Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Malware dev lures child exploiters into honeytrap to extort them

Featured Deal: Get work organized with $230 off Microsoft Project Professional 2021

Latest Buyer's Guide:    How to setup a VPN on your router: Detailed walkthrough

Generic User Avatar

ESET security will not run, Malwarebytes nothing, Chrome taking over

Started by FluffyPup , Mar 26 2024 02:37 PM

  • This topic is locked This topic is locked
31 replies to this topic

#1 FluffyPup

FluffyPup

  • Avatar image
  • Members
  • 236 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:05:24 AM

Posted 26 March 2024 - 02:37 PM

I have a Lg Intel evo i7 Windows 11 computer that was running ESET premium security. A few weeks ago it was due to renew, I renewed it. The computer had started to act squirrel. I assumed it was ESET trying to get my attention to renew. ESET is complete stopped now and will not recognize the renewal.

 

ESET detected someone logging into the computer using the phantom login account. When I access the computer from that account, it runs fine. I haven't accessed the computer from there for long since I don't want to completely shut down the computer.

 

I currently have running a Premium Trial of Malwarebyes, 3 days remaining. It hasn't detected anything. I have run the normal krill, adware, junkware, malwarebytes. Nothing much.

 

The computer works well when I install Google chrome. When Chrome is not installed some icons are small dots, the type in the address bar is 4 pt and typing skips letters. Other areas on the screen are huge.  Proportions are all off. I am not able to get the settings to clear back to normal.

 

When I use Revo uninstaller, it will only allow the uninstall feature to appear. The other features are not present.  CCleaner appears to run, but really doesn't do anything.

 

I entered safe mode using Tweaking through the phantom account and ran repairs. Didn't help.

 

That is all my bag of tricks. -sigh-

 

Any help would be appreciated. Thank you.


Edited by FluffyPup, 26 March 2024 - 02:43 PM.

BC AdBot (Login to Remove)

 

#2 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,410 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:03:24 AM

Posted 26 March 2024 - 08:23 PM

Greetings and :welcome: back to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
  • It is important to not run any tools or take any steps other than those I will provide for you.
  • Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
  • Please copy and paste all logs into your post unless otherwise requested.
  • When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
  • If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for 64 bit systems and note where the file is saved (Desktop, Downloads, etc.) <<< Important
  • If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
  • Right click on the icon and select Run as administrator
  • Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of each report in separate reply windows
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST.txt
  • Addition.txt

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#3 FluffyPup

FluffyPup
  • Topic Starter

  • Avatar image
  • Members
  • 236 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:05:24 AM

Posted 27 March 2024 - 02:32 AM

Hi Gary,

Thank you for your help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25.03.2024
Ran by buttonB (administrator) on BUTTON (LG Electronics 16T90Q-K.AAC7U1) (27-03-2024 00:20:50)
Running from C:\Users\buttonB\Desktop\BC03272024\FRST64english.exe
Loaded Profiles: buttonB
Platform: Microsoft Windows 11 Home Version 23H2 22631.3296 (X64) Language: English (United States)
Default browser not detected!
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(082E9164-EE6C-4EC8-B62C-441FAE7BEFA1 -> Mozilla Corporation) C:\Program Files\WindowsApps\Mozilla.Firefox_123.0.1.0_x64__n80bbvh6b1yt2\VFS\ProgramFiles\Firefox Package Root\firefox.exe <38>
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eOppFrame.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> ) C:\Program Files\Malwarebytes\Anti-Malware\MBAMCrashHandler.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(LG Electronics Inc. -> LG Electronics Inc.) C:\Program Files (x86)\LG Software\LG OSD\HotkeyManager.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\24.045.0303.0003\Microsoft.SharePoint.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel Arc Control\ArcControlService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_401fde8782680631\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_5e376a2004e773e8\AS\IAS\IntelAudioService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.) C:\Windows\System32\DriverStore\FileRepository\platmgrsvc.inf_amd64_adaceae86e3634ce\PlatformMgrService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_73b5b27e95d29468\RtkAudUService64.exe <2>
(services.exe ->) (Wacom Co., Ltd. -> Wacom Technology, Corp.) C:\Windows\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_c113c798a636a807\WTabletServiceISD.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.270.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (Tweaking LLC -> Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_73b5b27e95d29468\RtkAudUService64.exe [1946936 2023-09-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [196264 2023-12-24] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [HotkeyManager] => C:\Program Files (x86)\LG Software\LG OSD\HotkeyManager.exe [320328 2022-07-11] (LG Electronics Inc. -> LG Electronics Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-332997564-2752265082-2101897690-1002\...\Run: [MicrosoftEdgeAutoLaunch_B5B535DA4A55F5AEE85A6C9113CA0F26] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start (No File)
HKU\S-1-5-21-332997564-2752265082-2101897690-1002\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [3306400 2024-03-22] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {7541B8B7-1EA9-4542-821C-EF615D4115A7} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4922296 2023-12-19] (Intel Corporation -> Intel Corporation)
Task: {30163D99-EE2A-4474-8C16-75E267D90544} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4922296 2023-12-19] (Intel Corporation -> Intel Corporation)
Task: {186B7BE1-3D1E-4F94-9D23-500ED86764C3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe  --automatic (No File)
Task: {9983FA68-FAA4-4DF1-BF63-9373BC6CE16F} - System32\Tasks\LGAppCount => C:\Program Files (x86)\LG Software\LG App Count\LGAppCountObserver.exe [127528 2024-02-27] (LG Electronics Inc. -> LG Electronics Inc.)
Task: {F7E9A72F-8A6A-444E-A9F0-AD8FF557197F} - System32\Tasks\LGPCCareWin32 => C:\Program Files (x86)\LG Software\LG PC Care\LG PC Care.exe  /hide (No File)
Task: {D51096B9-0563-4851-BD73-60AA7C7083AB} - System32\Tasks\LGUpdateRecovery => C:\Program Files (x86)\LG Software\LG Update\URUpdate.exe [412720 2023-10-05] (LG Electronics Inc. -> LG Electronics inc.)
Task: {66A50298-3368-41E2-AD80-6E2420859D29} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28491744 2024-03-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {FBAA45C8-E9C0-47C9-9A7E-EAFDEE9D5097} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28491744 2024-03-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {A888D8FD-B0FA-45FF-996F-A59E5B9223C1} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309184 2024-03-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {F739BBFF-B206-437A-8405-9F3876CAE437} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309184 2024-03-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {B1C88ABA-D7ED-431D-96E9-B080003ABD11} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [170136 2024-03-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {63521939-C9D5-40D0-9FC3-A0CDCF12C80B} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4205984 2024-03-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {1AB13BE0-5688-4452-B44D-0834A721C15F} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-332997564-2752265082-2101897690-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4205984 2024-03-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {08BD8EAE-9873-4811-94D3-ED0425347F0C} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-332997564-2752265082-2101897690-1002 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4205984 2024-03-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {07E06A61-FB1A-4CC2-B34F-7B8A4FFD5D14} - System32\Tasks\RNIdle Task => C:\Windows\System32\drivers\Intel\ICPS\RNIdleTask.exe  (No File)
Task: {6CF17553-3D36-4972-B89F-39F5EFF1C8B9} - System32\Tasks\RunSpeccy => C:\Program Files\Speccy\Speccy64.exe [7638104 2022-06-13] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {54A8EA01-4BA7-4518-B858-E675332B6BFA} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [220816 2019-09-30] (Tweaking LLC -> Tweaking.com)
Task: {F05E05AE-1766-40B0-B1F4-0D8C8EF076DD} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\Windows\System32\Wscript.exe [200704 2023-04-25] (Microsoft Windows -> Microsoft Corporation) -> C:\Program Files\Intel\SUR\QUEENCREEK\x64\//B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 17 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 18 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 17 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 18 %windir%\system32\vsocklib.dll => No File
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{307b2202-8435-4d83-bb3b-4bb6efc65d7c}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{307b2202-8435-4d83-bb3b-4bb6efc65d7c}\F43405C402055524C494340275946494: [DhcpNameServer] 10.20.14.101 10.20.10.101 10.20.10.11 192.168.119.3 10.20.14.110
Tcpip\..\Interfaces\{307b2202-8435-4d83-bb3b-4bb6efc65d7c}\F43405C402055524C494340275946494: [DhcpDomain] plpatron.local
Tcpip\..\Interfaces\{307b2202-8435-4d83-bb3b-4bb6efc65d7c}\F4F414D274747374630383A515139344: [DhcpNameServer] 172.20.10.1

