Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #16  
Old October 21st, 2021, 09:26 PM
littleone littleone is offline
Senior Member
 
Join Date: Aug 2017
Posts: 157
addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2021
Ran by Debbie (21-10-2021 15:04:15)
Running from C:\Users\Debbie\Downloads
Microsoft Windows 10 Home Version 21H1 19043.1288 (X64) (2020-08-27 21:52:13)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3358373597-1690568811-3966139131-500 - Administrator - Disabled)
Debbie (S-1-5-21-3358373597-1690568811-3966139131-1001 - Administrator - Enabled) => C:\Users\Debbie
DefaultAccount (S-1-5-21-3358373597-1690568811-3966139131-503 - Limited - Disabled)
Guest (S-1-5-21-3358373597-1690568811-3966139131-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3358373597-1690568811-3966139131-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Total AV (Disabled - Out of date) {AC3490DF-B2AE-610F-9290-A5E6E0CD5323}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.6.0.788 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 21.8.2487 - Avast Software)
Direct Game UNI Installer (HKLM-x32\...\{7CE79E81-562B-4252-93D7-C6FF8F18FE9C}) (Version: 1.0.23 - GamesLOL)
EdrawMax(Build 10.0.4.776) (HKLM-x32\...\{037BAB81-3DF7-4381-A72C-A26B57C03548}_is1) (Version: 10.0.4.776 - EdrawSoft Co.,Ltd.)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.1 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{FFA5C174-DB3F-4AFE-B59D-C0FB1744CD76}) (Version: 3.1.0.0 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{28C66F35-69BF-4376-BC80-4D5F4808FF3C}) (Version: 4.6.1 - Seiko Epson Corporation)
EPSON XP-430 Series Printer Uninstall (HKLM\...\EPSON XP-430 Series) (Version: - Seiko Epson Corporation)
Free DVD Player version 6.6.8 (HKLM-x32\...\Free DVD Player_is1) (Version: 6.6.8 - ShiningSoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 94.0.4606.81 - Google LLC)
IEBrowserAssistant (HKLM-x32\...\{BC63C727-3079-49AA-876A-8E459D35CB72}) (Version: 1.0.0 - Realistic Media Inc.)
Inventoria Stock Manager (HKLM-x32\...\Inventoria) (Version: 7.04 - NCH Software)
Malwarebytes version 4.2.2.95 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.2.95 - Malwarebytes)
McAfee Safe Connect (HKLM-x32\...\{2973b354-fb68-4cf9-a20a-5bf99895504b}) (Version: 2.13 - McAfee, LLC.)
McAfee Safe Connect (HKLM-x32\...\{FA376988-2613-43B7-8BFC-91D8DC165F14}) (Version: 2.13 - McAfee, LLC.) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.2296.1 - McAfee, LLC)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 94.0.992.50 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\OneDriveSetup.exe) (Version: 21.196.0921.0007 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Quick Driver Updater (HKLM\...\{1745FA8E-3AEE-4239-A380-89B8F6EDB642}_is1) (Version: 1.0.0.5 - Digital Protection Services S.R.L)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}) (Version: 8.0.0.35 - GRISOFT, s.r.o.)
WaveBrowser (HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\WaveBrowser) (Version: 1.1.3.4 - Wavesor Software)
WinZip 25.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2412F}) (Version: 25.0.14273 - Corel Corporation)

Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4. 0_x86__e1rzdqpraam7r [2021-07-27] (Adobe Systems Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_ x86__enpm4xejd91yc [2021-07-27] (Adobe Systems Incorporated)
Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3 .10.1036.0_x64__22t9g3sebte08 [2021-10-01] (AMZN Mobile LLC.) [Startup Task]
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.67. 3.0_x86__kgqvnymyfvs32 [2021-10-21] (king.com)
Dell SupportAssist for PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_ 3.3.8.0_x64__htrsf667h5kn2 [2019-11-26] (Dell Inc)
DVD Player - FREE -> C:\Program Files\WindowsApps\21336V3TApps.DVDPlayer-FREE_1.1.7.0_x86__bzg06mxvgh4fa [2021-10-11] (V3TApps)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.68.6.0 _x86__kgqvnymyfvs32 [2021-10-08] (king.com)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x64__8wekyb3d8bbwe [2019-08-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x86__8wekyb3d8bbwe [2019-08-13] (Microsoft Corporation) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_4.0.1 1030.0_x64__8wekyb3d8bbwe [2020-11-22] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireColl ection_4.10.9220.0_x64__8wekyb3d8bbwe [2021-10-10] (Microsoft Studios) [MS Ad]
Nero DVD Player -> C:\Program Files\WindowsApps\NeroAG.NeroDVDPlayer_1.0.25.0_x8 6__k5ye2zvjqqeaw [2021-09-28] (NeroAG)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Mai n_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_ 1.0.0.0_x64__8wekyb3d8bbwe [2020-04-07] (Microsoft Corporation)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0 _x86__e1rzdqpraam7r [2021-07-19] (Adobe Systems Incorporated)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610 .0_x86__zpdnekdrzrea0 [2021-10-13] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-71A484481361} -> [Creative Cloud Files] => C:\Users\Debbie\Creative Cloud Files [2021-07-27 09:53]
CustomCLSID: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001_Classes\CLSID\{9CD78CBC-FD21-4FFF-B452-9D792A58B7C4}\localserver32 -> C:\Users\Debbie\Wavesor Software\WaveBrowser\1.1.3.4\notification_helper.e xe (Wavesor Software -> Wavesor Software)
CustomCLSID: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001_Classes\CLSID\{C5596523-009B-41A7-AB11-BCA2274BDCDB}\InprocServer32 -> C:\Users\Debbie\Wavesor Software\SWUpdater\1.3.109.0\psuser_64.dll (Wavesor Software -> Wavesor Software)
CustomCLSID: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
CustomCLSID: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32 -> C:\Users\Debbie\Wavesor Software\SWUpdater\1.3.109.0\psuser_64.dll (Wavesor Software -> Wavesor Software)
CustomCLSID: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 -> C:\Users\Debbie\Wavesor Software\SWUpdater\1.3.109.0\psuser_64.dll (Wavesor Software -> Wavesor Software)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-03] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-09-09] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-25] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-25] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-09-09] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-25] (Corel Corporation -> WinZip Computing)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Debbie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Googl e Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2015-12-17 11:11 - 2015-12-17 11:11 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
BHO: IEBrowserAssistant -> {2421CBA2-89B7-4734-8438-49E0D7EB8A75} -> C:\Users\Debbie\AppData\Roaming\IEBrowserAssistant \adxloader64.dll [2018-11-13] (Default Company) [File not signed]
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavSt ub.dll [2021-06-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavSt ub.dll [2021-06-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: IEBrowserAssistant -> {2421CBA2-89B7-4734-8438-49E0D7EB8A75} -> C:\Users\Debbie\AppData\Roaming\IEBrowserAssistant \adxloader.dll [2018-11-13] (Default Company) [File not signed]
BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.d ll [2021-06-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.d ll [2021-06-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavSt ub.dll [2021-06-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.d ll [2021-06-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavSt ub.dll [2021-06-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 00:49 - 2021-09-14 10:02 - 000000893 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.1 scinstallcheck.mcafee.com
0.0.0.1 mssplus.mcafee.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Debbie\Desktop\67702742_10211103468221886 _5226150221913784320_n.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EDE300A4-4668-487C-80BF-7ED7CB87CCE2}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{AA880568-314B-4828-A4EE-91C38FD10C0D}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{21D7B6EA-61B9-4BAE-A031-21BFCE3B3839}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{3953B7E4-57BB-4E11-B665-3F60D3482BB0}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{AE6CCC3F-7752-4CC0-AB94-B2695D0E9798}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [TCP Query User{18FC0007-2E32-4170-81CB-50B2131A1229}C:\program files\avast software\avast\avastui.exe] => (Allow) C:\program files\avast software\avast\avastui.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [UDP Query User{25897CAB-D1C9-4915-974E-3219973E3636}C:\program files\avast software\avast\avastui.exe] => (Allow) C:\program files\avast software\avast\avastui.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [TCP Query User{F7840ABD-601B-4115-A3F0-40A62836C6F0}C:\users\debbie\wavesor software\wavebrowser\wavebrowser.exe] => (Allow) C:\users\debbie\wavesor software\wavebrowser\wavebrowser.exe (Wavesor Software -> Wavesor Software)
FirewallRules: [UDP Query User{F4A2F4F4-F1AB-4483-BF0E-56066B3254E0}C:\users\debbie\wavesor software\wavebrowser\wavebrowser.exe] => (Allow) C:\users\debbie\wavesor software\wavebrowser\wavebrowser.exe (Wavesor Software -> Wavesor Software)
FirewallRules: [{21F49963-F940-4950-806E-28E87220E79A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x 86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D82A75F8-27F2-4BC0-9487-A09153ABEA2E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x 86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D27AF385-F640-4843-803A-284A47F2C4B2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x 86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EF620824-9DEE-4C9D-BA7C-BBF0C458F164}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x 86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{63C574FA-F792-40C3-B977-F18C83371366}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{D0464766-9694-4DAD-84DF-3400CBBFEA7E}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{78058847-D7F5-46FE-87E5-237255E3594F}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{46F05838-8B58-4B3F-9E48-1ADD3D05F47C}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{2E206628-959B-4D42-A65C-84FBDE9CC289}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5CB88FEF-4F16-495A-832B-5361E9FF39B7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A4A7F427-EE12-45F5-A1A2-4D4E3264402B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F9E3B79B-5498-4A08-8DA8-28FC65AABE06}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2D9AE26A-EBCC-40D0-A9A5-B8A436E9C54B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DE96FEDD-7F37-49BD-A16B-6F899114C366}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D372E75E-1F6F-458C-8FA9-8607798BF387}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{798C6BFF-5335-4E6D-9D39-02E35D36B98E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{69C6D0E0-3FE5-4DBD-B1B8-777847DA522A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

02-10-2021 19:40:43 Scheduled Checkpoint
11-10-2021 19:40:57 Scheduled Checkpoint
13-10-2021 06:48:18 Windows Modules Installer
13-10-2021 07:05:18 Windows Modules Installer
20-10-2021 18:06:56 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (10/16/2021 12:29:30 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (10/16/2021 12:06:52 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (10/08/2021 10:41:19 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (10/08/2021 10:25:16 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (10/06/2021 06:24:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdobeNotificationClient.exe version 5.2.0.121 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2b28

Start Time: 01d7aa7b3103ae0c

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_ x86__enpm4xejd91yc\AdobeNotificationClient.exe

Report Id: d5e8b78c-72b7-447c-a403-fbed0f6cec14

Faulting package full name: AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc

Faulting package-relative application ID: App

Hang type: Quiesce

Error: (10/01/2021 11:08:29 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (10/01/2021 10:53:54 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (09/27/2021 11:47:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AcroRd32.exe, version: 21.7.20091.59174, time stamp: 0x613991a9
Faulting module name: AcroRd32.dll, version: 21.7.20091.59174, time stamp: 0x613991a6
Exception code: 0xc0000005
Fault offset: 0x001290c2
Faulting process id: 0x3a60
Faulting application start time: 0x01d7b3b6e2ecf180
Faulting application path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Faulting module path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
Report Id: 5386e006-897f-4c21-bc45-322e553aeece
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (10/13/2021 06:13:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee CSP Service service hung on starting.

Error: (10/13/2021 05:59:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ELI7VR8)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (10/13/2021 05:59:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ELI7VR8)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (10/13/2021 05:59:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ELI7VR8)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (10/13/2021 05:59:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ELI7VR8)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (10/13/2021 05:59:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ELI7VR8)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (10/13/2021 05:59:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ELI7VR8)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (10/13/2021 05:59:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ELI7VR8)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.


