-05-14 02:02 - 2023-05-14 02:02 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_5A894077.McAfeeS_9f32712cb0ebf6dacdd0ea849810d423494cfd9_eda593ed_b8c7280b-1d7d-4a44-b7a3-fe7a301bf7e7
2021-11-05 00:14 - 2021-11-05 00:14 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_5A894077.McAfeeS_f892d3e6b5274a591bfb12db1c50daaa35f944_7c13240f_cab4de4b-00a4-46f5-911f-eec7aaac0cdb
2021-11-14 21:06 - 2021-11-14 21:06 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_5A894077.McAfeeS_f892d3e6b5274a591bfb12db1c50daaa35f944_7c13240f_fc5b765e-e6a0-43d6-b86c-ee3a51e2c391
2021-11-14 02:16 - 2021-11-14 02:16 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-es_wafk5atnkzcwy
2021-11-14 02:16 - 2021-11-14 02:16 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-fr_wafk5atnkzcwy
2021-11-14 02:16 - 2023-09-21 21:20 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-100_wafk5atnkzcwy
2021-11-14 02:16 - 2021-11-14 02:16 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
2021-11-14 02:16 - 2023-09-21 21:20 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
2021-11-14 02:16 - 2021-11-14 02:16 _____ C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-es_wafk5atnkzcwy
2021-11-14 02:16 - 2021-11-14 02:16 _____ C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-fr_wafk5atnkzcwy
2021-11-14 02:16 - 2023-06-08 20:32 _____ C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-100_wafk5atnkzcwy
2021-11-14 02:16 - 2023-06-08 20:32 _____ C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
2021-11-14 02:16 - 2023-06-08 20:32 _____ C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
2018-08-28 21:19 - 2021-07-24 21:53 _____ C:\eSupport\eDriver\Software\Win32App\McAFee
2018-08-28 21:19 - 2021-07-24 21:53 _____ C:\eSupport\eDriver\Software\Win32App\McAFee\McAfee Common Build for All
2018-08-28 21:19 - 2021-07-24 21:53 _____ C:\eSupport\eDriver\Software\StoreAPP\McAFee
2018-08-28 21:19 - 2021-07-24 21:53 _____ C:\eSupport\eDriver\Software\StoreAPP\McAFee\McAfee UWP Tile
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\1ee|PackageFullName
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\1ee|InstalledLocation
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\1ee|_IndexKeys
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\1ef|PackageFullName
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\1ef|InstalledLocation
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\1ef|_IndexKeys
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\1f0|PackageFullName
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\1f0|InstalledLocation
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\1f0|_IndexKeys
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Data\28|PackageFamilyName
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Data\28|_IndexKeys
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy|Path
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-3983067033-3805247150-532412538-1001\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy|Path
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallService\State\CategoryCache|50784a52-089b-eb35-112c-8c567a3bb960US
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1934400034-209954011-3720149822-500|\Device\HarddiskVolume4\PROGRA~1\COMMON~1\mcafee\amcore\OEMCHE~1.EXE
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1934400034-209954011-3720149822-500|\Device\HarddiskVolume4\Users\ADMINI~1\AppData\Local\Temp\McAfeeDat\DATUpdater.exe
DeleteValue: HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.60.0_x64__wafk5atnkzcwy%5Cresources.pri\1d7828db42fecc3\a37dfe62|@{C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.60.0_x64__wafk5atnkzcwy\resources.pri? ms-resource:///resources/DisplayName}
DeleteValue: HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy%5Cresources.pri\1d7aac21136e8e0\a37dfe62|@{C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy\resources.pri? ms-resource:///resources/DisplayName}
DeleteValue: HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy%5Cresources.pri\1d7d91f22c08cdb\a37dfe62|@{C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\resources.pri? ms-resource:///resources/DisplayName}
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\UserData\UninstallTimes|5A894077.McAfeeSecurity_wafk5atnkzcwy
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|{6D809377-6AF0-444B-8957-A3773F02200E}\mcafee\WebAdvisor\uihost.exe
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView|{6D809377-6AF0-444B-8957-A3773F02200E}\mcafee\WebAdvisor\uihost.exe
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\WindowsApps\5a894077.mcafeesecurity_1.4.3.0_x64__wafk5atnkzcwy\McAfeeSecurityStartup.exe
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\mcafee\msc\mcuihost.exe
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\mcafee\WebAdvisor\uninstaller.exe
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HostActivityManager\Volatile|5A894077.McAfeeSecurity_wafk5atnkzcwy!App