FireFox:
========
FF DefaultProfile: xw4ynovc.default
FF ProfilePath: C:\Users\buttonB\AppData\Roaming\Mozilla\Firefox\Profiles\xw4ynovc.default [2024-03-15]
FF ProfilePath: C:\Users\buttonB\AppData\Roaming\Mozilla\Firefox\Profiles\9t44ue0o.default-release [2024-03-27]
FF Extension: (Language: English (CA)) - C:\Users\buttonB\AppData\Roaming\Mozilla\Firefox\Profiles\9t44ue0o.default-release\Extensions\langpack-en-CA@firefox.mozilla.org.xpi [2024-03-15]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"MpKslae702d6b" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\MpKslae702d6b => \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6DFE50C4-868A-46DA-BBC7-EB2DE71D7842}\MpKslDrv.sys <==== ATTENTION (Rootkit!/Locked Service)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14097992 2024-03-07] (Microsoft Corporation -> Microsoft Corporation)
S4 DFWSIDService; C:\ProgramData\Wondershare\wsServices\WsidService.exe [3963120 2023-10-23] (Wondershare Technology Group Co.,Ltd -> wondershare)
S4 dptftcs; C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_69b9bfffc3486196\ipfsvc.exe [544440 2022-03-28] (Intel Corporation -> Intel Corporation)
S4 DtsApo4Service; C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe [243432 2022-07-08] (DTS, Inc. -> DTS Inc.)
S4 efwd; C:\Program Files\ESET\ESET Security\efwd.exe [2539384 2023-12-24] (ESET, spol. s r.o. -> ESET)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [3890064 2023-12-24] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [3890064 2023-12-24] (ESET, spol. s r.o. -> ESET)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.045.0303.0003\FileSyncHelper.exe [3516960 2024-03-22] (Microsoft Corporation -> Microsoft Corporation)
R2 IntelArcControlService; C:\Program Files\Intel\Intel Arc Control\ArcControlService.exe [1656360 2023-12-05] (Intel Corporation -> Intel Corporation)
R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_5e376a2004e773e8\AS\IAS\IntelAudioService.exe [540232 2023-03-08] (Intel Corporation -> Intel)
S4 ipfsvc; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_uf.exe [2781312 2023-02-03] (Intel Corporation -> Intel Corporation)
S4 LG Device Managers; C:\Program Files (x86)\LG Software\LG Device Manager\DeviceManager.exe [106336 2021-12-16] (LG Electronics Inc. -> )
S3 LGUWPService; C:\Windows\System32\DriverStore\FileRepository\lguwpservice.inf_amd64_a8df4e8e5bc1eb47\LGUWPService.exe [55144 2022-08-09] (LG Electronics Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8882936 2024-03-18] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-03-15] (Malwarebytes Inc. -> Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.045.0303.0003\OneDriveUpdaterService.exe [3856288 2024-03-22] (Microsoft Corporation -> Microsoft Corporation)
S4 PDF24; C:\Program Files\PDF24\pdf24.exe [613048 2023-05-24] (geek software GmbH -> geek software GmbH)
R2 PlatformMgrService; C:\Windows\System32\DriverStore\FileRepository\platmgrsvc.inf_amd64_adaceae86e3634ce\PlatformMgrService.exe [98216 2022-08-01] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\NisSrv.exe [3191272 2024-03-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe [133688 2024-03-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Browser; %SystemRoot%\System32\browser.dll [X]
S4 IDBWM; %SystemRoot%\System32\drivers\Intel\ICPS\IDBWMService.exe [X]
S4 Intel Analytics Service; %SystemRoot%\System32\drivers\Intel\ICPS\IntelAnalyticsService.exe [X]
S4 Intel Connectivity Network Service; %SystemRoot%\System32\drivers\Intel\ICPS\IntelConnectivityNetworkService.exe [X]
S4 Intel Provider Data Helper Service; %SystemRoot%\System32\drivers\Intel\ICPS\IntelProviderDataHelperService.exe [X]
S4 IntelConnectService; %SystemRoot%\System32\drivers\Intel\ICPS\IntelConnectService.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AirModeBtn; C:\Windows\System32\drivers\AirModeBtn.sys [57056 2022-03-29] (LG Electronics Inc. -> LG Electronics)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [215616 2023-12-08] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [120032 2023-12-08] (ESET, spol. s r.o. -> ESET)
R1 edevmonm; C:\Windows\System32\DRIVERS\edevmonm.sys [122664 2023-12-08] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [16336 2023-03-24] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [254344 2023-12-08] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [55528 2023-12-08] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [81824 2023-12-08] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [124168 2023-12-08] (ESET, spol. s r.o. -> ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2024-03-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 fse; C:\Windows\System32\drivers\fse.sys [218592 2023-10-26] (Microsoft Windows -> Microsoft Corporation)
R3 iaLPSS2_GPIO2_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_302e75596cffa74a\iaLPSS2_GPIO2_ADL.sys [150616 2022-10-24] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_e736c048ca307ed2\iaLPSS2_I2C_ADL.sys [220224 2022-10-24] (Intel Corporation -> Intel Corporation)
R3 IntelGNA; C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88784 2022-08-19] (Intel Corporation -> Intel Corporation)
R3 ipf_acpi; C:\Windows\System32\DriverStore\FileRepository\ipf_acpi.inf_amd64_6808233353fa1d56\ipf_acpi.sys [87168 2023-02-03] (Intel Corporation -> Intel Corporation)
R3 ipf_cpu; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_cpu.sys [80512 2023-02-03] (Intel Corporation -> Intel Corporation)
R3 ipf_lf; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_lf.sys [445056 2023-02-03] (Intel Corporation -> Intel Corporation)
R0 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223296 2024-03-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2024-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt11.sys [233704 2024-03-27] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78912 2024-03-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2024-03-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [188784 2024-03-27] (Malwarebytes Inc. -> Malwarebytes)