CodeIntegrity:
===============
Date: 2021-10-21 12:28:37
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\x86\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2021-10-21 08:24:53
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost. exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. A11 12/30/2011
Motherboard: Dell Inc. 0D28YY
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 70%
Total physical RAM: 8073.05 MB
Available physical RAM: 2419.05 MB
Total Virtual: 13193.05 MB
Available Virtual: 6078.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.19 GB) (Free:401.49 GB) NTFS
Drive d: () (Removable) (Total:28.89 GB) (Free:26.32 GB) FAT32
Drive e: (662PPGOLD_BGS) (CDROM) (Total:0.45 GB) (Free:0 GB) CDFS

\\?\Volume{ec7a2b63-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.57 GB) (Free:0.12 GB) NTFS

==================== MBR & Partition Table ====================

================================================== ========
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: EC7A2B63)
Partition 1: (Active) - (Size=579 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)

================================================== ========
Disk: 2 (Protective MBR) (Size: 29.3 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
Reply With Quote


  #17  
Old October 22nd, 2021, 05:06 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,178
That's just another frst scan log, and nothing has changed. Temp disable Avast and try the steps again. What browser are using to do the download, where all downloads end up in the download folder?
Reply With Quote
  #18  
Old October 23rd, 2021, 12:43 PM
littleone littleone is offline
Senior Member
 
Join Date: Aug 2017
Posts: 157
3nd time

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-10-2021
Ran by Debbie (administrator) on DESKTOP-ELI7VR8 (Dell Inc. OptiPlex 790) (21-10-2021 16:39:06)
Running from C:\Users\Debbie\Downloads
Loaded Profiles: Debbie
Platform: Microsoft Windows 10 Home Version 21H1 19043.1288 (X64) Language: English (United States)
Default browser: IE
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe <2>
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Inc. -> Adobe) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\RemoteComponents\UPI\ExManCoreLib\AdobeExte nsionsService.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4. 0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_ x86__enpm4xejd91yc\AdobeNotificationClient.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0 _x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <6>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(Corel Corporation -> WinZip Computing) C:\Program Files\WinZip\WzPreloader.exe
(Corel Corporation -> WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <31>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler. exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler6 4.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee Security Scan\3.11.2296\SSScheduler.exe
(McAfee, LLC -> McAfee, LLC.) C:\Program Files (x86)\McAfee\McAfee Safe Connect\SafeConnect.ServiceHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\CSP\3.4.105.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2109.6 305.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_16005.14326.20520.0_x64__8wekyb3d8bbwe\HxOutlo ok.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_16005.14326.20520.0_x64__8wekyb3d8bbwe\HxTsr.e xe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.100 1.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.ex e
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRu ntime.exe
(OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YARNPAE. EXE
(Wavesor Software -> Wavesor Software) C:\Users\Debbie\Wavesor Software\SWUpdater\1.3.109.0\SWUpdaterCrashHandler .exe
(Wavesor Software -> Wavesor Software) C:\Users\Debbie\Wavesor Software\SWUpdater\1.3.109.0\SWUpdaterCrashHandler 64.exe
(Wavesor Software -> Wavesor Software) C:\Users\Debbie\Wavesor Software\WaveBrowser\wavebrowser.exe <10>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [134936 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3952096 2020-03-11] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436704 2020-09-25] (Corel Corporation -> WinZip Computing, S.L.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5267168 2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [781552 2021-10-06] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\Run: [EPSDNMON] => ""
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\Run: [Wavesor SWUpdater] => C:\Users\Debbie\Wavesor Software\SWUpdater\1.3.109.0\SWUpdaterCore.exe [210064 2021-08-23] (Wavesor Software -> Wavesor Software)
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5397216 2021-10-05] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5397216 2021-10-05] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe [2766064 2021-10-06] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Debbie\AppData\Local\Microsoft\OneDrive\ Update\OneDriveSetup.exe"
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Debbie\AppData\Local\Microsoft\OneDrive\ StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\RunOnce: [Uninstall 21.180.0905.0007] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Debbie\AppData\Local\Microsoft\OneDrive\ 21.180.0905.0007"
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [65160 2021-06-27] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\EPSON XP-430 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBPAE.DLL [180224 2014-03-05] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\94.0.4606.81\Insta ller\chrmstp.exe [2021-10-13] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2021-09-14]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.2296\SSScheduler.exe (McAfee, LLC -> McAfee, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2021-04-06]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00C3A446-5C9F-4B64-8C4B-8A74992976FB} - System32\Tasks\EPSON XP-430 Series Update {4096E76B-F21C-4D1E-96D3-5B18C92C0122} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSPAE.E XE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {11BC88AB-253F-463C-9839-BFC664239DAA} - System32\Tasks\WavesorSWUpdaterTaskUserS-1-5-21-3358373597-1690568811-3966139131-1001Core => C:\Users\Debbie\Wavesor Software\SWUpdater\SWUpdater.exe [107608 2021-04-06] (Wavesor Software -> Wavesor Software)
Task: {14F842F3-E167-40CF-9A23-6CBFAF7C3EDA} - System32\Tasks\WavesorSWUpdaterTaskUserS-1-5-21-3358373597-1690568811-3966139131-1001UA => C:\Users\Debbie\Wavesor Software\SWUpdater\SWUpdater.exe [107608 2021-04-06] (Wavesor Software -> Wavesor Software)
Task: {22F11743-5FE8-4611-A5C2-12B8F6F58F38} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {27A0CE13-F160-45C2-95CD-5E94CAAF909E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-12] (Google Inc -> Google LLC)
Task: {2D0E9BC2-E25F-4440-AEB5-8D2C78D06A25} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {49281A4F-475D-43B9-803B-4EA453285A8D} - System32\Tasks\Quick Driver Updater skipuac => C:\Program Files\Quick Driver Updater\qdu.exe [4183136 2020-05-11] (DIGITAL PROTECTION SERVICES S.R.L. -> Digital Protection Services S.R.L)
Task: {4B238893-8C9F-4EE3-8ED0-1D15A0A6FEF9} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {52DF8A8D-DAD3-4131-B6E8-F8D220C9AB2A} - System32\Tasks\BA Scheduler => powershell.exe -WindowStyle Hidden -ExecutionPolicy bypass -c "$env:COMPLUS_version='v4.0.30319';&powershell{$w= "$env:APPDATA"+'\Browser Assistant\';[Reflection.Assembly]::Load([System.IO.File]::ReadAllBytes($w+'Updater.dll'));$i=new-object u.U;$i.ST()}" <==== ATTENTION
Task: {5BE3E93F-D035-437F-A554-BE93865CE7B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-12] (Google Inc -> Google LLC)
Task: {8166F735-585E-49C0-89AD-658E2F0F9A2D} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {9F9FDCA7-65F7-4D42-8AEA-9E303D59C312} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-04-30] (Avast Software s.r.o. -> Avast Software)
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Acrobat Update Task" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\AdobeGCInvoker-1.0" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\BA Scheduler" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\EPSON XP-430 Series Update {4096E76B-F21C-4D1E-96D3-5B18C92C0122}" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-3358373597-1690568811-3966139131-1001" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\Quick Driver Updater skipuac" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{46199E18-599D-4060-9554-AECE3B7CD090}" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\WavesorSWUpdaterTaskUserS-1-5-21-3358373597-1690568811-3966139131-1001Core" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\WavesorSWUpdaterTaskUserS-1-5-21-3358373597-1690568811-3966139131-1001UA" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\WinZip Update Notifier 1" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\WinZip Update Notifier 2" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN "\WinZip Update Notifier 3" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(17): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {A6DE2D4C-BD7A-4611-8C7A-72FB8D7256F1} - System32\Tasks\NCH Software\InventoriaSchedBackup => C:\Program Files (x86)\NCH Software\Inventoria\Inventoria.exe [1771592 2020-05-15] (NCH Software, Inc. -> NCH Software)
Task: {B619201D-1F8B-42ED-8ABF-EB18029BD895} - System32\Tasks\Wavesor Software_S-1-5-21-3358373597-1690568811-3966139131-1001\WaveBrowser-StartAtLogin => C:\Users\Debbie\Wavesor Software\WaveBrowser\wavebrowser.exe [2240144 2021-09-28] (Wavesor Software -> Wavesor Software)
Task: {D8AF7D68-80A1-4963-AB2C-CA01A71E0568} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4929304 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
Task: {E12154D5-728C-4DC3-92E3-FDEAE3D18252} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask .job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\EPSON XP-430 Series Update {4096E76B-F21C-4D1E-96D3-5B18C92C0122}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSPAE.E XE:/EXE:{4096E76B-F21C-4D1E-96D3-5B18C92C0122} /F:UpdateWORKGROUP\DESKTOP-ELI7VR8$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{ef7a85fb-3144-4027-9b39-96105a998004}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Debbie\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-17]