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy%5Cmicrosoft.system.package.metadata%5CS-1-5-21-3983067033-3805247150-532412538-1001-MergedResources-2.pri\1d7aac212148c99\dbf1b25e|@{5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy?ms-resource://5A894077.McAfeeSecurity/Resources/DisplayName}
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy%5Cmicrosoft.system.package.metadata%5CS-1-5-21-3983067033-3805247150-532412538-1001-MergedResources-3.pri\1d7d9bd8112b9d\dbf1b25e|@{5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy?ms-resource://5A894077.McAfeeSecurity/Resources/DisplayName}
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy%5Cmicrosoft.system.package.metadata%5CS-1-5-21-3983067033-3805247150-532412538-1001-MergedResources-4.pri\1d7d9bd8112b9d\dbf1b25e|@{5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy?ms-resource://5A894077.McAfeeSecurity/Resources/DisplayName}
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy%5Cmicrosoft.system.package.metadata%5CS-1-5-21-3983067033-3805247150-532412538-1001-MergedResources-4.pri\1d7d9bd8112b9d\dbf1b25e|@{5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy?ms-resource://5A894077.McAfeeSecurity/Files/Assets/Logos/Store/StoreLogo.png}
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\mcafee\WebAdvisor\uihost.exe.FriendlyAppName
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\mcafee\WebAdvisor\uihost.exe.ApplicationCompany
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\mcafee-uwp|""
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\mcafee-uwp-dashboard|""
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-es_wafk5atnkzcwy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-fr_wafk5atnkzcwy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-100_wafk5atnkzcwy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\McAfeeExtn
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\McAfee
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplicationUserModelId\1^5A894077.McAfeeSecurity_wafk5atnkzcwy!App
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplicationUserModelId\3^5A894077.McAfeeSecurity_wafk5atnkzcwy!App
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-es_wafk5atnkzcwy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-fr_wafk5atnkzcwy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-100_wafk5atnkzcwy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Index\PackageFamilyName\5A894077.McAfeeSecurity_wafk5atnkzcwy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deleted\Upgrade\S-1-5-21-3983067033-3805247150-532412538-1001\5A894077.McAfeeSecurity_wafk5atnkzcwy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deleted\Upgrade\S-1-5-21-3983067033-3805247150-532412538-1001\5A894077.McAfeeSecurity_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-3983067033-3805247150-532412538-1001\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
DeleteKey: HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.60.0_x64__wafk5atnkzcwy%5Cresources.pri
DeleteKey: HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy%5Cresources.pri
DeleteKey: HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy%5Cresources.pri
DeleteKey: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{97846c00-5bd2-42f4-bbbc-86093cbc7e9f}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$p~5a894077.mcafeesecurity_wafk5atnkzcwy!app
DeleteKey: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{97846c00-5bd2-42f4-bbbc-86093cbc7e9f}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$5a894077.mcafeesecurity_wafk5atnkzcwy
DeleteKey: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{97846c00-5bd2-42f4-bbbc-86093cbc7e9f}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$p~5a894077.mcafeesecurity_wafk5atnkzcwy!app
DeleteKey: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{97846c00-5bd2-42f4-bbbc-86093cbc7e9f}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$5a894077.mcafeesecurity_wafk5atnkzcwy
DeleteKey: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\mcafee-uwp
DeleteKey: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\mcafee-uwp-dashboard
DeleteKey: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HostActivityManager\CommitHistory\5A894077.McAfeeSecurity_wafk5atnkzcwy!App
DeleteKey: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy%5Cmicrosoft.system.package.metadata%5CS-1-5-21-3983067033-3805247150-532412538-1001-MergedResources-2.pri
DeleteKey: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy%5Cmicrosoft.system.package.metadata%5CS-1-5-21-3983067033-3805247150-532412538-1001-MergedResources-3.pri
DeleteKey: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy%5Cmicrosoft.system.package.metadata%5CS-1-5-21-3983067033-3805247150-532412538-1001-MergedResources-4.pri
DeleteKey: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PolicyCache\5A894077.McAfeeSecurity_wafk5atnkzcwy
DeleteKey: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\mcafee-uwp
DeleteKey: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\mcafee-uwp-dashboard
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Fixlog
  • Update on McAfee pop up