R1 PlatMgr; C:\Windows\System32\drivers\PlatMgr.sys [167112 2022-08-01] (LG Electronics Inc. -> LG Electronics Inc.)
R3 PlatSec; C:\Windows\System32\DriverStore\FileRepository\platsec.inf_amd64_faa9bc5ae253ab2b\PlatSec.sys [1095544 2022-08-01] (LG Electronics Inc. -> LG Electronics Inc.)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [38104 2019-06-04] (I3D Technology Inc. -> I3D Technology Inc.)
S3 Revoflt; C:\Windows\System32\DRIVERS\revoflt.sys [38400 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
S3 rtump64x64; C:\Windows\System32\drivers\rtump64x64.sys [938040 2021-07-20] (Realtek Semiconductor Corp. -> Realtek Corporation)
S3 rtux64w10; C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_03831aeaaa2c730e\rtux64w10.sys [683520 2022-05-06] (Microsoft Windows -> Realtek Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 vmbusproxy; C:\Windows\system32\drivers\vmbusproxy.sys [94208 2023-10-26] (Microsoft Windows -> )
R3 WacHIDRouterISDF; C:\Windows\System32\drivers\WacHIDRouterISDF.sys [140952 2023-08-02] (Wacom Co., Ltd. -> Wacom Technology, Corp.)
S3 WacHIDRouterISDFV; C:\Windows\System32\drivers\WacHIDRouterISDF.sys [140952 2023-08-02] (Wacom Co., Ltd. -> Wacom Technology, Corp.)
S3 WacHIDRouterISDU; C:\Windows\System32\drivers\WacHIDRouterISDU.sys [126176 2022-03-28] (Wacom Co., Ltd. -> Wacom Technology, Corp.)
S3 WacHIDRouterISDUV; C:\Windows\System32\drivers\WacHIDRouterISDU.sys [126176 2022-03-28] (Wacom Co., Ltd. -> Wacom Technology, Corp.)
R0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [20928 2024-03-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-06] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [603416 2024-03-13] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105752 2024-03-13] (Microsoft Windows -> Microsoft Corporation)
R0 xnotepep; C:\Windows\System32\drivers\xnotepep.sys [64008 2022-03-30] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
R4 INTCCoSvc; \SystemRoot\System32\drivers\Intel\ICPS\IntcCo11X64.sys [X]
S3 IOx64v69; \??\C:\Windows\LGPS\install\2022-03-07_083038\IOx64v69 [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-27 00:20 - 2024-03-27 00:20 - 000000000 ____D C:\Users\buttonB\AppData\LocalLow\IGDump
2024-03-27 00:19 - 2024-03-27 00:19 - 000233704 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt11.sys
2024-03-27 00:19 - 2024-03-27 00:19 - 000188784 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2024-03-27 00:18 - 2024-03-27 00:21 - 000000000 ____D C:\FRST
2024-03-27 00:16 - 2024-03-27 00:20 - 000000000 ____D C:\Users\buttonB\Desktop\BC03272024
2024-03-26 12:04 - 2024-03-26 12:04 - 017726648 _____ (VS Revo Group ) C:\Users\buttonB\Downloads\RevoUninProSetup(1).exe
2024-03-26 12:04 - 2024-03-26 12:04 - 000001122 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2024-03-26 12:04 - 2024-03-26 12:04 - 000000000 ____D C:\Users\buttonB\AppData\Local\VS Revo Group
2024-03-26 12:04 - 2024-03-26 12:04 - 000000000 ____D C:\ProgramData\VS Revo Group
2024-03-26 12:04 - 2024-03-26 12:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2024-03-26 12:03 - 2024-03-26 12:03 - 017726648 _____ (VS Revo Group ) C:\Users\buttonB\Downloads\RevoUninProSetup.exe
2024-03-26 11:52 - 2024-03-26 11:53 - 006970144 _____ (VS Revo Group ) C:\Users\buttonB\Downloads\revosetup.exe
2024-03-25 09:27 - 2024-03-25 09:28 - 001376816 _____ (Google LLC) C:\Users\buttonB\Downloads\ChromeSetup.exe
2024-03-25 09:27 - 2024-03-25 09:27 - 001376816 _____ (Google LLC) C:\Users\buttonB\Downloads\ChromeSetup(1).exe
2024-03-16 09:58 - 2024-03-27 00:18 - 000000000 ____D C:\Users\buttonB\AppData\Local\CrashDumps
2024-03-15 23:16 - 2024-03-15 23:16 - 000000000 ____D C:\Users\buttonB\AppData\Local\Mozilla
2024-03-15 21:44 - 2024-03-27 00:19 - 000000000 ____D C:\Users\buttonB\AppData\Local\Malwarebytes
2024-03-15 21:43 - 2024-03-15 21:43 - 000002016 _____ C:\Users\Public\Desktop\ESET Safe Banking & Browsing.lnk
2024-03-15 21:26 - 2024-03-15 21:26 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Bunnun\Downloads\iExplore.exe
2024-03-15 13:00 - 2024-03-15 13:00 - 000000000 ____D C:\Users\Bunnun\Downloads\CryptoSearch(1)
2024-03-15 12:47 - 2024-03-15 12:48 - 058118520 _____ (Tweaking.com) C:\Users\Bunnun\Downloads\tweaking.com_windows_repair_aio_setup.exe
2024-03-15 12:29 - 2024-03-15 22:13 - 000000000 ____D C:\Users\Bunnun\Desktop\Computer PROBLEMS
2024-03-15 12:29 - 2024-03-15 12:29 - 000841241 _____ C:\Users\Bunnun\Downloads\rkill.zip
2024-03-15 12:26 - 2024-03-15 12:26 - 002492226 _____ C:\Users\Bunnun\Downloads\CryptoSearch.zip
2024-03-15 11:52 - 2024-03-15 21:36 - 000000000 ____D C:\Users\Bunnun\AppData\Local\Malwarebytes
2024-03-15 11:52 - 2024-03-15 11:52 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-03-15 11:51 - 2024-03-15 11:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-03-15 11:51 - 2024-03-15 11:51 - 000000000 ____D C:\Program Files\Malwarebytes
2024-03-15 10:30 - 2024-03-15 20:47 - 000000000 ____D C:\Users\Bunnun\AppData\Local\CrashDumps
2024-03-15 10:30 - 2024-03-15 10:30 - 000000000 ____D C:\Users\Bunnun\AppData\Local\OneDrive
2024-03-15 10:10 - 2024-03-15 22:25 - 000000000 ____D C:\Users\buttonB\Desktop\Computer PROBLEMS
2024-03-13 22:18 - 2024-03-13 22:18 - 000000000 ____D C:\Users\buttonB\Downloads\request_103760_essp_esetllc
2024-03-13 22:13 - 2024-03-13 22:13 - 000000000 ____D C:\Users\buttonB\AppData\Local\ESET
2024-03-13 21:55 - 2024-03-13 21:55 - 000157504 _____ C:\Users\buttonB\Documents\configuration.xml
2024-03-13 21:54 - 2024-03-13 21:54 - 005160571 _____ C:\Users\buttonB\Downloads\request_103760_essp_esetllc.zip
2024-03-13 21:49 - 2024-03-13 21:49 - 000000000 ____D C:\ProgramData\Norton
2024-03-13 16:48 - 2024-03-13 16:48 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-03-04 23:02 - 2024-03-04 23:02 - 000000000 ____D C:\Users\buttonB\AppData\Local\Backup
2024-03-04 22:36 - 2024-03-04 22:36 - 000020023 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-03-04 22:35 - 2024-03-04 22:35 - 000020023 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2024-02-27 16:59 - 2024-02-27 17:00 - 000000000 ___RD C:\Users\buttonB\Desktop\Downloads2272024