FireFox:
========
FF DefaultProfile: 4oh45ttj.default
FF ProfilePath: C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Pr ofiles\4oh45ttj.default [2021-07-11]
FF ProfilePath: C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Pr ofiles\jtavwzjp.default-release [2021-03-22]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_ex tn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_ex tn\adobe_acrobat-1.0-windows.xpi [2021-06-26]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_ex tn\adobe_acrobat-1.0-windows.xpi
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-10-06] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-10-06] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default [2021-10-21]
CHR Notifications: Default -> hxxps//apps4u.store; hxxps//mail.google.com; hxxps//www.directhit.com; hxxps//www.facebook.com; hxxps//www.wish.com
CHR Extension: (Slides) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2021-08-11]
CHR Extension: (Docs) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2019-09-12]
CHR Extension: (Google Drive) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2020-10-31]
CHR Extension: (YouTube) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2019-09-12]
CHR Extension: (Adobe Acrobat) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefi ndmkaj [2021-10-20]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihc jkigck [2021-10-13]
CHR Extension: (Sheets) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2019-09-12]
CHR Extension: (Google Docs Offline) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2021-10-19]
CHR Extension: (securyBrowse) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kojidghikgbmicmgpmcdfallpa caanel [2021-06-03]
CHR Extension: (AVG SafePrice | Comparison, deals, coupons) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcigh gikkgn [2021-08-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2021-02-09]
CHR Extension: (Browser Checkup for Chrome by Doctor) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\okjdbeegldeilceaflghgfdemo bmfhbd [2021-07-08]
CHR Extension: (Gmail) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2020-10-31]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [844528 2021-10-06] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3833088 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3603200 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8323664 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [630040 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [377624 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
S3 InventoriaService; C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe [1771592 2020-05-15] (NCH Software, Inc. -> NCH Software)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7265328 2020-10-31] (Malwarebytes Inc -> Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.2296\McCHSvc.exe [416752 2021-09-03] (McAfee, LLC -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.4.105.0\\McCSPServiceHost.exe [2687856 2020-01-25] (McAfee, LLC. -> McAfee, LLC.)
R2 SafeConnectService; C:\Program Files (x86)\McAfee\McAfee Safe Connect\SafeConnect.ServiceHost.exe [31968 2021-05-26] (McAfee, LLC -> McAfee, LLC.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2020-01-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2020-01-15] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35720 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [221600 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [369176 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250408 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99368 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [21936 2021-10-03] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41368 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [184640 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [538480 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107864 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82912 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851712 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [557152 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215392 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [328568 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [217600 2021-06-02] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-10-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2021-06-06] (Malwarebytes Inc -> Malwarebytes)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2021-05-26] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50688 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2020-01-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2020-01-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2020-01-15] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-21 16:36 - 2021-10-21 16:38 - 000000338 _____ C:\Users\Debbie\Desktop\fixlist.txt
2021-10-21 14:59 - 2021-10-21 14:59 - 002310656 _____ (Farbar) C:\Users\Debbie\Downloads\FRST64 (14).exe
2021-10-21 14:59 - 2021-10-21 14:59 - 000001492 _____ C:\Users\Debbie\Desktop\FRST64 (14) - Shortcut.lnk
2021-10-21 14:58 - 2021-10-21 14:58 - 002310656 _____ (Farbar) C:\Users\Debbie\Downloads\FRST64 (13).exe
2021-10-19 10:26 - 2021-10-19 10:26 - 002310656 _____ (Farbar) C:\Users\Debbie\Downloads\FRST64 (12).exe
2021-10-19 10:21 - 2021-10-19 10:21 - 000000579 _____ C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\FRST.lnk
2021-10-18 17:29 - 2021-10-18 17:29 - 002310656 _____ (Farbar) C:\Users\Debbie\Downloads\FRST64 (11).exe
2021-10-18 17:28 - 2021-10-18 17:28 - 002019328 _____ (Farbar) C:\Users\Debbie\Downloads\FRST (5).exe
2021-10-18 17:27 - 2021-10-18 17:28 - 002019328 _____ (Farbar) C:\Users\Debbie\Downloads\FRST (4).exe
2021-10-18 17:27 - 2021-10-18 17:27 - 002310656 _____ (Farbar) C:\Users\Debbie\Downloads\FRST64 (10).exe
2021-10-13 07:40 - 2021-10-13 07:40 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2021-10-13 07:40 - 2021-10-13 07:40 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2021-10-13 07:39 - 2021-10-13 07:39 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-10-13 07:39 - 2021-10-13 07:39 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-10-13 07:39 - 2021-10-13 07:39 - 000011495 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-10-13 07:38 - 2021-10-13 07:38 - 001823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-10-13 07:38 - 2021-10-13 07:38 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-10-13 07:38 - 2021-10-13 07:38 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-10-13 07:38 - 2021-10-13 07:38 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-10-13 07:37 - 2021-10-13 07:37 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-10-13 07:37 - 2021-10-13 07:37 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-10-13 07:37 - 2021-10-13 07:37 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjec ts.dll
2021-10-13 07:37 - 2021-10-13 07:37 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-10-13 07:05 - 2021-10-13 07:05 - 000000000 ___HD C:\$WinREAgent
2021-10-07 22:43 - 2021-10-07 22:43 - 000956512 _____ (Wavesor Software) C:\Users\Debbie\Downloads\Wave Browser (2).exe
2021-10-07 22:42 - 2021-10-07 22:43 - 000956512 _____ (Wavesor Software) C:\Users\Debbie\Downloads\Wave Browser (1).exe
2021-10-07 22:42 - 2021-10-07 22:42 - 000956512 _____ (Wavesor Software) C:\Users\Debbie\Downloads\Wave Browser.exe
2021-10-03 01:08 - 2021-10-03 01:08 - 000340248 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-10-03 01:08 - 2021-10-03 01:08 - 000215392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-09-27 12:29 - 2021-09-27 12:29 - 000082208 _____ C:\Users\Debbie\Downloads\5th Annual Memorial Ride for Mason Avery Mitchell (3).pdf
2021-09-27 11:53 - 2021-09-27 11:53 - 000081848 _____ C:\Users\Debbie\Downloads\5th Annual Memorial Ride for Mason Avery Mitchell (2).pdf
2021-09-27 11:45 - 2021-09-27 11:45 - 000080648 _____ C:\Users\Debbie\Downloads\5th Annual Memorial Ride for Mason Avery Mitchell (1).pdf
2021-09-27 11:44 - 2021-09-27 11:44 - 000080648 _____ C:\Users\Debbie\Downloads\5th Annual Memorial Ride for Mason Avery Mitchell.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-21 16:40 - 2021-06-01 11:26 - 000030624 _____ C:\Users\Debbie\Downloads\FRST.txt
2021-10-21 16:40 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-10-21 16:39 - 2021-06-01 11:26 - 000000000 ____D C:\FRST
2021-10-21 16:37 - 2021-06-01 11:30 - 000034003 _____ C:\Users\Debbie\Downloads\Addition.txt
2021-10-21 16:25 - 2019-09-12 18:42 - 000000000 ____D C:\Program Files (x86)\Google
2021-10-21 16:24 - 2020-08-27 17:20 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-10-21 14:11 - 2020-08-27 17:50 - 000004170 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronizatio n-{46199E18-599D-4060-9554-AECE3B7CD090}
2021-10-21 08:28 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-10-21 08:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-10-20 19:55 - 2021-07-27 09:45 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-10-18 22:48 - 2021-09-14 10:02 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2021-10-17 21:10 - 2020-08-27 17:50 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-10-17 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-10-17 18:21 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-10-16 09:30 - 2020-03-16 02:08 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-10-16 09:30 - 2020-03-16 02:08 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-10-16 08:19 - 2020-08-27 17:50 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3358373597-1690568811-3966139131-1001
2021-10-16 08:19 - 2020-08-27 17:25 - 000002386 _____ C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\OneDrive.lnk
2021-10-13 22:12 - 2021-07-19 11:58 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-10-13 22:11 - 2021-07-27 10:23 - 000002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2021-10-13 22:11 - 2021-07-27 10:23 - 000002103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2021-10-13 19:10 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-10-13 18:28 - 2019-09-12 18:43 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-13 18:28 - 2019-09-12 18:43 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-10-13 18:23 - 2021-07-19 11:57 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-10-13 18:20 - 2020-08-27 17:50 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskM achineUA
2021-10-13 18:20 - 2020-08-27 17:50 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineU A
2021-10-13 18:20 - 2020-08-27 17:50 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskM achineCore
2021-10-13 18:20 - 2020-08-27 17:50 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineC ore
2021-10-13 18:15 - 2021-07-27 09:53 - 000000000 ___RD C:\Users\Debbie\Creative Cloud Files
2021-10-13 18:13 - 2020-08-27 17:33 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-10-13 18:11 - 2021-04-06 12:27 - 000000000 ____D C:\WINDOWS\system32\Tasks\Wavesor Software_S-1-5-21-3358373597-1690568811-3966139131-1001
2021-10-13 18:11 - 2021-04-06 12:25 - 000000000 ____D C:\Users\Debbie\Wavesor Software
2021-10-13 18:07 - 2021-04-06 12:25 - 000003532 _____ C:\WINDOWS\system32\Tasks\WavesorSWUpdaterTaskUser S-1-5-21-3358373597-1690568811-3966139131-1001UA
2021-10-13 18:07 - 2021-04-06 12:25 - 000003264 _____ C:\WINDOWS\system32\Tasks\WavesorSWUpdaterTaskUser S-1-5-21-3358373597-1690568811-3966139131-1001Core
2021-10-13 18:07 - 2021-04-06 11:18 - 000002700 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 2
2021-10-13 18:07 - 2021-04-06 11:18 - 000002698 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 3
2021-10-13 18:07 - 2021-04-06 11:18 - 000002698 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 1
2021-10-13 18:07 - 2020-08-27 17:50 - 000003502 _____ C:\WINDOWS\system32\Tasks\EPSON XP-430 Series Update {4096E76B-F21C-4D1E-96D3-5B18C92C0122}
2021-10-13 18:07 - 2020-08-27 17:50 - 000003058 _____ C:\WINDOWS\system32\Tasks\BA Scheduler
2021-10-13 18:07 - 2020-08-27 17:50 - 000002482 _____ C:\WINDOWS\system32\Tasks\Quick Driver Updater skipuac
2021-10-13 18:07 - 2020-04-05 13:08 - 000000951 _____ C:\WINDOWS\Tasks\EPSON XP-430 Series Update {4096E76B-F21C-4D1E-96D3-5B18C92C0122}.job
2021-10-13 18:07 - 2019-10-18 19:41 - 000000000 ____D C:\ProgramData\AVAST Software
2021-10-13 18:06 - 2020-08-27 17:20 - 000280040 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-10-13 18:05 - 2020-08-27 17:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-10-13 18:05 - 2020-08-27 17:20 - 000008192 ___SH C:\DumpStack.log.tmp
2021-10-13 18:03 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-10-13 18:02 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-10-13 18:02 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-10-13 18:01 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-10-13 18:01 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-10-13 18:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-10-13 18:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-10-13 18:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-10-13 18:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-10-13 18:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-10-13 06:48 - 2019-08-13 16:59 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-10-13 06:44 - 2019-08-13 16:58 - 139806512 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-10-07 22:46 - 2021-04-06 12:27 - 000002297 _____ C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\WaveBrowser.lnk
2021-10-07 18:21 - 2021-07-27 09:40 - 000000000 ____D C:\Program Files\Adobe
2021-10-06 18:22 - 2021-07-27 09:45 - 000001346 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2021-10-06 18:22 - 2021-07-27 09:45 - 000001316 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2021-10-06 18:22 - 2021-07-27 09:40 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-10-06 18:22 - 2021-07-19 11:56 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-10-05 18:05 - 2021-07-27 09:49 - 000003522 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-10-03 01:08 - 2021-05-24 14:56 - 000021936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2021-10-03 01:08 - 2020-09-21 18:45 - 000184640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-10-03 01:08 - 2020-06-14 19:24 - 000557152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-10-03 01:08 - 2020-06-14 19:24 - 000538480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-10-03 01:08 - 2020-06-14 19:24 - 000328568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-10-03 01:08 - 2020-06-14 19:24 - 000250408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-10-03 01:08 - 2020-06-14 19:24 - 000107864 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-10-03 01:08 - 2020-06-14 19:24 - 000099368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-10-03 01:08 - 2020-06-14 19:24 - 000082912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-10-03 01:08 - 2020-06-14 19:24 - 000041368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-10-03 01:08 - 2019-12-07 05:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-10-03 01:07 - 2020-06-14 19:24 - 000851712 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-10-03 01:07 - 2020-06-14 19:24 - 000369176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-10-03 01:07 - 2020-06-14 19:24 - 000221600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-10-03 01:07 - 2020-06-14 19:24 - 000035720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2021-10-01 06:01 - 2021-01-22 04:33 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-27 13:31 - 2020-08-27 17:50 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-09-27 11:56 - 2020-08-27 17:25 - 000000000 ____D C:\Users\Debbie
2021-09-27 11:48 - 2019-10-18 19:51 - 000000000 ____D C:\Users\Debbie\AppData\Local\CrashDumps

==================== Files in the root of some directories ========

2021-07-27 09:55 - 2021-07-27 09:55 - 000000000 _____ () C:\Users\Debbie\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Reply With Quote
  #19  
Old October 23rd, 2021, 12:44 PM
littleone littleone is offline
Senior Member
 
Join Date: Aug 2017
Posts: 157
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-10-2021
Ran by Debbie (administrator) on DESKTOP-ELI7VR8 (Dell Inc. OptiPlex 790) (21-10-2021 16:39:06)
Running from C:\Users\Debbie\Downloads
Loaded Profiles: Debbie
Platform: Microsoft Windows 10 Home Version 21H1 19043.1288 (X64) Language: English (United States)
Default browser: IE
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe <2>
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Inc. -> Adobe) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\RemoteComponents\UPI\ExManCoreLib\AdobeExte nsionsService.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4. 0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_ x86__enpm4xejd91yc\AdobeNotificationClient.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0 _x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <6>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(Corel Corporation -> WinZip Computing) C:\Program Files\WinZip\WzPreloader.exe
(Corel Corporation -> WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <31>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler. exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler6 4.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee Security Scan\3.11.2296\SSScheduler.exe
(McAfee, LLC -> McAfee, LLC.) C:\Program Files (x86)\McAfee\McAfee Safe Connect\SafeConnect.ServiceHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\CSP\3.4.105.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2109.6 305.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_16005.14326.20520.0_x64__8wekyb3d8bbwe\HxOutlo ok.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_16005.14326.20520.0_x64__8wekyb3d8bbwe\HxTsr.e xe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.100 1.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.ex e
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRu ntime.exe
(OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YARNPAE. EXE
(Wavesor Software -> Wavesor Software) C:\Users\Debbie\Wavesor Software\SWUpdater\1.3.109.0\SWUpdaterCrashHandler .exe
(Wavesor Software -> Wavesor Software) C:\Users\Debbie\Wavesor Software\SWUpdater\1.3.109.0\SWUpdaterCrashHandler 64.exe
(Wavesor Software -> Wavesor Software) C:\Users\Debbie\Wavesor Software\WaveBrowser\wavebrowser.exe <10>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [134936 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3952096 2020-03-11] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436704 2020-09-25] (Corel Corporation -> WinZip Computing, S.L.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5267168 2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [781552 2021-10-06] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\Run: [EPSDNMON] => ""
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\Run: [Wavesor SWUpdater] => C:\Users\Debbie\Wavesor Software\SWUpdater\1.3.109.0\SWUpdaterCore.exe [210064 2021-08-23] (Wavesor Software -> Wavesor Software)
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5397216 2021-10-05] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5397216 2021-10-05] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe [2766064 2021-10-06] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Debbie\AppData\Local\Microsoft\OneDrive\ Update\OneDriveSetup.exe"
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Debbie\AppData\Local\Microsoft\OneDrive\ StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\RunOnce: [Uninstall 21.180.0905.0007] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Debbie\AppData\Local\Microsoft\OneDrive\ 21.180.0905.0007"
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [65160 2021-06-27] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\EPSON XP-430 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBPAE.DLL [180224 2014-03-05] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\94.0.4606.81\Insta ller\chrmstp.exe [2021-10-13] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2021-09-14]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.2296\SSScheduler.exe (McAfee, LLC -> McAfee, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2021-04-06]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00C3A446-5C9F-4B64-8C4B-8A74992976FB} - System32\Tasks\EPSON XP-430 Series Update {4096E76B-F21C-4D1E-96D3-5B18C92C0122} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSPAE.E XE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {11BC88AB-253F-463C-9839-BFC664239DAA} - System32\Tasks\WavesorSWUpdaterTaskUserS-1-5-21-3358373597-1690568811-3966139131-1001Core => C:\Users\Debbie\Wavesor Software\SWUpdater\SWUpdater.exe [107608 2021-04-06] (Wavesor Software -> Wavesor Software)
Task: {14F842F3-E167-40CF-9A23-6CBFAF7C3EDA} - System32\Tasks\WavesorSWUpdaterTaskUserS-1-5-21-3358373597-1690568811-3966139131-1001UA => C:\Users\Debbie\Wavesor Software\SWUpdater\SWUpdater.exe [107608 2021-04-06] (Wavesor Software -> Wavesor Software)
Task: {22F11743-5FE8-4611-A5C2-12B8F6F58F38} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {27A0CE13-F160-45C2-95CD-5E94CAAF909E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-12] (Google Inc -> Google LLC)
Task: {2D0E9BC2-E25F-4440-AEB5-8D2C78D06A25} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {49281A4F-475D-43B9-803B-4EA453285A8D} - System32\Tasks\Quick Driver Updater skipuac => C:\Program Files\Quick Driver Updater\qdu.exe [4183136 2020-05-11] (DIGITAL PROTECTION SERVICES S.R.L. -> Digital Protection Services S.R.L)
Task: {4B238893-8C9F-4EE3-8ED0-1D15A0A6FEF9} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {52DF8A8D-DAD3-4131-B6E8-F8D220C9AB2A} - System32\Tasks\BA Scheduler => powershell.exe -WindowStyle Hidden -ExecutionPolicy bypass -c "$env:COMPLUS_version='v4.0.30319';&powershell{$w= "$env:APPDATA"+'\Browser Assistant\';[Reflection.Assembly]::Load([System.IO.File]::ReadAllBytes($w+'Updater.dll'));$i=new-object u.U;$i.ST()}" <==== ATTENTION
Task: {5BE3E93F-D035-437F-A554-BE93865CE7B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-12] (Google Inc -> Google LLC)
Task: {8166F735-585E-49C0-89AD-658E2F0F9A2D} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {9F9FDCA7-65F7-4D42-8AEA-9E303D59C312} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-04-30] (Avast Software s.r.o. -> Avast Software)
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Acrobat Update Task" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\AdobeGCInvoker-1.0" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\BA Scheduler" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\EPSON XP-430 Series Update {4096E76B-F21C-4D1E-96D3-5B18C92C0122}" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-3358373597-1690568811-3966139131-1001" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\Quick Driver Updater skipuac" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{46199E18-599D-4060-9554-AECE3B7CD090}" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\WavesorSWUpdaterTaskUserS-1-5-21-3358373597-1690568811-3966139131-1001Core" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\WavesorSWUpdaterTaskUserS-1-5-21-3358373597-1690568811-3966139131-1001UA" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\WinZip Update Notifier 1" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\WinZip Update Notifier 2" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN "\WinZip Update Notifier 3" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(17): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {A6DE2D4C-BD7A-4611-8C7A-72FB8D7256F1} - System32\Tasks\NCH Software\InventoriaSchedBackup => C:\Program Files (x86)\NCH Software\Inventoria\Inventoria.exe [1771592 2020-05-15] (NCH Software, Inc. -> NCH Software)
Task: {B619201D-1F8B-42ED-8ABF-EB18029BD895} - System32\Tasks\Wavesor Software_S-1-5-21-3358373597-1690568811-3966139131-1001\WaveBrowser-StartAtLogin => C:\Users\Debbie\Wavesor Software\WaveBrowser\wavebrowser.exe [2240144 2021-09-28] (Wavesor Software -> Wavesor Software)
Task: {D8AF7D68-80A1-4963-AB2C-CA01A71E0568} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4929304 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
Task: {E12154D5-728C-4DC3-92E3-FDEAE3D18252} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask .job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\EPSON XP-430 Series Update {4096E76B-F21C-4D1E-96D3-5B18C92C0122}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSPAE.E XE:/EXE:{4096E76B-F21C-4D1E-96D3-5B18C92C0122} /F:UpdateWORKGROUP\DESKTOP-ELI7VR8$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{ef7a85fb-3144-4027-9b39-96105a998004}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Debbie\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-17]