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#9 sunny90

sunny90
  • Topic Starter

  • Avatar image
  • Members
  • 8 posts
  • OFFLINE
    •  
  • Local time:09:24 PM

Posted 21 September 2023 - 10:38 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-09-2023
Ran by Jess (21-09-2023 23:36:06) Run:2
Running from C:\Users\Jess\Downloads
Loaded Profiles: Jess
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CloseProcesses:
C:\Windows\System32\Tasks_Migrated\McAfee Remediation (Prepare)
C:\Windows\System32\Tasks_Migrated\McAfeeLogon
C:\Windows\System32\Tasks_Migrated\McAfee\McAfee Auto Maintenance Task Agent
C:\Windows\System32\Tasks_Migrated\McAfee\McAfee Idle Detection Task
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~0F1E5F4D-8C42-472F-A47D-6AE884FD8903~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~1174278A-69CD-49FE-B539-2CE8633649AC~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~147144B3-BAD2-4924-B17F-14F055BBC462~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~1E319252-E9BC-4B77-84D2-D1726408C877~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~36E3981C-A539-44E6-A3B1-16A0FFBE3B6A~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~44977A1E-F342-4719-9946-01969736EE75~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~5049DA41-EB67-4411-B66E-D60C9D56FC64~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~5701E163-E1C0-4F02-BD3A-7E05DBC45EFE~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~645C1E24-7E79-4DB3-8DD9-9B2C8EFBD352~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~6BFC8A82-711B-48E4-B95B-B0A049F08748~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~714C512B-D9B0-433A-975E-D40EB6C909F0~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~74110D0F-B486-42D6-B5E2-A4A916F97BB8~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~8498FD9B-2FF4-435E-833A-D465D91F8C0D~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~89F15ED4-BA83-4270-A1F5-735FDE65A125~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~957A0B11-CED4-401E-8759-DF65CD79D954~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~9B2FD39D-052E-4792-BBAF-758EED1183E1~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~B042FA06-0F30-4A77-B316-21144A2B54EF~amd64~~21.4.0.156.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~C389B0CB-C144-4D42-B331-12E8938B060D~amd64~~21.4.0.156.5.cat
C:\Users\Jess\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\5A894077_McAfeeSecurity_wafk5atnkzcwy!App
C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-es_wafk5atnkzcwy.xml
C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-fr_wafk5atnkzcwy.xml
C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-100_wafk5atnkzcwy.xml
C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy.xml
C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy.xml
C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\mcafee-security.dll
C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\mcafee-security.exe
C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\McAfee.UWP.ResourceStreamer.winmd
C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\Win32\mcafee-security-ft.exe
C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\Assets\Offline\mcafee-logo.png
2018-08-28 20:35 - 2021-07-24 21:57 _____ C:\Windows\System32\Tasks_Migrated\McAfee
2021-07-24 20:23 - 2021-07-24 20:23 _____ C:\ProgramData\Packages\5A894077.McAfeeSecurity_wafk5atnkzcwy
2023-05-07 11:18 - 2023-05-07 11:18 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_5A894077.McAfeeS_ff2d89a1f4cd8f116632c4c8ab72ee14ecf90c7_eda593ed_248d3a0e-7903-4326-93cd-2594b2dd45b4
2023-05-08 02:01 - 2023-05-08 02:01 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_5A894077.McAfeeS_ff2d89a1f4cd8f116632c4c8ab72ee14ecf90c7_eda593ed_50d68887-5e08-428f-b1d6-ba81c0312a9a
2022-11-14 18:23 - 2022-11-14 18:23 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_5A894077.McAfeeS_9f32712cb0ebf6dacdd0ea849810d423494cfd9_eda593ed_35c242b8-7802-4f08-a464-6a0960bf99f8
2023-05-14 02:02 - 2023-05-14 02:02 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_5A894077.McAfeeS_9f32712cb0ebf6dacdd0ea849810d423494cfd9_eda593ed_b8c7280b-1d7d-4a44-b7a3-fe7a301bf7e7
2021-11-05 00:14 - 2021-11-05 00:14 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_5A894077.McAfeeS_f892d3e6b5274a591bfb12db1c50daaa35f944_7c13240f_cab4de4b-00a4-46f5-911f-eec7aaac0cdb
2021-11-14 21:06 - 2021-11-14 21:06 ____C C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_5A894077.McAfeeS_f892d3e6b5274a591bfb12db1c50daaa35f944_7c13240f_fc5b765e-e6a0-43d6-b86c-ee3a51e2c391
2021-11-14 02:16 - 2021-11-14 02:16 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-es_wafk5atnkzcwy
2021-11-14 02:16 - 2021-11-14 02:16 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-fr_wafk5atnkzcwy
2021-11-14 02:16 - 2023-09-21 21:20 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-100_wafk5atnkzcwy
2021-11-14 02:16 - 2021-11-14 02:16 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
2021-11-14 02:16 - 2023-09-21 21:20 _____ C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
2021-11-14 02:16 - 2021-11-14 02:16 _____ C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-es_wafk5atnkzcwy
2021-11-14 02:16 - 2021-11-14 02:16 _____ C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-fr_wafk5atnkzcwy
2021-11-14 02:16 - 2023-06-08 20:32 _____ C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-100_wafk5atnkzcwy
2021-11-14 02:16 - 2023-06-08 20:32 _____ C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
2021-11-14 02:16 - 2023-06-08 20:32 _____ C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
2018-08-28 21:19 - 2021-07-24 21:53 _____ C:\eSupport\eDriver\Software\Win32App\McAFee
2018-08-28 21:19 - 2021-07-24 21:53 _____ C:\eSupport\eDriver\Software\Win32App\McAFee\McAfee Common Build for All
2018-08-28 21:19 - 2021-07-24 21:53 _____ C:\eSupport\eDriver\Software\StoreAPP\McAFee
2018-08-28 21:19 - 2021-07-24 21:53 _____ C:\eSupport\eDriver\Software\StoreAPP\McAFee\McAfee UWP Tile
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\1ee|PackageFullName
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\1ee|InstalledLocation
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\1ee|_IndexKeys
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\1ef|PackageFullName
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\1ef|InstalledLocation
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\1ef|_IndexKeys
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\1f0|PackageFullName
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\1f0|InstalledLocation
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\1f0|_IndexKeys
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Data\28|PackageFamilyName
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Data\28|_IndexKeys
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy|Path
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-3983067033-3805247150-532412538-1001\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy|Path