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-27 00:20 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SystemTemp
2024-03-27 00:20 - 2022-05-06 22:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-03-27 00:15 - 2023-04-02 15:36 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-03-27 00:13 - 2023-03-24 15:16 - 000000000 ____D C:\Users\buttonB\AppData\Local\Packages
2024-03-27 00:13 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\AppReadiness
2024-03-26 12:19 - 2023-03-24 15:16 - 000000000 ____D C:\Users\buttonB\AppData\Local\D3DSCache
2024-03-26 12:04 - 2023-05-01 18:43 - 000000000 ____D C:\Program Files\VS Revo Group
2024-03-26 11:59 - 2022-10-26 08:44 - 000000000 ____D C:\Program Files\Intel
2024-03-26 11:59 - 2022-05-06 22:22 - 000000000 ____D C:\Windows\INF
2024-03-26 11:54 - 2023-05-08 08:05 - 000000000 ____D C:\Users\buttonB\AppData\Local\Google
2024-03-26 11:54 - 2023-05-08 08:05 - 000000000 ____D C:\Program Files (x86)\Google
2024-03-26 11:53 - 2023-06-15 17:13 - 000001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2024-03-26 11:53 - 2023-06-02 17:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2024-03-26 11:49 - 2022-10-26 07:53 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-03-25 09:18 - 2022-05-06 22:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-03-22 21:46 - 2022-10-26 07:59 - 000803640 _____ C:\Windows\system32\PerfStringBackup.INI
2024-03-22 21:42 - 2023-06-06 21:47 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-03-22 21:42 - 2022-10-26 07:53 - 000012288 ___SH C:\DumpStack.log.tmp
2024-03-22 21:42 - 2022-10-26 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-03-22 21:42 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\ServiceState
2024-03-22 21:42 - 2022-05-06 22:17 - 001048576 _____ C:\Windows\system32\config\BBI
2024-03-22 15:09 - 2023-12-11 10:10 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-332997564-2752265082-2101897690-1002
2024-03-22 15:09 - 2023-06-05 18:51 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-332997564-2752265082-2101897690-1001
2024-03-22 15:09 - 2023-06-05 18:51 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-03-22 15:09 - 2023-06-05 18:51 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-03-18 18:39 - 2023-06-05 18:38 - 000000000 ____D C:\Program Files\Microsoft Office
2024-03-18 18:39 - 2022-05-06 22:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-03-16 15:14 - 2023-10-31 14:40 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2024-03-15 23:55 - 2022-05-06 22:17 - 000000000 ____D C:\Windows\CbsTemp
2024-03-15 23:51 - 2022-05-06 22:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-03-15 23:26 - 2022-05-06 22:24 - 000000000 ___RD C:\Windows\PrintDialog
2024-03-15 23:16 - 2023-04-02 15:36 - 000000000 ____D C:\Users\buttonB\AppData\Roaming\Mozilla
2024-03-15 23:13 - 2022-10-26 07:53 - 000493944 _____ C:\Windows\system32\FNTCACHE.DAT
2024-03-15 23:11 - 2022-10-26 07:54 - 000000000 ____D C:\ProgramData\Packages
2024-03-15 23:07 - 2023-05-29 22:39 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2024-03-15 23:05 - 2023-05-29 22:43 - 000803640 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2024-03-15 22:27 - 2024-02-14 00:31 - 000000557 _____ C:\Users\buttonB\Desktop\JRT.txt
2024-03-15 22:16 - 2024-01-29 12:44 - 000004290 _____ C:\Users\buttonB\Desktop\Rkill.txt
2024-03-15 22:16 - 2022-05-06 22:24 - 000000852 _____ C:\Windows\system32\Drivers\etc\hosts_bak_773
2024-03-15 21:42 - 2023-12-11 10:08 - 000000000 ____D C:\Users\Bunnun\AppData\Local\Packages
2024-03-15 21:15 - 2022-10-26 07:54 - 000001623 _____ C:\Windows\system32\config\VSMIDK
2024-03-15 13:17 - 2023-12-11 10:08 - 000000000 ____D C:\Users\Bunnun\AppData\Local\D3DSCache
2024-03-15 12:36 - 2022-05-06 22:24 - 000000852 _____ C:\Windows\system32\Drivers\etc\hosts_bak_605
2024-03-15 12:19 - 2022-10-26 08:44 - 000000000 ____D C:\ProgramData\Package Cache
2024-03-15 12:16 - 2022-10-26 08:58 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2024-03-15 12:16 - 2022-10-26 08:58 - 000000000 ____D C:\Program Files (x86)\LG Software
2024-03-15 11:51 - 2022-05-06 22:24 - 000000000 ___HD C:\Windows\ELAMBKUP
2024-03-15 11:49 - 2022-10-26 08:49 - 000000000 ____D C:\Program Files (x86)\Intel
2024-03-15 11:43 - 2023-09-07 20:18 - 000000000 ____D C:\Program Files\dotnet
2024-03-15 10:56 - 2023-12-11 10:10 - 000000000 ____D C:\Users\Bunnun\AppData\Local\PlaceholderTileLogoFolder
2024-03-15 10:26 - 2023-12-11 10:08 - 000000000 ____D C:\Users\Bunnun\AppData\LocalLow\Intel
2024-03-13 22:11 - 2023-06-02 19:37 - 000000000 ____D C:\Program Files\ESET
2024-03-13 20:53 - 2022-05-06 22:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-03-13 20:37 - 2023-09-26 15:42 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2024-03-13 20:37 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SysWOW64\Dism
2024-03-13 20:37 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SystemResources
2024-03-13 20:37 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\bcastdvr
2024-03-13 20:37 - 2022-05-06 22:17 - 000000000 ____D C:\Windows\servicing
2024-03-13 20:13 - 2022-10-26 07:56 - 003213824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-03-13 20:11 - 2023-03-24 16:06 - 000000000 ____D C:\Windows\system32\MRT
2024-03-13 20:07 - 2023-03-24 16:05 - 190470136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2024-03-13 20:04 - 2023-05-10 21:44 - 000000000 ____D C:\Users\buttonB\AppData\Roaming\com.adobe.dunamis
2024-03-13 16:52 - 2022-10-26 07:53 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-03-13 16:41 - 2023-03-24 15:15 - 000000000 ____D C:\Users\buttonB
2024-03-04 22:49 - 2023-09-12 19:49 - 000001426 _____ C:\Windows\system32\default_error_stack-000000-000000.txt
2024-03-04 22:49 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\oobe
2024-03-04 22:49 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\appraiser
2024-03-04 22:49 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\ShellExperiences
2024-03-04 22:49 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\ShellComponents
2024-02-27 21:51 - 2023-04-04 13:44 - 000000000 ____D C:\Users\buttonB\AppData\Roaming\Microsoft\Word
2024-02-27 09:56 - 2023-09-07 17:53 - 000003834 _____ C:\Windows\system32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