FireFox:
========
FF DefaultProfile: 4oh45ttj.default
FF ProfilePath: C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Pr ofiles\4oh45ttj.default [2021-07-11]
FF ProfilePath: C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Pr ofiles\jtavwzjp.default-release [2021-03-22]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_ex tn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_ex tn\adobe_acrobat-1.0-windows.xpi [2021-06-26]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_ex tn\adobe_acrobat-1.0-windows.xpi
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-10-06] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-10-06] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default [2021-10-21]
CHR Notifications: Default -> hxxps//apps4u.store; hxxps//mail.google.com; hxxps//www.directhit.com; hxxps//www.facebook.com; hxxps//www.wish.com
CHR Extension: (Slides) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2021-08-11]
CHR Extension: (Docs) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2019-09-12]
CHR Extension: (Google Drive) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2020-10-31]
CHR Extension: (YouTube) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2019-09-12]
CHR Extension: (Adobe Acrobat) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefi ndmkaj [2021-10-20]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihc jkigck [2021-10-13]
CHR Extension: (Sheets) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2019-09-12]
CHR Extension: (Google Docs Offline) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2021-10-19]
CHR Extension: (securyBrowse) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kojidghikgbmicmgpmcdfallpa caanel [2021-06-03]
CHR Extension: (AVG SafePrice | Comparison, deals, coupons) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcigh gikkgn [2021-08-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2021-02-09]
CHR Extension: (Browser Checkup for Chrome by Doctor) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\okjdbeegldeilceaflghgfdemo bmfhbd [2021-07-08]
CHR Extension: (Gmail) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2020-10-31]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [844528 2021-10-06] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3833088 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3603200 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8323664 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [630040 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [377624 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
S3 InventoriaService; C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe [1771592 2020-05-15] (NCH Software, Inc. -> NCH Software)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7265328 2020-10-31] (Malwarebytes Inc -> Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.2296\McCHSvc.exe [416752 2021-09-03] (McAfee, LLC -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.4.105.0\\McCSPServiceHost.exe [2687856 2020-01-25] (McAfee, LLC. -> McAfee, LLC.)
R2 SafeConnectService; C:\Program Files (x86)\McAfee\McAfee Safe Connect\SafeConnect.ServiceHost.exe [31968 2021-05-26] (McAfee, LLC -> McAfee, LLC.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2020-01-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2020-01-15] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35720 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [221600 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [369176 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250408 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99368 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [21936 2021-10-03] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41368 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [184640 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [538480 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107864 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82912 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851712 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [557152 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215392 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [328568 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [217600 2021-06-02] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-10-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2021-06-06] (Malwarebytes Inc -> Malwarebytes)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2021-05-26] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50688 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2020-01-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2020-01-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2020-01-15] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-21 16:36 - 2021-10-21 16:38 - 000000338 _____ C:\Users\Debbie\Desktop\fixlist.txt
2021-10-21 14:59 - 2021-10-21 14:59 - 002310656 _____ (Farbar) C:\Users\Debbie\Downloads\FRST64 (14).exe
2021-10-21 14:59 - 2021-10-21 14:59 - 000001492 _____ C:\Users\Debbie\Desktop\FRST64 (14) - Shortcut.lnk
2021-10-21 14:58 - 2021-10-21 14:58 - 002310656 _____ (Farbar) C:\Users\Debbie\Downloads\FRST64 (13).exe
2021-10-19 10:26 - 2021-10-19 10:26 - 002310656 _____ (Farbar) C:\Users\Debbie\Downloads\FRST64 (12).exe
2021-10-19 10:21 - 2021-10-19 10:21 - 000000579 _____ C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\FRST.lnk
2021-10-18 17:29 - 2021-10-18 17:29 - 002310656 _____ (Farbar) C:\Users\Debbie\Downloads\FRST64 (11).exe
2021-10-18 17:28 - 2021-10-18 17:28 - 002019328 _____ (Farbar) C:\Users\Debbie\Downloads\FRST (5).exe
2021-10-18 17:27 - 2021-10-18 17:28 - 002019328 _____ (Farbar) C:\Users\Debbie\Downloads\FRST (4).exe
2021-10-18 17:27 - 2021-10-18 17:27 - 002310656 _____ (Farbar) C:\Users\Debbie\Downloads\FRST64 (10).exe
2021-10-13 07:40 - 2021-10-13 07:40 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2021-10-13 07:40 - 2021-10-13 07:40 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2021-10-13 07:39 - 2021-10-13 07:39 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-10-13 07:39 - 2021-10-13 07:39 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-10-13 07:39 - 2021-10-13 07:39 - 000011495 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-10-13 07:38 - 2021-10-13 07:38 - 001823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-10-13 07:38 - 2021-10-13 07:38 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-10-13 07:38 - 2021-10-13 07:38 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-10-13 07:38 - 2021-10-13 07:38 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-10-13 07:37 - 2021-10-13 07:37 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-10-13 07:37 - 2021-10-13 07:37 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-10-13 07:37 - 2021-10-13 07:37 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjec ts.dll
2021-10-13 07:37 - 2021-10-13 07:37 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-10-13 07:05 - 2021-10-13 07:05 - 000000000 ___HD C:\$WinREAgent
2021-10-07 22:43 - 2021-10-07 22:43 - 000956512 _____ (Wavesor Software) C:\Users\Debbie\Downloads\Wave Browser (2).exe
2021-10-07 22:42 - 2021-10-07 22:43 - 000956512 _____ (Wavesor Software) C:\Users\Debbie\Downloads\Wave Browser (1).exe
2021-10-07 22:42 - 2021-10-07 22:42 - 000956512 _____ (Wavesor Software) C:\Users\Debbie\Downloads\Wave Browser.exe
2021-10-03 01:08 - 2021-10-03 01:08 - 000340248 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-10-03 01:08 - 2021-10-03 01:08 - 000215392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-09-27 12:29 - 2021-09-27 12:29 - 000082208 _____ C:\Users\Debbie\Downloads\5th Annual Memorial Ride for Mason Avery Mitchell (3).pdf
2021-09-27 11:53 - 2021-09-27 11:53 - 000081848 _____ C:\Users\Debbie\Downloads\5th Annual Memorial Ride for Mason Avery Mitchell (2).pdf
2021-09-27 11:45 - 2021-09-27 11:45 - 000080648 _____ C:\Users\Debbie\Downloads\5th Annual Memorial Ride for Mason Avery Mitchell (1).pdf
2021-09-27 11:44 - 2021-09-27 11:44 - 000080648 _____ C:\Users\Debbie\Downloads\5th Annual Memorial Ride for Mason Avery Mitchell.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-21 16:40 - 2021-06-01 11:26 - 000030624 _____ C:\Users\Debbie\Downloads\FRST.txt
2021-10-21 16:40 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-10-21 16:39 - 2021-06-01 11:26 - 000000000 ____D C:\FRST
2021-10-21 16:37 - 2021-06-01 11:30 - 000034003 _____ C:\Users\Debbie\Downloads\Addition.txt
2021-10-21 16:25 - 2019-09-12 18:42 - 000000000 ____D C:\Program Files (x86)\Google
2021-10-21 16:24 - 2020-08-27 17:20 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-10-21 14:11 - 2020-08-27 17:50 - 000004170 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronizatio n-{46199E18-599D-4060-9554-AECE3B7CD090}
2021-10-21 08:28 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-10-21 08:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-10-20 19:55 - 2021-07-27 09:45 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-10-18 22:48 - 2021-09-14 10:02 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2021-10-17 21:10 - 2020-08-27 17:50 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-10-17 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-10-17 18:21 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-10-16 09:30 - 2020-03-16 02:08 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-10-16 09:30 - 2020-03-16 02:08 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-10-16 08:19 - 2020-08-27 17:50 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3358373597-1690568811-3966139131-1001
2021-10-16 08:19 - 2020-08-27 17:25 - 000002386 _____ C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\OneDrive.lnk
2021-10-13 22:12 - 2021-07-19 11:58 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-10-13 22:11 - 2021-07-27 10:23 - 000002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2021-10-13 22:11 - 2021-07-27 10:23 - 000002103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2021-10-13 19:10 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-10-13 18:28 - 2019-09-12 18:43 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-13 18:28 - 2019-09-12 18:43 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-10-13 18:23 - 2021-07-19 11:57 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-10-13 18:20 - 2020-08-27 17:50 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskM achineUA
2021-10-13 18:20 - 2020-08-27 17:50 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineU A
2021-10-13 18:20 - 2020-08-27 17:50 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskM achineCore
2021-10-13 18:20 - 2020-08-27 17:50 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineC ore
2021-10-13 18:15 - 2021-07-27 09:53 - 000000000 ___RD C:\Users\Debbie\Creative Cloud Files
2021-10-13 18:13 - 2020-08-27 17:33 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-10-13 18:11 - 2021-04-06 12:27 - 000000000 ____D C:\WINDOWS\system32\Tasks\Wavesor Software_S-1-5-21-3358373597-1690568811-3966139131-1001
2021-10-13 18:11 - 2021-04-06 12:25 - 000000000 ____D C:\Users\Debbie\Wavesor Software
2021-10-13 18:07 - 2021-04-06 12:25 - 000003532 _____ C:\WINDOWS\system32\Tasks\WavesorSWUpdaterTaskUser S-1-5-21-3358373597-1690568811-3966139131-1001UA
2021-10-13 18:07 - 2021-04-06 12:25 - 000003264 _____ C:\WINDOWS\system32\Tasks\WavesorSWUpdaterTaskUser S-1-5-21-3358373597-1690568811-3966139131-1001Core
2021-10-13 18:07 - 2021-04-06 11:18 - 000002700 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 2
2021-10-13 18:07 - 2021-04-06 11:18 - 000002698 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 3
2021-10-13 18:07 - 2021-04-06 11:18 - 000002698 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 1
2021-10-13 18:07 - 2020-08-27 17:50 - 000003502 _____ C:\WINDOWS\system32\Tasks\EPSON XP-430 Series Update {4096E76B-F21C-4D1E-96D3-5B18C92C0122}
2021-10-13 18:07 - 2020-08-27 17:50 - 000003058 _____ C:\WINDOWS\system32\Tasks\BA Scheduler
2021-10-13 18:07 - 2020-08-27 17:50 - 000002482 _____ C:\WINDOWS\system32\Tasks\Quick Driver Updater skipuac
2021-10-13 18:07 - 2020-04-05 13:08 - 000000951 _____ C:\WINDOWS\Tasks\EPSON XP-430 Series Update {4096E76B-F21C-4D1E-96D3-5B18C92C0122}.job
2021-10-13 18:07 - 2019-10-18 19:41 - 000000000 ____D C:\ProgramData\AVAST Software
2021-10-13 18:06 - 2020-08-27 17:20 - 000280040 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-10-13 18:05 - 2020-08-27 17:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-10-13 18:05 - 2020-08-27 17:20 - 000008192 ___SH C:\DumpStack.log.tmp
2021-10-13 18:03 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-10-13 18:02 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-10-13 18:02 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-10-13 18:01 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-10-13 18:01 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-10-13 18:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-10-13 18:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-10-13 18:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-10-13 18:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-10-13 18:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-10-13 06:48 - 2019-08-13 16:59 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-10-13 06:44 - 2019-08-13 16:58 - 139806512 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-10-07 22:46 - 2021-04-06 12:27 - 000002297 _____ C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\WaveBrowser.lnk
2021-10-07 18:21 - 2021-07-27 09:40 - 000000000 ____D C:\Program Files\Adobe
2021-10-06 18:22 - 2021-07-27 09:45 - 000001346 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2021-10-06 18:22 - 2021-07-27 09:45 - 000001316 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2021-10-06 18:22 - 2021-07-27 09:40 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-10-06 18:22 - 2021-07-19 11:56 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-10-05 18:05 - 2021-07-27 09:49 - 000003522 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-10-03 01:08 - 2021-05-24 14:56 - 000021936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2021-10-03 01:08 - 2020-09-21 18:45 - 000184640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-10-03 01:08 - 2020-06-14 19:24 - 000557152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-10-03 01:08 - 2020-06-14 19:24 - 000538480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-10-03 01:08 - 2020-06-14 19:24 - 000328568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-10-03 01:08 - 2020-06-14 19:24 - 000250408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-10-03 01:08 - 2020-06-14 19:24 - 000107864 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-10-03 01:08 - 2020-06-14 19:24 - 000099368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-10-03 01:08 - 2020-06-14 19:24 - 000082912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-10-03 01:08 - 2020-06-14 19:24 - 000041368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-10-03 01:08 - 2019-12-07 05:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-10-03 01:07 - 2020-06-14 19:24 - 000851712 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-10-03 01:07 - 2020-06-14 19:24 - 000369176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-10-03 01:07 - 2020-06-14 19:24 - 000221600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-10-03 01:07 - 2020-06-14 19:24 - 000035720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2021-10-01 06:01 - 2021-01-22 04:33 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-27 13:31 - 2020-08-27 17:50 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-09-27 11:56 - 2020-08-27 17:25 - 000000000 ____D C:\Users\Debbie
2021-09-27 11:48 - 2019-10-18 19:51 - 000000000 ____D C:\Users\Debbie\AppData\Local\CrashDumps