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallService\State\CategoryCache|50784a52-089b-eb35-112c-8c567a3bb960US
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1934400034-209954011-3720149822-500|\Device\HarddiskVolume4\PROGRA~1\COMMON~1\mcafee\amcore\OEMCHE~1.EXE
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1934400034-209954011-3720149822-500|\Device\HarddiskVolume4\Users\ADMINI~1\AppData\Local\Temp\McAfeeDat\DATUpdater.exe
DeleteValue: HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.60.0_x64__wafk5atnkzcwy%5Cresources.pri\1d7828db42fecc3\a37dfe62|@{C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.60.0_x64__wafk5atnkzcwy\resources.pri? ms-resource:///resources/DisplayName}
DeleteValue: HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy%5Cresources.pri\1d7aac21136e8e0\a37dfe62|@{C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy\resources.pri? ms-resource:///resources/DisplayName}
DeleteValue: HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy%5Cresources.pri\1d7d91f22c08cdb\a37dfe62|@{C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\resources.pri? ms-resource:///resources/DisplayName}
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\UserData\UninstallTimes|5A894077.McAfeeSecurity_wafk5atnkzcwy
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|{6D809377-6AF0-444B-8957-A3773F02200E}\mcafee\WebAdvisor\uihost.exe
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView|{6D809377-6AF0-444B-8957-A3773F02200E}\mcafee\WebAdvisor\uihost.exe
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\WindowsApps\5a894077.mcafeesecurity_1.4.3.0_x64__wafk5atnkzcwy\McAfeeSecurityStartup.exe
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\mcafee\msc\mcuihost.exe
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\mcafee\WebAdvisor\uninstaller.exe
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HostActivityManager\Volatile|5A894077.McAfeeSecurity_wafk5atnkzcwy!App
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy%5Cmicrosoft.system.package.metadata%5CS-1-5-21-3983067033-3805247150-532412538-1001-MergedResources-2.pri\1d7aac212148c99\dbf1b25e|@{5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy?ms-resource://5A894077.McAfeeSecurity/Resources/DisplayName}
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy%5Cmicrosoft.system.package.metadata%5CS-1-5-21-3983067033-3805247150-532412538-1001-MergedResources-3.pri\1d7d9bd8112b9d\dbf1b25e|@{5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy?ms-resource://5A894077.McAfeeSecurity/Resources/DisplayName}
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy%5Cmicrosoft.system.package.metadata%5CS-1-5-21-3983067033-3805247150-532412538-1001-MergedResources-4.pri\1d7d9bd8112b9d\dbf1b25e|@{5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy?ms-resource://5A894077.McAfeeSecurity/Resources/DisplayName}
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy%5Cmicrosoft.system.package.metadata%5CS-1-5-21-3983067033-3805247150-532412538-1001-MergedResources-4.pri\1d7d9bd8112b9d\dbf1b25e|@{5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy?ms-resource://5A894077.McAfeeSecurity/Files/Assets/Logos/Store/StoreLogo.png}
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\mcafee\WebAdvisor\uihost.exe.FriendlyAppName
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\mcafee\WebAdvisor\uihost.exe.ApplicationCompany
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\mcafee-uwp|""
DeleteValue: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\mcafee-uwp-dashboard|""
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-es_wafk5atnkzcwy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-fr_wafk5atnkzcwy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-100_wafk5atnkzcwy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\McAfeeExtn
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\McAfee
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplicationUserModelId\1^5A894077.McAfeeSecurity_wafk5atnkzcwy!App
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplicationUserModelId\3^5A894077.McAfeeSecurity_wafk5atnkzcwy!App
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-es_wafk5atnkzcwy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-fr_wafk5atnkzcwy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-100_wafk5atnkzcwy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Index\PackageFamilyName\5A894077.McAfeeSecurity_wafk5atnkzcwy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deleted\Upgrade\S-1-5-21-3983067033-3805247150-532412538-1001\5A894077.McAfeeSecurity_wafk5atnkzcwy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deleted\Upgrade\S-1-5-21-3983067033-3805247150-532412538-1001\5A894077.McAfeeSecurity_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-3983067033-3805247150-532412538-1001\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
DeleteKey: HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.60.0_x64__wafk5atnkzcwy%5Cresources.pri
DeleteKey: HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy%5Cresources.pri
DeleteKey: HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy%5Cresources.pri
DeleteKey: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{97846c00-5bd2-42f4-bbbc-86093cbc7e9f}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$p~5a894077.mcafeesecurity_wafk5atnkzcwy!app
DeleteKey: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{97846c00-5bd2-42f4-bbbc-86093cbc7e9f}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$5a894077.mcafeesecurity_wafk5atnkzcwy
DeleteKey: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{97846c00-5bd2-42f4-bbbc-86093cbc7e9f}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$p~5a894077.mcafeesecurity_wafk5atnkzcwy!app
DeleteKey: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{97846c00-5bd2-42f4-bbbc-86093cbc7e9f}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$5a894077.mcafeesecurity_wafk5atnkzcwy
DeleteKey: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\mcafee-uwp
DeleteKey: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\mcafee-uwp-dashboard
DeleteKey: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HostActivityManager\CommitHistory\5A894077.McAfeeSecurity_wafk5atnkzcwy!App
DeleteKey: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy%5Cmicrosoft.system.package.metadata%5CS-1-5-21-3983067033-3805247150-532412538-1001-MergedResources-2.pri
DeleteKey: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy%5Cmicrosoft.system.package.metadata%5CS-1-5-21-3983067033-3805247150-532412538-1001-MergedResources-3.pri
DeleteKey: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy%5Cmicrosoft.system.package.metadata%5CS-1-5-21-3983067033-3805247150-532412538-1001-MergedResources-4.pri
DeleteKey: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PolicyCache\5A894077.McAfeeSecurity_wafk5atnkzcwy
DeleteKey: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\mcafee-uwp
DeleteKey: HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\mcafee-uwp-dashboard
End::
*****************
 