#4 FluffyPup

FluffyPup
  • Topic Starter

  • Avatar image
  • Members
  • 236 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:05:24 AM

Posted 27 March 2024 - 02:34 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25.03.2024
Ran by buttonB (27-03-2024 00:21:33)
Running from C:\Users\buttonB\Desktop\BC03272024
Microsoft Windows 11 Home Version 23H2 22631.3296 (X64) (2023-01-03 20:05:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-332997564-2752265082-2101897690-500 - Administrator - Disabled)
Bunnun (S-1-5-21-332997564-2752265082-2101897690-1002 - Limited - Enabled) => C:\Users\Bunnun
buttonB (S-1-5-21-332997564-2752265082-2101897690-1001 - Administrator - Enabled) => C:\Users\buttonB
DefaultAccount (S-1-5-21-332997564-2752265082-2101897690-503 - Limited - Disabled)
Guest (S-1-5-21-332997564-2752265082-2101897690-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-332997564-2752265082-2101897690-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {DF8BEACB-94C9-218A-73AD-A78362A8C516}
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Disabled - Out of date) {26E0861C-6FB9-CEF9-E4F0-531986211ACE}
FW: ESET Firewall (Enabled) {E7B06BEE-DEA6-20D2-58F2-0EB69C7B826D}
FW: ESET Firewall (Enabled) {1EDB0739-25D6-CFA1-CFAF-FA2C78F25DB5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Discord (HKU\S-1-5-21-332997564-2752265082-2101897690-1001\...\Discord) (Version: 1.0.9013 - Discord Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{B8AD0F0B-6ED6-4121-9ABF-592203F4C43C}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel Software Package (HKLM-x32\...\{9b6c818c-5856-4d95-9b82-9bebce4a6ba3}) (Version: 1.0.10900.26658 - Intel) Hidden
Intel Software Package (HKLM-x32\...\{9ecc05df-d595-4ef0-90b5-790af065f75d}) (Version: 1.0.10900.26658 - Intel) Hidden
Intel® Chipset Device Software (HKLM\...\{BB1E910B-7D2D-4FC8-A87C-5A53CAC2D5A8}) (Version: 10.1.19159.8331 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{a8ed3a4b-8ec2-4b7d-b0f6-0f4db00ea2ce}) (Version: 10.1.19159.8331 - Intel® Corporation)
Intel® Computing Improvement Program (HKLM\...\{15E71D2B-4046-4B9D-A8BB-EBFC5CC12D86}) (Version: 2.4.10717 - Intel Corporation)
Intel® Dynamic Tuning Technology (HKLM-x32\...\{DDD0E7BA-1023-44F1-B2E0-2297B9ED42B5}) (Version: 9.0.10900.26658 - Intel Corporation)
Intel® HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 2.2.1.386 - Intel Corporation)
Intel® Innovation Platform Framework (HKLM-x32\...\{1F2F557C-7559-4376-9347-1C6ACFAD35C2}) (Version: 1.0.10900.26658 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2225.3.9.0 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{6EE6F343-0BD5-4F43-BFB4-A04D8B1FE8CB}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{3224ECD1-BFF4-4DEF-ABE9-B244881A871A}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.2212.4 - Intel Corporation)
Intel® Serial IO (HKLM\...\{FF99FB1C-B0BD-4CBC-A962-A3BBC576CDFD}) (Version: 30.100.2212.4 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000010-0230-1033-84C8-B8D95FA3C8C3}) (Version: 23.10.0.2 - Intel Corporation)
Intel® Arc™ Control (HKLM\...\{AFFBB7E9-51F0-4A68-B6B6-DB7B13E5E372}) (Version: 1.74.5391.3 - Intel Corporation) Hidden
Intel® Arc™ Control (HKLM-x32\...\{29da1471-6d4a-4198-af44-b83f9ba62651}) (Version: 1.74.5391.3 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{ecbee3cf-26b3-4f27-854c-e2e16b3f7fa9}) (Version: 23.4.39.9 - Intel)
Intel® Integrated Sensor Solution (HKLM-x32\...\{e2adfc7e-c7d4-4b6a-bc85-167c0a9a59d2}) (Version: 3.10.100.4572 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{acc5d32f-fbf7-4d75-8943-2f70e698123d}) (Version: 23.20.0.4 - Intel Corporation) Hidden
ISS_Drivers_x64 (HKLM\...\{3778C22D-30D2-4419-AB45-EDB251772C33}) (Version: 3.10.100.4572 - Intel Corporation) Hidden
LG Device Manager (HKLM-x32\...\{29B3EDEF-C8F6-408E-AE67-53AF1B143032}) (Version: 1.0.2207.801 - LG Electronics Inc.)
LG On Screen Display 3 (HKLM-x32\...\{CDF8BA0D-9707-4F6B-A7A8-D9F536EF49B0}) (Version: 1.0.2207.801 - LG Electronics Inc.)
LG PC Manuals (HKLM-x32\...\LG PC Manuals) (Version: 1.0.2209.2701 - LG Electronics Inc.)
LG Pen Settings Service (HKLM\...\ISD Tablet Driver) (Version: 7.7.1.111 - Wacom Technology Corp.)
LG Quick Guide (HKLM-x32\...\{2B169899-99D0-44FA-ABB0-62F50D83131D}) (Version: 1.0.2308.3101 - LG Electronics Inc.)
LG Smart Assistant (HKLM-x32\...\{76FB8ACE-FFF7-4ED8-BDFD-168DF15C26CC}) (Version: 1.0.2210.401 - LG Electronics Inc.)
LG Update (HKLM-x32\...\{E7E96A93-DD9B-43C7-AB26-D8348F3143FC}) (Version: 1.0.2309.2701 - LG Electronics Inc.)
Malwarebytes version 5.1.1.106 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.1.106 - Malwarebytes)
Microsoft Office Professional Plus 2021 - en-us (HKLM\...\ProPlus2021Retail - en-us) (Version: 16.0.17328.20184 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.045.0303.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17328.20142 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17328.20108 - Microsoft Corporation) Hidden
PDF24 Creator 11.12.1 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 11.12.1 - PDF24.org)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9354.1 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
Revo Uninstaller Pro 5.2.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 5.2.6 - VS Revo Group, Ltd.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.14.0 - Tweaking.com)
Windows Driver Package - Mirametrix Inc (WUDFRd) Camera  (07/27/2022 18.0.0.0) (HKLM\...\72E70A16DE27C7893096117DD18A398F2C9A01D4) (Version: 07/27/2022 18.0.0.0 - Mirametrix Inc)