==================== Files in the root of some directories ========

2021-07-27 09:55 - 2021-07-27 09:55 - 000000000 _____ () C:\Users\Debbie\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Reply With Quote
  #20  
Old October 23rd, 2021, 12:45 PM
littleone littleone is offline
Senior Member
 
Join Date: Aug 2017
Posts: 157
2nd time

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2021
Ran by Debbie (21-10-2021 16:41:07)
Running from C:\Users\Debbie\Downloads
Microsoft Windows 10 Home Version 21H1 19043.1288 (X64) (2020-08-27 21:52:13)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3358373597-1690568811-3966139131-500 - Administrator - Disabled)
Debbie (S-1-5-21-3358373597-1690568811-3966139131-1001 - Administrator - Enabled) => C:\Users\Debbie
DefaultAccount (S-1-5-21-3358373597-1690568811-3966139131-503 - Limited - Disabled)
Guest (S-1-5-21-3358373597-1690568811-3966139131-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3358373597-1690568811-3966139131-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Total AV (Disabled - Out of date) {AC3490DF-B2AE-610F-9290-A5E6E0CD5323}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.6.0.788 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 21.8.2487 - Avast Software)
Direct Game UNI Installer (HKLM-x32\...\{7CE79E81-562B-4252-93D7-C6FF8F18FE9C}) (Version: 1.0.23 - GamesLOL)
EdrawMax(Build 10.0.4.776) (HKLM-x32\...\{037BAB81-3DF7-4381-A72C-A26B57C03548}_is1) (Version: 10.0.4.776 - EdrawSoft Co.,Ltd.)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.1 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{FFA5C174-DB3F-4AFE-B59D-C0FB1744CD76}) (Version: 3.1.0.0 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{28C66F35-69BF-4376-BC80-4D5F4808FF3C}) (Version: 4.6.1 - Seiko Epson Corporation)
EPSON XP-430 Series Printer Uninstall (HKLM\...\EPSON XP-430 Series) (Version: - Seiko Epson Corporation)
Free DVD Player version 6.6.8 (HKLM-x32\...\Free DVD Player_is1) (Version: 6.6.8 - ShiningSoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 94.0.4606.81 - Google LLC)
IEBrowserAssistant (HKLM-x32\...\{BC63C727-3079-49AA-876A-8E459D35CB72}) (Version: 1.0.0 - Realistic Media Inc.)
Inventoria Stock Manager (HKLM-x32\...\Inventoria) (Version: 7.04 - NCH Software)
Malwarebytes version 4.2.2.95 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.2.95 - Malwarebytes)
McAfee Safe Connect (HKLM-x32\...\{2973b354-fb68-4cf9-a20a-5bf99895504b}) (Version: 2.13 - McAfee, LLC.)
McAfee Safe Connect (HKLM-x32\...\{FA376988-2613-43B7-8BFC-91D8DC165F14}) (Version: 2.13 - McAfee, LLC.) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.2296.1 - McAfee, LLC)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 94.0.992.50 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\OneDriveSetup.exe) (Version: 21.196.0921.0007 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Quick Driver Updater (HKLM\...\{1745FA8E-3AEE-4239-A380-89B8F6EDB642}_is1) (Version: 1.0.0.5 - Digital Protection Services S.R.L)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}) (Version: 8.0.0.35 - GRISOFT, s.r.o.)
WaveBrowser (HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\WaveBrowser) (Version: 1.1.3.4 - Wavesor Software)
WinZip 25.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2412F}) (Version: 25.0.14273 - Corel Corporation)

Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4. 0_x86__e1rzdqpraam7r [2021-07-27] (Adobe Systems Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_ x86__enpm4xejd91yc [2021-07-27] (Adobe Systems Incorporated)
Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3 .10.1036.0_x64__22t9g3sebte08 [2021-10-01] (AMZN Mobile LLC.) [Startup Task]
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.67. 3.0_x86__kgqvnymyfvs32 [2021-10-21] (king.com)
Dell SupportAssist for PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_ 3.3.8.0_x64__htrsf667h5kn2 [2019-11-26] (Dell Inc)
DVD Player - FREE -> C:\Program Files\WindowsApps\21336V3TApps.DVDPlayer-FREE_1.1.7.0_x86__bzg06mxvgh4fa [2021-10-11] (V3TApps)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.68.6.0 _x86__kgqvnymyfvs32 [2021-10-08] (king.com)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x64__8wekyb3d8bbwe [2019-08-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x86__8wekyb3d8bbwe [2019-08-13] (Microsoft Corporation) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_4.0.1 1030.0_x64__8wekyb3d8bbwe [2020-11-22] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireColl ection_4.10.9220.0_x64__8wekyb3d8bbwe [2021-10-10] (Microsoft Studios) [MS Ad]
Nero DVD Player -> C:\Program Files\WindowsApps\NeroAG.NeroDVDPlayer_1.0.25.0_x8 6__k5ye2zvjqqeaw [2021-09-28] (NeroAG)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Mai n_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_ 1.0.0.0_x64__8wekyb3d8bbwe [2020-04-07] (Microsoft Corporation)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0 _x86__e1rzdqpraam7r [2021-07-19] (Adobe Systems Incorporated)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610 .0_x86__zpdnekdrzrea0 [2021-10-13] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-71A484481361} -> [Creative Cloud Files] => C:\Users\Debbie\Creative Cloud Files [2021-07-27 09:53]
CustomCLSID: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001_Classes\CLSID\{9CD78CBC-FD21-4FFF-B452-9D792A58B7C4}\localserver32 -> C:\Users\Debbie\Wavesor Software\WaveBrowser\1.1.3.4\notification_helper.e xe (Wavesor Software -> Wavesor Software)
CustomCLSID: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001_Classes\CLSID\{C5596523-009B-41A7-AB11-BCA2274BDCDB}\InprocServer32 -> C:\Users\Debbie\Wavesor Software\SWUpdater\1.3.109.0\psuser_64.dll (Wavesor Software -> Wavesor Software)
CustomCLSID: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
CustomCLSID: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32 -> C:\Users\Debbie\Wavesor Software\SWUpdater\1.3.109.0\psuser_64.dll (Wavesor Software -> Wavesor Software)
CustomCLSID: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 -> C:\Users\Debbie\Wavesor Software\SWUpdater\1.3.109.0\psuser_64.dll (Wavesor Software -> Wavesor Software)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-03] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-09-09] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-25] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-25] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-09-09] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-25] (Corel Corporation -> WinZip Computing)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Debbie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Googl e Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2015-12-17 11:11 - 2015-12-17 11:11 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
BHO: IEBrowserAssistant -> {2421CBA2-89B7-4734-8438-49E0D7EB8A75} -> C:\Users\Debbie\AppData\Roaming\IEBrowserAssistant \adxloader64.dll [2018-11-13] (Default Company) [File not signed]
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavSt ub.dll [2021-06-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavSt ub.dll [2021-06-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: IEBrowserAssistant -> {2421CBA2-89B7-4734-8438-49E0D7EB8A75} -> C:\Users\Debbie\AppData\Roaming\IEBrowserAssistant \adxloader.dll [2018-11-13] (Default Company) [File not signed]
BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.d ll [2021-06-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.d ll [2021-06-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavSt ub.dll [2021-06-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.d ll [2021-06-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavSt ub.dll [2021-06-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 00:49 - 2021-09-14 10:02 - 000000893 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.1 scinstallcheck.mcafee.com
0.0.0.1 mssplus.mcafee.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Debbie\Desktop\67702742_10211103468221886 _5226150221913784320_n.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EDE300A4-4668-487C-80BF-7ED7CB87CCE2}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{AA880568-314B-4828-A4EE-91C38FD10C0D}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{21D7B6EA-61B9-4BAE-A031-21BFCE3B3839}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{3953B7E4-57BB-4E11-B665-3F60D3482BB0}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{AE6CCC3F-7752-4CC0-AB94-B2695D0E9798}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [TCP Query User{18FC0007-2E32-4170-81CB-50B2131A1229}C:\program files\avast software\avast\avastui.exe] => (Allow) C:\program files\avast software\avast\avastui.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [UDP Query User{25897CAB-D1C9-4915-974E-3219973E3636}C:\program files\avast software\avast\avastui.exe] => (Allow) C:\program files\avast software\avast\avastui.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [TCP Query User{F7840ABD-601B-4115-A3F0-40A62836C6F0}C:\users\debbie\wavesor software\wavebrowser\wavebrowser.exe] => (Allow) C:\users\debbie\wavesor software\wavebrowser\wavebrowser.exe (Wavesor Software -> Wavesor Software)
FirewallRules: [UDP Query User{F4A2F4F4-F1AB-4483-BF0E-56066B3254E0}C:\users\debbie\wavesor software\wavebrowser\wavebrowser.exe] => (Allow) C:\users\debbie\wavesor software\wavebrowser\wavebrowser.exe (Wavesor Software -> Wavesor Software)
FirewallRules: [{21F49963-F940-4950-806E-28E87220E79A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x 86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D82A75F8-27F2-4BC0-9487-A09153ABEA2E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x 86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D27AF385-F640-4843-803A-284A47F2C4B2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x 86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EF620824-9DEE-4C9D-BA7C-BBF0C458F164}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x 86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{63C574FA-F792-40C3-B977-F18C83371366}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{D0464766-9694-4DAD-84DF-3400CBBFEA7E}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{78058847-D7F5-46FE-87E5-237255E3594F}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{46F05838-8B58-4B3F-9E48-1ADD3D05F47C}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{2E206628-959B-4D42-A65C-84FBDE9CC289}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5CB88FEF-4F16-495A-832B-5361E9FF39B7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A4A7F427-EE12-45F5-A1A2-4D4E3264402B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F9E3B79B-5498-4A08-8DA8-28FC65AABE06}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2D9AE26A-EBCC-40D0-A9A5-B8A436E9C54B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DE96FEDD-7F37-49BD-A16B-6F899114C366}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D372E75E-1F6F-458C-8FA9-8607798BF387}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{798C6BFF-5335-4E6D-9D39-02E35D36B98E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{69C6D0E0-3FE5-4DBD-B1B8-777847DA522A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

02-10-2021 19:40:43 Scheduled Checkpoint
11-10-2021 19:40:57 Scheduled Checkpoint
13-10-2021 06:48:18 Windows Modules Installer
13-10-2021 07:05:18 Windows Modules Installer
20-10-2021 18:06:56 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (10/16/2021 12:29:30 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (10/16/2021 12:06:52 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (10/08/2021 10:41:19 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (10/08/2021 10:25:16 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (10/06/2021 06:24:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdobeNotificationClient.exe version 5.2.0.121 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2b28

Start Time: 01d7aa7b3103ae0c

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_ x86__enpm4xejd91yc\AdobeNotificationClient.exe

Report Id: d5e8b78c-72b7-447c-a403-fbed0f6cec14

Faulting package full name: AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc

Faulting package-relative application ID: App

Hang type: Quiesce

Error: (10/01/2021 11:08:29 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (10/01/2021 10:53:54 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (09/27/2021 11:47:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AcroRd32.exe, version: 21.7.20091.59174, time stamp: 0x613991a9
Faulting module name: AcroRd32.dll, version: 21.7.20091.59174, time stamp: 0x613991a6
Exception code: 0xc0000005
Fault offset: 0x001290c2
Faulting process id: 0x3a60
Faulting application start time: 0x01d7b3b6e2ecf180
Faulting application path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Faulting module path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
Report Id: 5386e006-897f-4c21-bc45-322e553aeece
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (10/13/2021 06:13:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee CSP Service service hung on starting.