Processes closed successfully.
C:\Windows\System32\Tasks_Migrated\McAfee Remediation (Prepare) => moved successfully
C:\Windows\System32\Tasks_Migrated\McAfeeLogon => moved successfully
C:\Windows\System32\Tasks_Migrated\McAfee\McAfee Auto Maintenance Task Agent => moved successfully
C:\Windows\System32\Tasks_Migrated\McAfee\McAfee Idle Detection Task => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~0F1E5F4D-8C42-472F-A47D-6AE884FD8903~amd64~~21.4.0.156.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~1174278A-69CD-49FE-B539-2CE8633649AC~amd64~~21.4.0.156.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~147144B3-BAD2-4924-B17F-14F055BBC462~amd64~~21.4.0.156.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~1E319252-E9BC-4B77-84D2-D1726408C877~amd64~~21.4.0.156.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~36E3981C-A539-44E6-A3B1-16A0FFBE3B6A~amd64~~21.4.0.156.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~44977A1E-F342-4719-9946-01969736EE75~amd64~~21.4.0.156.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~5049DA41-EB67-4411-B66E-D60C9D56FC64~amd64~~21.4.0.156.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~5701E163-E1C0-4F02-BD3A-7E05DBC45EFE~amd64~~21.4.0.156.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~645C1E24-7E79-4DB3-8DD9-9B2C8EFBD352~amd64~~21.4.0.156.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~6BFC8A82-711B-48E4-B95B-B0A049F08748~amd64~~21.4.0.156.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~714C512B-D9B0-433A-975E-D40EB6C909F0~amd64~~21.4.0.156.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~74110D0F-B486-42D6-B5E2-A4A916F97BB8~amd64~~21.4.0.156.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~8498FD9B-2FF4-435E-833A-D465D91F8C0D~amd64~~21.4.0.156.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~89F15ED4-BA83-4270-A1F5-735FDE65A125~amd64~~21.4.0.156.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~957A0B11-CED4-401E-8759-DF65CD79D954~amd64~~21.4.0.156.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~9B2FD39D-052E-4792-BBAF-758EED1183E1~amd64~~21.4.0.156.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~B042FA06-0F30-4A77-B316-21144A2B54EF~amd64~~21.4.0.156.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~C389B0CB-C144-4D42-B331-12E8938B060D~amd64~~21.4.0.156.5.cat => moved successfully
C:\Users\Jess\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\5A894077_McAfeeSecurity_wafk5atnkzcwy!App => moved successfully
C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-es_wafk5atnkzcwy.xml => moved successfully
C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-fr_wafk5atnkzcwy.xml => moved successfully
C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-100_wafk5atnkzcwy.xml => moved successfully
C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy.xml => moved successfully
C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy.xml => moved successfully
C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\mcafee-security.dll => moved successfully
C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\mcafee-security.exe => moved successfully
C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\McAfee.UWP.ResourceStreamer.winmd => moved successfully
C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\Win32\mcafee-security-ft.exe => moved successfully
C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\Assets\Offline\mcafee-logo.png => moved successfully
 