Packages:
=========

Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.25.1177.0_x64__22t9g3sebte08 [2024-03-15] (AMZN Mobile LLC.) [Startup Task]
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5390.0_x64__8j3eq9eme6ctt [2024-03-19] (INTEL CORP) [Startup Task]
AudioDirector for LGE -> C:\Program Files\WindowsApps\www.cyberlink.com.AudioDirectorforLGE_7.0.9105.0_x64__srrwvbh8chymt [2024-03-15] (www.cyberlink.com)
Bamboo Paper -> C:\Program Files\WindowsApps\D91E29CF.BambooPaper_2.3.8.0_x64__38kynpdw5g1aw [2024-03-15] (Wacom Europe GmbH)
ColorDirector for LGE -> C:\Program Files\WindowsApps\www.cyberlink.com.ColorDirectorforLGE_5.0.8107.0_x64__srrwvbh8chymt [2024-03-15] (www.cyberlink.com)
Dev Home -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1200.442.0_x64__8wekyb3d8bbwe [2024-03-22] (Microsoft Corporation)
DTS:X Ultra -> C:\Program Files\WindowsApps\DTSInc.DTSXUltra_1.13.2.0_x64__t5j2fzbtdg37r [2024-03-15] (DTS, Inc.)
ESET Context Menu -> C:\Program Files\ESET\ESET Security [2024-03-15] (Sparse Package)
Ink.Handwriting.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-US.1.0_0.237.110.0_x64__8wekyb3d8bbwe [2024-03-15] (Microsoft Corporation)
Ink.Handwriting.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-US.1.0_0.237.110.0_x86__8wekyb3d8bbwe [2024-03-15] (Microsoft Corporation)
Ink.Handwriting.Main.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.Main.en-US.1.0.1_0.237.110.0_x64__8wekyb3d8bbwe [2024-03-15] (Microsoft Corporation)
Intel® Connectivity Performance Suite -> C:\Program Files\WindowsApps\AppUp.IntelConnectivityPerformanceSuite_3.1023.1012.0_x64__8j3eq9eme6ctt [2024-03-15] (INTEL CORP) [Startup Task]
LG Glance by Mirametrix® -> C:\Program Files\WindowsApps\MirametrixInc.LGGlancebyMirametrix_9.38.4316.0_x64__17mer8kcn3j54 [2024-03-15] (Mirametrix Inc.) [Startup Task]
LG Pen Settings -> C:\Program Files\WindowsApps\WacomTechnologyCorp.LGPenSettings_7.7.89.0_neutral__ss941bf8mfs8a [2024-03-15] (Wacom Technology Corp.)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2402.13002.0_x64__8wekyb3d8bbwe [2024-03-15] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2024-03-15] (Microsoft Corp.)
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-03-15] (Microsoft Corporation)
MicrosoftWindows.Client.FileExp -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-03-15] (Microsoft Corporation)
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24022.88.0_x64__cw5n1h2txyewy [2024-03-22] (Microsoft Windows) [Startup Task]
Mozilla Firefox -> C:\Program Files\WindowsApps\Mozilla.Firefox_123.0.1.0_x64__n80bbvh6b1yt2 [2024-03-15] (Mozilla)
PhotoDirector for LGE -> C:\Program Files\WindowsApps\www.cyberlink.com.PhotoDirectorforLGE_8.0.3022.0_x64__srrwvbh8chymt [2024-03-15] (www.cyberlink.com)
Power Media Player for LGE -> C:\Program Files\WindowsApps\www.cyberlink.com.PowerMediaPlayerforLGE_14.1.7917.0_x86__srrwvbh8chymt [2024-03-15] (www.cyberlink.com)
PowerDirector for LGE -> C:\Program Files\WindowsApps\www.cyberlink.com.PowerDirectorforLGE_14.0.4202.0_x64__srrwvbh8chymt [2024-03-15] (www.cyberlink.com)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.47.309.0_x64__dt26b99r8h8gj [2024-03-15] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1039.0_x64__zpdnekdrzrea0 [2024-03-16] (Spotify AB) [Startup Task]
Wacom Notes -> C:\Program Files\WindowsApps\D91E29CF.WacomNotes_1.10.30.0_x64__38kynpdw5g1aw [2024-03-15] (Wacom Europe GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.045.0303.0003\FileSyncShell64.dll [2024-03-22] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.045.0303.0003\FileSyncShell64.dll [2024-03-22] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.045.0303.0003\FileSyncShell64.dll [2024-03-22] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.045.0303.0003\FileSyncShell64.dll [2024-03-22] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.045.0303.0003\FileSyncShell64.dll [2024-03-22] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.045.0303.0003\FileSyncShell64.dll [2024-03-22] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.045.0303.0003\FileSyncShell64.dll [2024-03-22] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.045.0303.0003\FileSyncShell64.dll [2024-03-22] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.045.0303.0003\FileSyncShell64.dll [2024-03-22] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.045.0303.0003\FileSyncShell64.dll [2024-03-22] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.045.0303.0003\FileSyncShell64.dll [2024-03-22] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.045.0303.0003\FileSyncShell64.dll [2024-03-22] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.045.0303.0003\FileSyncShell64.dll [2024-03-22] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.045.0303.0003\FileSyncShell64.dll [2024-03-22] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.045.0303.0003\FileSyncShell64.dll [2024-03-22] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-03-15] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.045.0303.0003\FileSyncShell64.dll [2024-03-22] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.045.0303.0003\FileSyncShell64.dll [2024-03-22] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-03-15] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2022-04-04] (VS Revo Group Ltd. -> VS Revo Group)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2024-01-05 18:19 - 2024-01-05 18:19 - 001626624 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dll
2024-01-05 18:19 - 2024-01-05 18:19 - 002973696 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\buttonB\Downloads\ChromeSetup.exe:MBAM.Zone.Identifier [406]
AlternateDataStreams: C:\Users\buttonB\Downloads\revosetup.exe:MBAM.Zone.Identifier [141]
AlternateDataStreams: C:\Users\buttonB\Downloads\RevoUninProSetup.exe:MBAM.Zone.Identifier [148]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-332997564-2752265082-2101897690-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lg.com
HKU\S-1-5-21-332997564-2752265082-2101897690-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lg.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {6949496C-4974-4946-B3D6-2240BA5585D4} URL =
BHO: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\BHO\ie_to_edge_bho_64.dll => No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-03-13] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-03-13] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-03-13] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-03-13] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-06 22:24 - 2024-03-15 23:07 - 000000855 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1       localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-332997564-2752265082-2101897690-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\buttonB\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-332997564-2752265082-2101897690-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\LG\LG_WallPaper1.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-332997564-2752265082-2101897690-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-332997564-2752265082-2101897690-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_BA0F089C8D8F331B1757CC133895E491"
HKU\S-1-5-21-332997564-2752265082-2101897690-1001\...\StartupApproved\Run: => "A4PCSetup"
HKU\S-1-5-21-332997564-2752265082-2101897690-1001\...\StartupApproved\Run: => "Delete Cached Standalone Update Binary"
HKU\S-1-5-21-332997564-2752265082-2101897690-1001\...\StartupApproved\Run: => "Delete Cached Update Binary"
HKU\S-1-5-21-332997564-2752265082-2101897690-1001\...\StartupApproved\Run: => "Uninstall 23.054.0313.0001"
HKU\S-1-5-21-332997564-2752265082-2101897690-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_B5B535DA4A55F5AEE85A6C9113CA0F26"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CBAB8411-096F-4140-A89C-9D7C9F7EEC98}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