Error: (10/13/2021 05:59:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ELI7VR8)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (10/13/2021 05:59:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ELI7VR8)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (10/13/2021 05:59:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ELI7VR8)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (10/13/2021 05:59:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ELI7VR8)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (10/13/2021 05:59:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ELI7VR8)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (10/13/2021 05:59:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ELI7VR8)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (10/13/2021 05:59:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ELI7VR8)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.


CodeIntegrity:
===============
Date: 2021-10-21 12:28:37
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\x86\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2021-10-21 08:24:53
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost. exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. A11 12/30/2011
Motherboard: Dell Inc. 0D28YY
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 69%
Total physical RAM: 8073.05 MB
Available physical RAM: 2464.02 MB
Total Virtual: 13193.05 MB
Available Virtual: 6092.26 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.19 GB) (Free:401.36 GB) NTFS
Drive e: (662PPGOLD_BGS) (CDROM) (Total:0.45 GB) (Free:0 GB) CDFS

\\?\Volume{ec7a2b63-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.57 GB) (Free:0.12 GB) NTFS

==================== MBR & Partition Table ====================

================================================== ========
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: EC7A2B63)
Partition 1: (Active) - (Size=579 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
Reply With Quote
  #21  
Old October 23rd, 2021, 12:48 PM
littleone littleone is offline
Senior Member
 
Join Date: Aug 2017
Posts: 157
now i cant get te fix list you gave me to work<<<idk
Reply With Quote
  #22  
Old October 23rd, 2021, 07:23 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,178
You can't just move frst to the desktop and use it there? Move it from the download folder?
Reply With Quote
  #23  
Old October 25th, 2021, 09:15 PM
littleone littleone is offline
Senior Member
 
Join Date: Aug 2017
Posts: 157
im using google and it is in file explorer I dont even know where to begin now when i move it it still says shortcut?
Reply With Quote
  #24  
Old October 25th, 2021, 09:22 PM
littleone littleone is offline
Senior Member
 
Join Date: Aug 2017
Posts: 157
now ts saying no fixlist found and it id on desktop also
Reply With Quote
  #25  
Old October 26th, 2021, 12:00 AM
littleone littleone is offline
Senior Member
 
Join Date: Aug 2017
Posts: 157
I savd the fixlog to the desktop also them i click on frst and hit fix and it says list needs to daved in same directory?
Reply With Quote
  #26  
Old October 26th, 2021, 02:31 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,178
Change Chrome download location.


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

---------------------------------------
  • Please open notepad (Start > All Programs > Accessories > Notepad)
  • Copy the entire contents of the code box below (Do not copy the word 'Quote') to Notepad.
  • Save it to the Desktop, and name it: fixlist.txt
Quote:
Start:
Hosts:
AV: Total AV (Disabled - Out of date) {AC3490DF-B2AE-610F-9290-A5E6E0CD5323}
McAfee Safe Connect (HKLM-x32\...\{2973b354-fb68-4cf9-a20a-5bf99895504b}) (Version: 2.13 - McAfee, LLC.)
McAfee Safe Connect (HKLM-x32\...\{FA376988-2613-43B7-8BFC-91D8DC165F14}) (Version: 2.13 - McAfee, LLC.) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.2296.1 - McAfee, LLC)
finish:
  • Running this on another computer may cause damage to the Operating System.
  • Now, please run FRST, and press theFix button, just once, and wait.
  • When done, the tool creates a report on the Desktop called: Fixlog.txt
>> Please post the Fixlog.txt in your reply.
Reply With Quote
  #27  
Old October 27th, 2021, 12:34 AM
littleone littleone is offline
Senior Member
 
Join Date: Aug 2017
Posts: 157
frst

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-10-2021
Ran by Debbie (administrator) on DESKTOP-ELI7VR8 (Dell Inc. OptiPlex 790) (26-10-2021 19:31:45)
Running from C:\Users\Debbie\Desktop
Loaded Profiles: Debbie
Platform: Microsoft Windows 10 Home Version 21H1 19043.1288 (X64) Language: English (United States)
Default browser: IE
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe <2>
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Inc. -> Adobe) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\RemoteComponents\UPI\ExManCoreLib\AdobeExte nsionsService.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4. 0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_ x86__enpm4xejd91yc\AdobeNotificationClient.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0 _x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <5>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(Corel Corporation -> WinZip Computing) C:\Program Files\WinZip\WzPreloader.exe
(Corel Corporation -> WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <47>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler. exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler6 4.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee Security Scan\3.11.2296\SSScheduler.exe
(McAfee, LLC -> McAfee, LLC.) C:\Program Files (x86)\McAfee\McAfee Safe Connect\SafeConnect.ServiceHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\CSP\3.4.105.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2109.6 305.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_16005.14326.20520.0_x64__8wekyb3d8bbwe\HxOutlo ok.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_16005.14326.20520.0_x64__8wekyb3d8bbwe\HxTsr.e xe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.100 1.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.ex e
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRu ntime.exe
(OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YARNPAE. EXE
(Wavesor Software -> Wavesor Software) C:\Users\Debbie\Wavesor Software\SWUpdater\1.3.109.0\SWUpdaterCrashHandler .exe
(Wavesor Software -> Wavesor Software) C:\Users\Debbie\Wavesor Software\SWUpdater\1.3.109.0\SWUpdaterCrashHandler 64.exe
(Wavesor Software -> Wavesor Software) C:\Users\Debbie\Wavesor Software\WaveBrowser\wavebrowser.exe <10>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [134936 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3952096 2020-03-11] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436704 2020-09-25] (Corel Corporation -> WinZip Computing, S.L.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5267168 2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [781552 2021-10-06] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\Run: [EPSDNMON] => ""
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\Run: [Wavesor SWUpdater] => C:\Users\Debbie\Wavesor Software\SWUpdater\1.3.109.0\SWUpdaterCore.exe [210064 2021-08-23] (Wavesor Software -> Wavesor Software)
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5397216 2021-10-05] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5397216 2021-10-05] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe [2766064 2021-10-06] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Debbie\AppData\Local\Microsoft\OneDrive\ Update\OneDriveSetup.exe"
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Debbie\AppData\Local\Microsoft\OneDrive\ StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\RunOnce: [Uninstall 21.180.0905.0007] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Debbie\AppData\Local\Microsoft\OneDrive\ 21.180.0905.0007"
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [65160 2021-06-27] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\EPSON XP-430 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBPAE.DLL [180224 2014-03-05] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\95.0.4638.54\Insta ller\chrmstp.exe [2021-10-25] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2021-09-14]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.2296\SSScheduler.exe (McAfee, LLC -> McAfee, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2021-04-06]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00C3A446-5C9F-4B64-8C4B-8A74992976FB} - System32\Tasks\EPSON XP-430 Series Update {4096E76B-F21C-4D1E-96D3-5B18C92C0122} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSPAE.E XE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {11BC88AB-253F-463C-9839-BFC664239DAA} - System32\Tasks\WavesorSWUpdaterTaskUserS-1-5-21-3358373597-1690568811-3966139131-1001Core => C:\Users\Debbie\Wavesor Software\SWUpdater\SWUpdater.exe [107608 2021-04-06] (Wavesor Software -> Wavesor Software)
Task: {14F842F3-E167-40CF-9A23-6CBFAF7C3EDA} - System32\Tasks\WavesorSWUpdaterTaskUserS-1-5-21-3358373597-1690568811-3966139131-1001UA => C:\Users\Debbie\Wavesor Software\SWUpdater\SWUpdater.exe [107608 2021-04-06] (Wavesor Software -> Wavesor Software)
Task: {22F11743-5FE8-4611-A5C2-12B8F6F58F38} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {27A0CE13-F160-45C2-95CD-5E94CAAF909E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-12] (Google Inc -> Google LLC)
Task: {2D0E9BC2-E25F-4440-AEB5-8D2C78D06A25} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {49281A4F-475D-43B9-803B-4EA453285A8D} - System32\Tasks\Quick Driver Updater skipuac => C:\Program Files\Quick Driver Updater\qdu.exe [4183136 2020-05-11] (DIGITAL PROTECTION SERVICES S.R.L. -> Digital Protection Services S.R.L)
Task: {4B238893-8C9F-4EE3-8ED0-1D15A0A6FEF9} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {52DF8A8D-DAD3-4131-B6E8-F8D220C9AB2A} - System32\Tasks\BA Scheduler => powershell.exe -WindowStyle Hidden -ExecutionPolicy bypass -c "$env:COMPLUS_version='v4.0.30319';&powershell{$w= "$env:APPDATA"+'\Browser Assistant\';[Reflection.Assembly]::Load([System.IO.File]::ReadAllBytes($w+'Updater.dll'));$i=new-object u.U;$i.ST()}" <==== ATTENTION
Task: {5BE3E93F-D035-437F-A554-BE93865CE7B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-12] (Google Inc -> Google LLC)
Task: {8166F735-585E-49C0-89AD-658E2F0F9A2D} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {9F9FDCA7-65F7-4D42-8AEA-9E303D59C312} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-04-30] (Avast Software s.r.o. -> Avast Software)
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Acrobat Update Task" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\AdobeGCInvoker-1.0" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\BA Scheduler" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\EPSON XP-430 Series Update {4096E76B-F21C-4D1E-96D3-5B18C92C0122}" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-3358373597-1690568811-3966139131-1001" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\Quick Driver Updater skipuac" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{46199E18-599D-4060-9554-AECE3B7CD090}" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\WavesorSWUpdaterTaskUserS-1-5-21-3358373597-1690568811-3966139131-1001Core" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\WavesorSWUpdaterTaskUserS-1-5-21-3358373597-1690568811-3966139131-1001UA" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\WinZip Update Notifier 1" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\WinZip Update Notifier 2" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN "\WinZip Update Notifier 3" /ENABLE
Task: {A09FBA7D-BFA4-4450-9A37-4DEA520A46D8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(17): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {A6DE2D4C-BD7A-4611-8C7A-72FB8D7256F1} - System32\Tasks\NCH Software\InventoriaSchedBackup => C:\Program Files (x86)\NCH Software\Inventoria\Inventoria.exe [1771592 2020-05-15] (NCH Software, Inc. -> NCH Software)
Task: {B619201D-1F8B-42ED-8ABF-EB18029BD895} - System32\Tasks\Wavesor Software_S-1-5-21-3358373597-1690568811-3966139131-1001\WaveBrowser-StartAtLogin => C:\Users\Debbie\Wavesor Software\WaveBrowser\wavebrowser.exe [2240144 2021-09-28] (Wavesor Software -> Wavesor Software)
Task: {D8AF7D68-80A1-4963-AB2C-CA01A71E0568} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4929304 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
Task: {E12154D5-728C-4DC3-92E3-FDEAE3D18252} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask .job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\EPSON XP-430 Series Update {4096E76B-F21C-4D1E-96D3-5B18C92C0122}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSPAE.E XE:/EXE:{4096E76B-F21C-4D1E-96D3-5B18C92C0122} /F:UpdateWORKGROUP\DESKTOP-ELI7VR8$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{ef7a85fb-3144-4027-9b39-96105a998004}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Debbie\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-25]