"C:\Windows\System32\Tasks_Migrated\McAfee" folder move:
 
C:\Windows\System32\Tasks_Migrated\McAfee => moved successfully
 
"C:\ProgramData\Packages\5A894077.McAfeeSecurity_wafk5atnkzcwy" folder move:
 
C:\ProgramData\Packages\5A894077.McAfeeSecurity_wafk5atnkzcwy => moved successfully
 
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_5A894077.McAfeeS_ff2d89a1f4cd8f116632c4c8ab72ee14ecf90c7_eda593ed_248d3a0e-7903-4326-93cd-2594b2dd45b4" folder move:
 
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_5A894077.McAfeeS_ff2d89a1f4cd8f116632c4c8ab72ee14ecf90c7_eda593ed_248d3a0e-7903-4326-93cd-2594b2dd45b4 => moved successfully
 
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_5A894077.McAfeeS_ff2d89a1f4cd8f116632c4c8ab72ee14ecf90c7_eda593ed_50d68887-5e08-428f-b1d6-ba81c0312a9a" folder move:
 
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_5A894077.McAfeeS_ff2d89a1f4cd8f116632c4c8ab72ee14ecf90c7_eda593ed_50d68887-5e08-428f-b1d6-ba81c0312a9a => moved successfully
 
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_5A894077.McAfeeS_9f32712cb0ebf6dacdd0ea849810d423494cfd9_eda593ed_35c242b8-7802-4f08-a464-6a0960bf99f8" folder move:
 
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_5A894077.McAfeeS_9f32712cb0ebf6dacdd0ea849810d423494cfd9_eda593ed_35c242b8-7802-4f08-a464-6a0960bf99f8 => moved successfully
 
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_5A894077.McAfeeS_9f32712cb0ebf6dacdd0ea849810d423494cfd9_eda593ed_b8c7280b-1d7d-4a44-b7a3-fe7a301bf7e7" folder move:
 
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_5A894077.McAfeeS_9f32712cb0ebf6dacdd0ea849810d423494cfd9_eda593ed_b8c7280b-1d7d-4a44-b7a3-fe7a301bf7e7 => moved successfully
 
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_5A894077.McAfeeS_f892d3e6b5274a591bfb12db1c50daaa35f944_7c13240f_cab4de4b-00a4-46f5-911f-eec7aaac0cdb" folder move:
 
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_5A894077.McAfeeS_f892d3e6b5274a591bfb12db1c50daaa35f944_7c13240f_cab4de4b-00a4-46f5-911f-eec7aaac0cdb => moved successfully
 
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_5A894077.McAfeeS_f892d3e6b5274a591bfb12db1c50daaa35f944_7c13240f_fc5b765e-e6a0-43d6-b86c-ee3a51e2c391" folder move:
 
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_5A894077.McAfeeS_f892d3e6b5274a591bfb12db1c50daaa35f944_7c13240f_fc5b765e-e6a0-43d6-b86c-ee3a51e2c391 => moved successfully
 
"C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-es_wafk5atnkzcwy" folder move:
 
C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-es_wafk5atnkzcwy => moved successfully
 
"C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-fr_wafk5atnkzcwy" folder move:
 
C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-fr_wafk5atnkzcwy => moved successfully
 
"C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-100_wafk5atnkzcwy" folder move:
 
C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-100_wafk5atnkzcwy => moved successfully
 
"C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy" folder move:
 
C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy => moved successfully
 
"C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy" folder move:
 
C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy => moved successfully
 
"C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-es_wafk5atnkzcwy" folder move:
 
C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-es_wafk5atnkzcwy => moved successfully
 
"C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-fr_wafk5atnkzcwy" folder move:
 
C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-fr_wafk5atnkzcwy => moved successfully
 
"C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-100_wafk5atnkzcwy" folder move:
 
C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-100_wafk5atnkzcwy => moved successfully
 
"C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy" folder move:
 
C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy => moved successfully
 
"C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy" folder move:
 
C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy => moved successfully
 
"C:\eSupport\eDriver\Software\Win32App\McAFee" folder move:
 
C:\eSupport\eDriver\Software\Win32App\McAFee => moved successfully
"C:\eSupport\eDriver\Software\Win32App\McAFee\McAfee Common Build for All" => not found
 
"C:\eSupport\eDriver\Software\StoreAPP\McAFee" folder move:
 