04-03-2024 13:15:24 Windows Update
08-03-2024 15:35:54 Windows Update
13-03-2024 19:52:56 Microsoft ASP.NET Core 7.0.17 - Shared Framework (x64)
15-03-2024 10:12:07 Revo Uninstaller's restore point - Mozilla Firefox (x64 en-US)
15-03-2024 10:13:10 Revo Uninstaller's restore point - Google Chrome
15-03-2024 10:14:34 Revo Uninstaller's restore point - GoToMeeting 10.19.0.19950
15-03-2024 11:40:18 Revo Uninstaller's restore point - Microsoft .NET Host - 7.0.17 (x64)
15-03-2024 11:41:12 Revo Uninstaller's restore point - Malwarebytes version 5.1.0.102
15-03-2024 11:42:59 Revo Uninstaller's restore point - Microsoft Windows Desktop Runtime - 7.0.17 (x64)
15-03-2024 11:49:21 Removed Intel Driver && Support Assistant
15-03-2024 12:15:49 Revo Uninstaller's restore point - Sync On Mobile
15-03-2024 12:39:49 JRT Pre-Junkware Removal
15-03-2024 21:19:13 JRT Pre-Junkware Removal
15-03-2024 21:46:31 Tweaking.com - Windows Repair 2021
19-03-2024 11:33:09 Windows Update
19-03-2024 11:33:09 Windows Update
22-03-2024 15:03:53 Windows Update
26-03-2024 11:54:30 Revo Uninstaller's restore point - Microsoft Edge WebView2 Runtime

==================== Faulty Device Manager Devices ============

Name: Mirametrix Virtual Camera
Description: Mirametrix Virtual Camera
Class Guid: {ca3e7ab9-b4c3-4ae6-8251-579ef933890f}
Manufacturer: (Standard system devices)
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (03/27/2024 12:18:56 AM) (Source: Application Error) (EventID: 1000) (User: BUTTON)
Description: Faulting application name: Widgets.exe, version: 424.1301.2770.0, time stamp: 0x65dfe021
Faulting module name: Widgets.exe, version: 424.1301.2770.0, time stamp: 0x65dfe021
Exception code: 0xc0000409
Fault offset: 0x00000000001625db
Faulting process id: 0x0x23d8
Faulting application start time: 0x0x1da8017073cc8d8
Faulting application path: C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.270.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
Faulting module path: C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.270.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
Report Id: 1a2e5e6f-0533-4c0f-83cc-4a031b686cb7
Faulting package full name: MicrosoftWindows.Client.WebExperience_424.1301.270.0_x64__cw5n1h2txyewy
Faulting package-relative application ID: Widgets

Error: (03/27/2024 12:18:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\msedgewebview2.exe".
Dependent Assembly 122.0.2365.92,language="&#x2a;",type="win32",version="122.0.2365.92" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/27/2024 12:18:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\msedgewebview2.exe".
Dependent Assembly 122.0.2365.92,language="&#x2a;",type="win32",version="122.0.2365.92" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/27/2024 12:17:54 AM) (Source: Application Error) (EventID: 1000) (User: BUTTON)
Description: Faulting application name: Widgets.exe, version: 424.1301.2770.0, time stamp: 0x65dfe021
Faulting module name: Widgets.exe, version: 424.1301.2770.0, time stamp: 0x65dfe021
Exception code: 0xc0000409
Fault offset: 0x00000000001625db
Faulting process id: 0x0x3d70
Faulting application start time: 0x0x1da801652e3bafe
Faulting application path: C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.270.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
Faulting module path: C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.270.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
Report Id: 8124c189-760e-4339-a417-895d1e90736c
Faulting package full name: MicrosoftWindows.Client.WebExperience_424.1301.270.0_x64__cw5n1h2txyewy
Faulting package-relative application ID: Widgets

Error: (03/27/2024 12:17:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\msedgewebview2.exe".
Dependent Assembly 122.0.2365.92,language="&#x2a;",type="win32",version="122.0.2365.92" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/27/2024 12:17:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\msedgewebview2.exe".
Dependent Assembly 122.0.2365.92,language="&#x2a;",type="win32",version="122.0.2365.92" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/27/2024 12:13:49 AM) (Source: Service1) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.NullReferenceException: Object reference not set to an instance of an object.
   at PlatformManager.Service1.OnPowerEvent(PowerBroadcastStatus powerStatus)
   at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).

Error: (03/26/2024 11:54:29 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d6c34f3e-fb24-4c19-8db8-60c5ff44e4b5}


System errors:
=============
Error: (03/27/2024 12:19:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/27/2024 12:19:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Browser service to connect.

Error: (03/27/2024 12:19:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/27/2024 12:19:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Browser service to connect.

Error: (03/27/2024 12:15:20 AM) (Source: DCOM) (EventID: 10010) (User: BUTTON)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (03/27/2024 12:13:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/27/2024 12:13:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Browser service to connect.