FireFox:
========
FF DefaultProfile: 4oh45ttj.default
FF ProfilePath: C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Pr ofiles\4oh45ttj.default [2021-07-11]
FF ProfilePath: C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Pr ofiles\jtavwzjp.default-release [2021-03-22]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_ex tn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_ex tn\adobe_acrobat-1.0-windows.xpi [2021-06-26]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_ex tn\adobe_acrobat-1.0-windows.xpi
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-10-06] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-10-06] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default [2021-10-26]
CHR DownloadDir: C:\Users\Debbie\Desktop
CHR Notifications: Default -> hxxps//apps4u.store; hxxps//mail.google.com; hxxps//www.directhit.com; hxxps//www.facebook.com; hxxps//www.wish.com
CHR Extension: (Slides) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2021-08-11]
CHR Extension: (Docs) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2019-09-12]
CHR Extension: (Google Drive) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2020-10-31]
CHR Extension: (YouTube) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2019-09-12]
CHR Extension: (Adobe Acrobat) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefi ndmkaj [2021-10-25]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihc jkigck [2021-10-13]
CHR Extension: (Sheets) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2019-09-12]
CHR Extension: (Google Docs Offline) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2021-10-25]
CHR Extension: (securyBrowse) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kojidghikgbmicmgpmcdfallpa caanel [2021-06-03]
CHR Extension: (AVG SafePrice | Comparison, deals, coupons) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcigh gikkgn [2021-08-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2021-02-09]
CHR Extension: (Browser Checkup for Chrome by Doctor) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\okjdbeegldeilceaflghgfdemo bmfhbd [2021-07-08]
CHR Extension: (Gmail) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2020-10-31]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [844528 2021-10-06] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3833088 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3603200 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8323664 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [630040 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [377624 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
S3 InventoriaService; C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe [1771592 2020-05-15] (NCH Software, Inc. -> NCH Software)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7265328 2020-10-31] (Malwarebytes Inc -> Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.2296\McCHSvc.exe [416752 2021-09-03] (McAfee, LLC -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.4.105.0\\McCSPServiceHost.exe [2687856 2020-01-25] (McAfee, LLC. -> McAfee, LLC.)
R2 SafeConnectService; C:\Program Files (x86)\McAfee\McAfee Safe Connect\SafeConnect.ServiceHost.exe [31968 2021-05-26] (McAfee, LLC -> McAfee, LLC.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2020-01-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2020-01-15] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35720 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [221600 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [369176 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250408 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99368 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [21936 2021-10-03] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41368 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [184640 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [538480 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107864 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82912 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851712 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [557152 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215392 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [328568 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [217600 2021-06-02] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-10-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2021-06-06] (Malwarebytes Inc -> Malwarebytes)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2021-05-26] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50688 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2020-01-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2020-01-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2020-01-15] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-26 19:33 - 2021-10-26 19:33 - 000000338 _____ C:\Users\Debbie\Desktop\fixlog.txt
2021-10-26 19:31 - 2021-10-26 19:33 - 000030664 _____ C:\Users\Debbie\Desktop\FRST.txt
2021-10-26 19:31 - 2021-10-26 19:31 - 002310656 _____ (Farbar) C:\Users\Debbie\Desktop\FRST64.exe
2021-10-21 14:58 - 2021-10-21 14:58 - 002310656 _____ (Farbar) C:\Users\Debbie\Downloads\FRST64 (13).exe
2021-10-19 10:26 - 2021-10-19 10:26 - 002310656 _____ (Farbar) C:\Users\Debbie\Downloads\FRST64 (12).exe
2021-10-19 10:21 - 2021-10-19 10:21 - 000000579 _____ C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\FRST.lnk
2021-10-18 17:29 - 2021-10-18 17:29 - 002310656 _____ (Farbar) C:\Users\Debbie\Downloads\FRST64 (11).exe
2021-10-18 17:28 - 2021-10-18 17:28 - 002019328 _____ (Farbar) C:\Users\Debbie\Downloads\FRST (5).exe
2021-10-18 17:27 - 2021-10-18 17:28 - 002019328 _____ (Farbar) C:\Users\Debbie\Downloads\FRST (4).exe
2021-10-18 17:27 - 2021-10-18 17:27 - 002310656 _____ (Farbar) C:\Users\Debbie\Downloads\FRST64 (10).exe
2021-10-13 07:40 - 2021-10-13 07:40 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2021-10-13 07:40 - 2021-10-13 07:40 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2021-10-13 07:39 - 2021-10-13 07:39 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-10-13 07:39 - 2021-10-13 07:39 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-10-13 07:39 - 2021-10-13 07:39 - 000011495 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-10-13 07:38 - 2021-10-13 07:38 - 001823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-10-13 07:38 - 2021-10-13 07:38 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-10-13 07:38 - 2021-10-13 07:38 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-10-13 07:38 - 2021-10-13 07:38 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-10-13 07:37 - 2021-10-13 07:37 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-10-13 07:37 - 2021-10-13 07:37 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-10-13 07:37 - 2021-10-13 07:37 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjec ts.dll
2021-10-13 07:37 - 2021-10-13 07:37 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-10-13 07:05 - 2021-10-13 07:05 - 000000000 ___HD C:\$WinREAgent
2021-10-07 22:43 - 2021-10-07 22:43 - 000956512 _____ (Wavesor Software) C:\Users\Debbie\Downloads\Wave Browser (2).exe
2021-10-07 22:42 - 2021-10-07 22:43 - 000956512 _____ (Wavesor Software) C:\Users\Debbie\Downloads\Wave Browser (1).exe
2021-10-07 22:42 - 2021-10-07 22:42 - 000956512 _____ (Wavesor Software) C:\Users\Debbie\Downloads\Wave Browser.exe
2021-10-03 01:08 - 2021-10-03 01:08 - 000340248 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-10-03 01:08 - 2021-10-03 01:08 - 000215392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-09-27 12:29 - 2021-09-27 12:29 - 000082208 _____ C:\Users\Debbie\Downloads\5th Annual Memorial Ride for Mason Avery Mitchell (3).pdf
2021-09-27 11:53 - 2021-09-27 11:53 - 000081848 _____ C:\Users\Debbie\Downloads\5th Annual Memorial Ride for Mason Avery Mitchell (2).pdf
2021-09-27 11:45 - 2021-09-27 11:45 - 000080648 _____ C:\Users\Debbie\Downloads\5th Annual Memorial Ride for Mason Avery Mitchell (1).pdf
2021-09-27 11:44 - 2021-09-27 11:44 - 000080648 _____ C:\Users\Debbie\Downloads\5th Annual Memorial Ride for Mason Avery Mitchell.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-26 19:32 - 2021-06-01 11:26 - 000000000 ____D C:\FRST
2021-10-26 19:25 - 2019-09-12 18:42 - 000000000 ____D C:\Program Files (x86)\Google
2021-10-26 19:20 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-10-26 19:07 - 2020-08-27 17:20 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-10-26 17:01 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-10-26 17:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-10-26 16:13 - 2021-07-27 09:45 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-10-26 13:37 - 2020-08-27 17:50 - 000004170 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronizatio n-{46199E18-599D-4060-9554-AECE3B7CD090}
2021-10-25 22:48 - 2021-09-14 10:02 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2021-10-25 20:37 - 2019-09-12 18:43 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-25 20:37 - 2019-09-12 18:43 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-10-23 13:27 - 2020-03-16 02:08 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-10-23 13:27 - 2020-03-16 02:08 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-10-21 16:43 - 2021-06-01 11:30 - 000034004 _____ C:\Users\Debbie\Downloads\Addition.txt
2021-10-21 16:43 - 2021-06-01 11:26 - 000043572 _____ C:\Users\Debbie\Downloads\FRST.txt
2021-10-17 21:10 - 2020-08-27 17:50 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-10-17 20:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-10-17 18:21 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-10-16 08:19 - 2020-08-27 17:50 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3358373597-1690568811-3966139131-1001
2021-10-16 08:19 - 2020-08-27 17:25 - 000002386 _____ C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\OneDrive.lnk
2021-10-13 22:12 - 2021-07-19 11:58 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-10-13 22:11 - 2021-07-27 10:23 - 000002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2021-10-13 22:11 - 2021-07-27 10:23 - 000002103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2021-10-13 19:10 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-10-13 18:23 - 2021-07-19 11:57 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-10-13 18:20 - 2020-08-27 17:50 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskM achineUA
2021-10-13 18:20 - 2020-08-27 17:50 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineU A
2021-10-13 18:20 - 2020-08-27 17:50 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskM achineCore
2021-10-13 18:20 - 2020-08-27 17:50 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineC ore
2021-10-13 18:15 - 2021-07-27 09:53 - 000000000 ___RD C:\Users\Debbie\Creative Cloud Files
2021-10-13 18:13 - 2020-08-27 17:33 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-10-13 18:11 - 2021-04-06 12:27 - 000000000 ____D C:\WINDOWS\system32\Tasks\Wavesor Software_S-1-5-21-3358373597-1690568811-3966139131-1001
2021-10-13 18:11 - 2021-04-06 12:25 - 000000000 ____D C:\Users\Debbie\Wavesor Software
2021-10-13 18:07 - 2021-04-06 12:25 - 000003532 _____ C:\WINDOWS\system32\Tasks\WavesorSWUpdaterTaskUser S-1-5-21-3358373597-1690568811-3966139131-1001UA
2021-10-13 18:07 - 2021-04-06 12:25 - 000003264 _____ C:\WINDOWS\system32\Tasks\WavesorSWUpdaterTaskUser S-1-5-21-3358373597-1690568811-3966139131-1001Core
2021-10-13 18:07 - 2021-04-06 11:18 - 000002700 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 2
2021-10-13 18:07 - 2021-04-06 11:18 - 000002698 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 3
2021-10-13 18:07 - 2021-04-06 11:18 - 000002698 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 1
2021-10-13 18:07 - 2020-08-27 17:50 - 000003502 _____ C:\WINDOWS\system32\Tasks\EPSON XP-430 Series Update {4096E76B-F21C-4D1E-96D3-5B18C92C0122}
2021-10-13 18:07 - 2020-08-27 17:50 - 000003058 _____ C:\WINDOWS\system32\Tasks\BA Scheduler
2021-10-13 18:07 - 2020-08-27 17:50 - 000002482 _____ C:\WINDOWS\system32\Tasks\Quick Driver Updater skipuac
2021-10-13 18:07 - 2020-04-05 13:08 - 000000951 _____ C:\WINDOWS\Tasks\EPSON XP-430 Series Update {4096E76B-F21C-4D1E-96D3-5B18C92C0122}.job
2021-10-13 18:07 - 2019-10-18 19:41 - 000000000 ____D C:\ProgramData\AVAST Software
2021-10-13 18:06 - 2020-08-27 17:20 - 000280040 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-10-13 18:05 - 2020-08-27 17:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-10-13 18:05 - 2020-08-27 17:20 - 000008192 ___SH C:\DumpStack.log.tmp
2021-10-13 18:03 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-10-13 18:02 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-10-13 18:02 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-10-13 18:01 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-10-13 18:01 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-10-13 18:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-10-13 18:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-10-13 18:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-10-13 18:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-10-13 18:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-10-13 06:48 - 2019-08-13 16:59 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-10-13 06:44 - 2019-08-13 16:58 - 139806512 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-10-07 22:46 - 2021-04-06 12:27 - 000002297 _____ C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\WaveBrowser.lnk
2021-10-07 18:21 - 2021-07-27 09:40 - 000000000 ____D C:\Program Files\Adobe
2021-10-06 18:22 - 2021-07-27 09:45 - 000001346 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2021-10-06 18:22 - 2021-07-27 09:45 - 000001316 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2021-10-06 18:22 - 2021-07-27 09:40 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-10-06 18:22 - 2021-07-19 11:56 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-10-05 18:05 - 2021-07-27 09:49 - 000003522 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-10-03 01:08 - 2021-05-24 14:56 - 000021936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2021-10-03 01:08 - 2020-09-21 18:45 - 000184640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-10-03 01:08 - 2020-06-14 19:24 - 000557152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-10-03 01:08 - 2020-06-14 19:24 - 000538480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-10-03 01:08 - 2020-06-14 19:24 - 000328568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-10-03 01:08 - 2020-06-14 19:24 - 000250408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-10-03 01:08 - 2020-06-14 19:24 - 000107864 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-10-03 01:08 - 2020-06-14 19:24 - 000099368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-10-03 01:08 - 2020-06-14 19:24 - 000082912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-10-03 01:08 - 2020-06-14 19:24 - 000041368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-10-03 01:08 - 2019-12-07 05:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-10-03 01:07 - 2020-06-14 19:24 - 000851712 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-10-03 01:07 - 2020-06-14 19:24 - 000369176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-10-03 01:07 - 2020-06-14 19:24 - 000221600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-10-03 01:07 - 2020-06-14 19:24 - 000035720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2021-10-01 06:01 - 2021-01-22 04:33 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-27 13:31 - 2020-08-27 17:50 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-09-27 11:56 - 2020-08-27 17:25 - 000000000 ____D C:\Users\Debbie
2021-09-27 11:48 - 2019-10-18 19:51 - 000000000 ____D C:\Users\Debbie\AppData\Local\CrashDumps