C:\eSupport\eDriver\Software\StoreAPP\McAFee => moved successfully
"C:\eSupport\eDriver\Software\StoreAPP\McAFee\McAfee UWP Tile" => not found
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\1ee\\PackageFullName" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\1ee\\InstalledLocation" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\1ee\\_IndexKeys" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\1ef\\PackageFullName" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\1ef\\InstalledLocation" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\1ef\\_IndexKeys" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\1f0\\PackageFullName" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\1f0\\InstalledLocation" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\1f0\\_IndexKeys" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Data\28\\PackageFamilyName" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Data\28\\_IndexKeys" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy\\Path" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-3983067033-3805247150-532412538-1001\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy\\Path" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallService\State\CategoryCache\\50784a52-089b-eb35-112c-8c567a3bb960US" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1934400034-209954011-3720149822-500\\\Device\HarddiskVolume4\PROGRA~1\COMMON~1\mcafee\amcore\OEMCHE~1.EXE" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1934400034-209954011-3720149822-500\\\Device\HarddiskVolume4\Users\ADMINI~1\AppData\Local\Temp\McAfeeDat\DATUpdater.exe" => removed successfully
"HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.60.0_x64__wafk5atnkzcwy%5Cresources.pri\1d7828db42fecc3\a37dfe62\\@{C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.60.0_x64__wafk5atnkzcwy\resources.pri? ms-resource:///resources/DisplayName}" => removed successfully
"HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy%5Cresources.pri\1d7aac21136e8e0\a37dfe62\\@{C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy\resources.pri? ms-resource:///resources/DisplayName}" => removed successfully
"HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy%5Cresources.pri\1d7d91f22c08cdb\a37dfe62\\@{C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\resources.pri? ms-resource:///resources/DisplayName}" => removed successfully
"HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\UserData\UninstallTimes\\5A894077.McAfeeSecurity_wafk5atnkzcwy" => removed successfully
"HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched\\{6D809377-6AF0-444B-8957-A3773F02200E}\mcafee\WebAdvisor\uihost.exe" => removed successfully
"HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView\\{6D809377-6AF0-444B-8957-A3773F02200E}\mcafee\WebAdvisor\uihost.exe" => removed successfully
"HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files\WindowsApps\5a894077.mcafeesecurity_1.4.3.0_x64__wafk5atnkzcwy\McAfeeSecurityStartup.exe" => removed successfully
"HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files\mcafee\msc\mcuihost.exe" => removed successfully
"HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files\mcafee\WebAdvisor\uninstaller.exe" => removed successfully
"HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HostActivityManager\Volatile\\5A894077.McAfeeSecurity_wafk5atnkzcwy!App" => removed successfully
"HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy%5Cmicrosoft.system.package.metadata%5CS-1-5-21-3983067033-3805247150-532412538-1001-MergedResources-2.pri\1d7aac212148c99\dbf1b25e\\@{5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy?ms-resource://5A894077.McAfeeSecurity/Resources/DisplayName}" => removed successfully
"HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy%5Cmicrosoft.system.package.metadata%5CS-1-5-21-3983067033-3805247150-532412538-1001-MergedResources-3.pri\1d7d9bd8112b9d\dbf1b25e\\@{5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy?ms-resource://5A894077.McAfeeSecurity/Resources/DisplayName}" => removed successfully
"HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy%5Cmicrosoft.system.package.metadata%5CS-1-5-21-3983067033-3805247150-532412538-1001-MergedResources-4.pri\1d7d9bd8112b9d\dbf1b25e\\@{5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy?ms-resource://5A894077.McAfeeSecurity/Resources/DisplayName}" => removed successfully
"HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy%5Cmicrosoft.system.package.metadata%5CS-1-5-21-3983067033-3805247150-532412538-1001-MergedResources-4.pri\1d7d9bd8112b9d\dbf1b25e\\@{5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy?ms-resource://5A894077.McAfeeSecurity/Files/Assets/Logos/Store/StoreLogo.png}" => removed successfully
"HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\mcafee\WebAdvisor\uihost.exe.FriendlyAppName" => removed successfully
"HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\mcafee\WebAdvisor\uihost.exe.ApplicationCompany" => removed successfully
"HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\mcafee-uwp\\" => removed successfully
"HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\mcafee-uwp-dashboard\\" => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-es_wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-fr_wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-100_wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\McAfeeExtn => removed successfully
RegLink Found. Source: "" => Target: "HKLM\Software\Wow6432Node\McAfee"
"HKEY_LOCAL_MACHINE\SOFTWARE\McAfee" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplicationUserModelId\1^5A894077.McAfeeSecurity_wafk5atnkzcwy!App" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplicationUserModelId\3^5A894077.McAfeeSecurity_wafk5atnkzcwy!App" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-es_wafk5atnkzcwy" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.language-fr_wafk5atnkzcwy" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-100_wafk5atnkzcwy" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Index\PackageFamilyName\5A894077.McAfeeSecurity_wafk5atnkzcwy" => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deleted\Upgrade\S-1-5-21-3983067033-3805247150-532412538-1001\5A894077.McAfeeSecurity_wafk5atnkzcwy => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deleted\Upgrade\S-1-5-21-3983067033-3805247150-532412538-1001\5A894077.McAfeeSecurity_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy" => not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-3983067033-3805247150-532412538-1001\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy => removed successfully
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.60.0_x64__wafk5atnkzcwy%5Cresources.pri => removed successfully
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy%5Cresources.pri => removed successfully
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy%5Cresources.pri => removed successfully
HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{97846c00-5bd2-42f4-bbbc-86093cbc7e9f}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$p~5a894077.mcafeesecurity_wafk5atnkzcwy!app => removed successfully
HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{97846c00-5bd2-42f4-bbbc-86093cbc7e9f}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$5a894077.mcafeesecurity_wafk5atnkzcwy => removed successfully
HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{97846c00-5bd2-42f4-bbbc-86093cbc7e9f}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$p~5a894077.mcafeesecurity_wafk5atnkzcwy!app => removed successfully
HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{97846c00-5bd2-42f4-bbbc-86093cbc7e9f}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$5a894077.mcafeesecurity_wafk5atnkzcwy => removed successfully
HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\mcafee-uwp => removed successfully
HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\mcafee-uwp-dashboard => removed successfully
HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HostActivityManager\CommitHistory\5A894077.McAfeeSecurity_wafk5atnkzcwy!App => removed successfully
HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy%5Cmicrosoft.system.package.metadata%5CS-1-5-21-3983067033-3805247150-532412538-1001-MergedResources-2.pri => removed successfully
HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy%5Cmicrosoft.system.package.metadata%5CS-1-5-21-3983067033-3805247150-532412538-1001-MergedResources-3.pri => removed successfully
HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy%5Cmicrosoft.system.package.metadata%5CS-1-5-21-3983067033-3805247150-532412538-1001-MergedResources-4.pri => removed successfully
HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PolicyCache\5A894077.McAfeeSecurity_wafk5atnkzcwy => removed successfully
HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\mcafee-uwp => removed successfully
HKEY_USERS\S-1-5-21-3983067033-3805247150-532412538-1001\SOFTWARE\Classes\mcafee-uwp-dashboard => removed successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 23:36:19 ====