==================== Files in the root of some directories ========

2021-07-27 09:55 - 2021-07-27 09:55 - 000000000 _____ () C:\Users\Debbie\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Reply With Quote
  #28  
Old October 27th, 2021, 12:36 AM
littleone littleone is offline
Senior Member
 
Join Date: Aug 2017
Posts: 157
addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2021
Ran by Debbie (26-10-2021 19:36:05)
Running from C:\Users\Debbie\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1288 (X64) (2020-08-27 21:52:13)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3358373597-1690568811-3966139131-500 - Administrator - Disabled)
Debbie (S-1-5-21-3358373597-1690568811-3966139131-1001 - Administrator - Enabled) => C:\Users\Debbie
DefaultAccount (S-1-5-21-3358373597-1690568811-3966139131-503 - Limited - Disabled)
Guest (S-1-5-21-3358373597-1690568811-3966139131-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3358373597-1690568811-3966139131-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Total AV (Disabled - Out of date) {AC3490DF-B2AE-610F-9290-A5E6E0CD5323}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.6.0.788 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 21.8.2487 - Avast Software)
Direct Game UNI Installer (HKLM-x32\...\{7CE79E81-562B-4252-93D7-C6FF8F18FE9C}) (Version: 1.0.23 - GamesLOL)
EdrawMax(Build 10.0.4.776) (HKLM-x32\...\{037BAB81-3DF7-4381-A72C-A26B57C03548}_is1) (Version: 10.0.4.776 - EdrawSoft Co.,Ltd.)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.1 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{FFA5C174-DB3F-4AFE-B59D-C0FB1744CD76}) (Version: 3.1.0.0 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{28C66F35-69BF-4376-BC80-4D5F4808FF3C}) (Version: 4.6.1 - Seiko Epson Corporation)
EPSON XP-430 Series Printer Uninstall (HKLM\...\EPSON XP-430 Series) (Version: - Seiko Epson Corporation)
Free DVD Player version 6.6.8 (HKLM-x32\...\Free DVD Player_is1) (Version: 6.6.8 - ShiningSoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 95.0.4638.54 - Google LLC)
IEBrowserAssistant (HKLM-x32\...\{BC63C727-3079-49AA-876A-8E459D35CB72}) (Version: 1.0.0 - Realistic Media Inc.)
Inventoria Stock Manager (HKLM-x32\...\Inventoria) (Version: 7.04 - NCH Software)
Malwarebytes version 4.2.2.95 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.2.95 - Malwarebytes)
McAfee Safe Connect (HKLM-x32\...\{2973b354-fb68-4cf9-a20a-5bf99895504b}) (Version: 2.13 - McAfee, LLC.)
McAfee Safe Connect (HKLM-x32\...\{FA376988-2613-43B7-8BFC-91D8DC165F14}) (Version: 2.13 - McAfee, LLC.) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.2296.1 - McAfee, LLC)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.30 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\OneDriveSetup.exe) (Version: 21.196.0921.0007 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Quick Driver Updater (HKLM\...\{1745FA8E-3AEE-4239-A380-89B8F6EDB642}_is1) (Version: 1.0.0.5 - Digital Protection Services S.R.L)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}) (Version: 8.0.0.35 - GRISOFT, s.r.o.)
WaveBrowser (HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\WaveBrowser) (Version: 1.1.3.4 - Wavesor Software)
WinZip 25.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2412F}) (Version: 25.0.14273 - Corel Corporation)

Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4. 0_x86__e1rzdqpraam7r [2021-07-27] (Adobe Systems Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_ x86__enpm4xejd91yc [2021-07-27] (Adobe Systems Incorporated)
Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3 .10.1036.0_x64__22t9g3sebte08 [2021-10-01] (AMZN Mobile LLC.) [Startup Task]
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.67. 3.0_x86__kgqvnymyfvs32 [2021-10-21] (king.com)
Dell SupportAssist for PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_ 3.3.8.0_x64__htrsf667h5kn2 [2019-11-26] (Dell Inc)
DVD Player - FREE -> C:\Program Files\WindowsApps\21336V3TApps.DVDPlayer-FREE_1.1.7.0_x86__bzg06mxvgh4fa [2021-10-11] (V3TApps)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.69.3.0 _x86__kgqvnymyfvs32 [2021-10-25] (king.com)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x64__8wekyb3d8bbwe [2019-08-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x86__8wekyb3d8bbwe [2019-08-13] (Microsoft Corporation) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_4.0.1 1030.0_x64__8wekyb3d8bbwe [2020-11-22] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireColl ection_4.10.9220.0_x64__8wekyb3d8bbwe [2021-10-10] (Microsoft Studios) [MS Ad]
Nero DVD Player -> C:\Program Files\WindowsApps\NeroAG.NeroDVDPlayer_1.0.25.0_x8 6__k5ye2zvjqqeaw [2021-09-28] (NeroAG)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Mai n_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_ 1.0.0.0_x64__8wekyb3d8bbwe [2020-04-07] (Microsoft Corporation)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0 _x86__e1rzdqpraam7r [2021-07-19] (Adobe Systems Incorporated)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610 .0_x86__zpdnekdrzrea0 [2021-10-13] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-71A484481361} -> [Creative Cloud Files] => C:\Users\Debbie\Creative Cloud Files [2021-07-27 09:53]
CustomCLSID: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001_Classes\CLSID\{9CD78CBC-FD21-4FFF-B452-9D792A58B7C4}\localserver32 -> C:\Users\Debbie\Wavesor Software\WaveBrowser\1.1.3.4\notification_helper.e xe (Wavesor Software -> Wavesor Software)
CustomCLSID: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001_Classes\CLSID\{C5596523-009B-41A7-AB11-BCA2274BDCDB}\InprocServer32 -> C:\Users\Debbie\Wavesor Software\SWUpdater\1.3.109.0\psuser_64.dll (Wavesor Software -> Wavesor Software)
CustomCLSID: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
CustomCLSID: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32 -> C:\Users\Debbie\Wavesor Software\SWUpdater\1.3.109.0\psuser_64.dll (Wavesor Software -> Wavesor Software)
CustomCLSID: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 -> C:\Users\Debbie\Wavesor Software\SWUpdater\1.3.109.0\psuser_64.dll (Wavesor Software -> Wavesor Software)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-03] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-09-09] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-25] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-25] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-09-09] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-25] (Corel Corporation -> WinZip Computing)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Debbie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Googl e Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2015-12-17 11:11 - 2015-12-17 11:11 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
BHO: IEBrowserAssistant -> {2421CBA2-89B7-4734-8438-49E0D7EB8A75} -> C:\Users\Debbie\AppData\Roaming\IEBrowserAssistant \adxloader64.dll [2018-11-13] (Default Company) [File not signed]
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavSt ub.dll [2021-06-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavSt ub.dll [2021-06-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: IEBrowserAssistant -> {2421CBA2-89B7-4734-8438-49E0D7EB8A75} -> C:\Users\Debbie\AppData\Roaming\IEBrowserAssistant \adxloader.dll [2018-11-13] (Default Company) [File not signed]
BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.d ll [2021-06-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.d ll [2021-06-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavSt ub.dll [2021-06-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.d ll [2021-06-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3358373597-1690568811-3966139131-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavSt ub.dll [2021-06-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 00:49 - 2021-09-14 10:02 - 000000893 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.1 scinstallcheck.mcafee.com
0.0.0.1 mssplus.mcafee.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Debbie\Desktop\67702742_10211103468221886 _5226150221913784320_n.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EDE300A4-4668-487C-80BF-7ED7CB87CCE2}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{AA880568-314B-4828-A4EE-91C38FD10C0D}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{21D7B6EA-61B9-4BAE-A031-21BFCE3B3839}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{3953B7E4-57BB-4E11-B665-3F60D3482BB0}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{AE6CCC3F-7752-4CC0-AB94-B2695D0E9798}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [TCP Query User{18FC0007-2E32-4170-81CB-50B2131A1229}C:\program files\avast software\avast\avastui.exe] => (Allow) C:\program files\avast software\avast\avastui.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [UDP Query User{25897CAB-D1C9-4915-974E-3219973E3636}C:\program files\avast software\avast\avastui.exe] => (Allow) C:\program files\avast software\avast\avastui.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [TCP Query User{F7840ABD-601B-4115-A3F0-40A62836C6F0}C:\users\debbie\wavesor software\wavebrowser\wavebrowser.exe] => (Allow) C:\users\debbie\wavesor software\wavebrowser\wavebrowser.exe (Wavesor Software -> Wavesor Software)
FirewallRules: [UDP Query User{F4A2F4F4-F1AB-4483-BF0E-56066B3254E0}C:\users\debbie\wavesor software\wavebrowser\wavebrowser.exe] => (Allow) C:\users\debbie\wavesor software\wavebrowser\wavebrowser.exe (Wavesor Software -> Wavesor Software)
FirewallRules: [{63C574FA-F792-40C3-B977-F18C83371366}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{D0464766-9694-4DAD-84DF-3400CBBFEA7E}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{78058847-D7F5-46FE-87E5-237255E3594F}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{46F05838-8B58-4B3F-9E48-1ADD3D05F47C}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{2E206628-959B-4D42-A65C-84FBDE9CC289}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5CB88FEF-4F16-495A-832B-5361E9FF39B7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A4A7F427-EE12-45F5-A1A2-4D4E3264402B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F9E3B79B-5498-4A08-8DA8-28FC65AABE06}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2D9AE26A-EBCC-40D0-A9A5-B8A436E9C54B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DE96FEDD-7F37-49BD-A16B-6F899114C366}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D372E75E-1F6F-458C-8FA9-8607798BF387}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{798C6BFF-5335-4E6D-9D39-02E35D36B98E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E8AEEE82-29F7-46E6-833A-0B186FA38FF7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{971D87E9-D551-45CD-ABF4-5CFA0744F79C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D38A3CF3-5004-4C2A-AEEB-81DBFB4E1BBF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AA1BC553-4601-41D6-89D9-6F5B81B7A268}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{13D99E10-C58F-404C-9207-4D52328F7F21}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

13-10-2021 07:05:18 Windows Modules Installer
20-10-2021 18:06:56 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (10/22/2021 11:26:30 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (10/22/2021 10:46:54 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (10/16/2021 12:29:30 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (10/16/2021 12:06:52 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (10/08/2021 10:41:19 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (10/08/2021 10:25:16 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (10/06/2021 06:24:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdobeNotificationClient.exe version 5.2.0.121 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2b28

Start Time: 01d7aa7b3103ae0c

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_ x86__enpm4xejd91yc\AdobeNotificationClient.exe

Report Id: d5e8b78c-72b7-447c-a403-fbed0f6cec14

Faulting package full name: AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc

Faulting package-relative application ID: App

Hang type: Quiesce

Error: (10/01/2021 11:08:29 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)


System errors:
=============
Error: (10/13/2021 06:13:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee CSP Service service hung on starting.

Error: (10/13/2021 05:59:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ELI7VR8)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (10/13/2021 05:59:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ELI7VR8)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (10/13/2021 05:59:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ELI7VR8)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (10/13/2021 05:59:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ELI7VR8)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (10/13/2021 05:59:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ELI7VR8)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (10/13/2021 05:59:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ELI7VR8)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (10/13/2021 05:59:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ELI7VR8)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.


CodeIntegrity:
===============
Date: 2021-10-26 18:29:57
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\x86\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2021-10-26 13:01:07
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost. exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. A11 12/30/2011
Motherboard: Dell Inc. 0D28YY
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 82%
Total physical RAM: 8073.05 MB
Available physical RAM: 1428.23 MB
Total Virtual: 13193.05 MB
Available Virtual: 4270.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.19 GB) (Free:398.34 GB) NTFS
Drive e: (662PPGOLD_BGS) (CDROM) (Total:0.45 GB) (Free:0 GB) CDFS

\\?\Volume{ec7a2b63-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.57 GB) (Free:0.12 GB) NTFS

==================== MBR & Partition Table ====================

================================================== ========
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: EC7A2B63)
Partition 1: (Active) - (Size=579 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
Reply With Quote
  #29  
Old October 27th, 2021, 12:41 AM
littleone littleone is offline
Senior Member
 
Join Date: Aug 2017
Posts: 157
I have done just as you said and it is still saying no fixlog found abd i saved it to desktop,,and then clicked fix again on the frst?
Reply With Quote
  #30  
Old October 28th, 2021, 12:26 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,178
No idea, but McAfee shows as installed there.


In the search box on the taskbar, type Control Panel and select it from the results. Select Programs > Programs and Features. Press and hold (or right-click) on the program you want to remove and select Uninstall or Uninstall/Change.

McAfee (any listing).
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 06:50 AM.