#10 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:24 PM

Posted 22 September 2023 - 08:58 AM

That looks very nice.

 

Are you still receiving McAfee popups?


Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#11 sunny90

sunny90
  • Topic Starter

  • Avatar image
  • Members
  • 8 posts
  • OFFLINE
    •  
  • Local time:09:24 PM

Posted 23 September 2023 - 12:24 PM

Yes I am still getting the popups. I tried to post the picture but it seems the forum does not allow it.


#12 sunny90

sunny90
  • Topic Starter

  • Avatar image
  • Members
  • 8 posts
  • OFFLINE
    •  
  • Local time:09:24 PM

Posted 23 September 2023 - 12:59 PM

The popups:

 

us.system-security-check.online

 

pcupdatessoftwares.com

 

s2s.free-installer.com


pcproupdates.com

 

pcdetecttoday.com

 

pcdefendtoday.com

 

2.dailyinstall.com

 

pcsetupnotify.com

 

www1.site-advisor.com

 

 

pcupdatessoftwares.com


#13 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:24 PM

Posted 23 September 2023 - 03:41 PM

Which browser(s)?

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#14 sunny90

sunny90
  • Topic Starter

  • Avatar image
  • Members
  • 8 posts
  • OFFLINE
    •  
  • Local time:09:24 PM

Posted 23 September 2023 - 07:43 PM

Google Chrome


#15 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:24 PM

Posted 23 September 2023 - 09:27 PM

Thank you.

Please do this.

===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it to your Desktop
  • Close all open programs and browsers
  • Right click on the icon and select Run as administrator
  • Click Scan now
  • Allow the program to Quarantine what it finds except for Pre-installed applications if you would like to keep those or other entries you would like to keep
  • When completed click View Scan Log File
  • Copy and paste the contents in your reply
  • Click Skip Basic Repair if it appears then close the program
===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
CreateRestorePoint:
CloseProcesses:
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
Emptytemp:
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
  • Note: The Emptytemp: command will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
  • Upon reboot check Chrome. If you still are experiencing issues complete the next step
===================================================

Disabling Extensions in Google Chrome

--------------------
  • Press the Windows Key + R at the same time
  • Copy and paste the following into the Open: box

chrome --disable-extensions

  • Click OK
  • Test the browser performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • AdwCleaner report
  • Fixlog
  • Chrome without extensions, if applicable
  • Update on Chrome browser

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

Back to Virus, Trojan, Spyware, and Malware Removal Help


2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·