Error: (03/27/2024 12:13:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Browser service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Windows Defender:
================
Date: 2024-03-15 11:49:49
Description:
Controlled Folder Access blocked C:\Windows\System32\SrTasks.exe from making changes to memory.
Detection time: 2024-03-15T18:49:49.392Z
Path: \Device\HarddiskVolumeShadowCopy11
Process Name: C:\Windows\System32\SrTasks.exe
Security intelligence Version: 1.407.451.0
Engine Version: 1.1.24020.9
Product Version: 4.18.24020.7
 

Date: 2024-03-15 11:49:34
Description:
Controlled Folder Access blocked C:\Windows\System32\msiexec.exe from making changes to memory.
Detection time: 2024-03-15T18:49:34.227Z
Path: \Device\HarddiskVolume3
Process Name: C:\Windows\System32\msiexec.exe
Security intelligence Version: 1.407.451.0
Engine Version: 1.1.24020.9
Product Version: 4.18.24020.7
 

Date: 2024-03-13 19:53:57
Description:
Controlled Folder Access blocked C:\Windows\System32\svchost.exe from making changes to memory.
Detection time: 2024-03-14T02:53:57.099Z
Path: \Device\HarddiskVolume3
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: 1.407.407.0
Engine Version: 1.1.24020.9
Product Version: 4.18.24020.7
 

Date: 2024-03-13 17:11:24
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-06-01 12:06:09
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]

Date: 2024-03-15 21:52:27
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2024-03-15 20:49:29
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2024-03-14 00:15:21
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2024-03-13 22:21:11
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2024-02-22 21:40:39
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===============
Date: 2024-03-27 00:20:20
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2024-03-27 00:20:08
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2024-03-27 00:19:59
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. GP126 08/08/2022
Motherboard: LG Electronics 16T90Q
Processor: 12th Gen Intel® Core™ i7-1260P
Percentage of memory in use: 44%
Total physical RAM: 16125.01 MB
Available physical RAM: 8961.41 MB
Total Virtual: 32509.01 MB
Available Virtual: 24578 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:475.67 GB) (Free:352.14 GB) (Model: SAMSUNG MZVL2512HCJQ-00B00) NTFS

\\?\Volume{312dedad-ced3-468d-9b85-3df14f3000ff}\ (WinRE) (Fixed) (Total:1 GB) (Free:0.38 GB) NTFS
\\?\Volume{48234d34-05c3-4a14-9a40-6d97cc84461e}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 35F70A74)

Partition: GPT.

==================== End of Addition.txt =======================


#5 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,410 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:03:24 AM

Posted 27 March 2024 - 10:39 AM

Let's start with this.

Do you use Widgets?

===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
zip: C:\Users\buttonB\Documents\configuration.xml
SearchScopes: HKLM-x32 -> DefaultScope {6949496C-4974-4946-B3D6-2240BA5585D4} URL =
S3 Browser; %SystemRoot%\System32\browser.dll [X] 
S4 IDBWM; %SystemRoot%\System32\drivers\Intel\ICPS\IDBWMService.exe [X] 
S4 Intel Analytics Service; %SystemRoot%\System32\drivers\Intel\ICPS\IntelAnalyticsService.exe [X] 
S4 Intel Connectivity Network Service; %SystemRoot%\System32\drivers\Intel\ICPS\IntelConnectivityNetworkService.exe [X] 
S4 Intel Provider Data Helper Service; %SystemRoot%\System32\drivers\Intel\ICPS\IntelProviderDataHelperService.exe [X] 
S4 IntelConnectService; %SystemRoot%\System32\drivers\Intel\ICPS\IntelConnectService.exe [X] 
R4 INTCCoSvc; \SystemRoot\System32\drivers\Intel\ICPS\IntcCo11X64.sys [X] 
S3 IOx64v69; \??\C:\Windows\LGPS\install\2022-03-07_083038\IOx64v69 [X] 
HKU\S-1-5-21-332997564-2752265082-2101897690-1002\...\Run: [MicrosoftEdgeAutoLaunch_B5B535DA4A55F5AEE85A6C9113CA0F26] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start (No File) 
Task: {186B7BE1-3D1E-4F94-9D23-500ED86764C3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe  --automatic (No File) 
Task: {F7E9A72F-8A6A-444E-A9F0-AD8FF557197F} - System32\Tasks\LGPCCareWin32 => C:\Program Files (x86)\LG Software\LG PC Care\LG PC Care.exe  /hide (No File) 
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File) 
Task: {07E06A61-FB1A-4CC2-B34F-7B8A4FFD5D14} - System32\Tasks\RNIdle Task => C:\Windows\System32\drivers\Intel\ICPS\RNIdleTask.exe  (No File) 
Winsock: Catalog9 17 %windir%\system32\vsocklib.dll => No File 
Winsock: Catalog9 18 %windir%\system32\vsocklib.dll => No File 
Winsock: Catalog9-x64 17 %windir%\system32\vsocklib.dll => No File 
Winsock: Catalog9-x64 18 %windir%\system32\vsocklib.dll => No File 
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File 
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File 
BHO: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\BHO\ie_to_edge_bho_64.dll => No File 
HKU\S-1-5-21-332997564-2752265082-2101897690-1002\...\Run: [MicrosoftEdgeAutoLaunch_B5B535DA4A55F5AEE85A6C9113CA0F26] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start (No File) 
Task: {186B7BE1-3D1E-4F94-9D23-500ED86764C3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe  --automatic (No File) 
Task: {F7E9A72F-8A6A-444E-A9F0-AD8FF557197F} - System32\Tasks\LGPCCareWin32 => C:\Program Files (x86)\LG Software\LG PC Care\LG PC Care.exe  /hide (No File) 
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File) 
Task: {07E06A61-FB1A-4CC2-B34F-7B8A4FFD5D14} - System32\Tasks\RNIdle Task => C:\Windows\System32\drivers\Intel\ICPS\RNIdleTask.exe  (No File) 
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION 
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
C:\Firewall.reg
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
Emptytemp:
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
  • Note: The Emptytemp: command will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
  • The tool will create a zipped folder on the Desktop with today's date, example: 07.30.2023_13.24.50.zip. Please upload the file here.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Use Widgets?
  • Fixlog
  • Uploaded file

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#6 FluffyPup

FluffyPup
  • Topic Starter

  • Avatar image
  • Members
  • 236 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:05:24 AM

Posted 27 March 2024 - 01:27 PM

Widgets? Nope, unless you include the calculator. Don't touch my calculator, lol

 

Note: It was difficult to get this posted. I had to restart my computer 4 times. Ads kept popping up every where. I had to install an ad blocker. It was impossible to get to this page without it. Once I got here, it wouldn't let me post. I went around and around in circles with changing my password and re-verifying. Finally, I changed my email address. That seemed to allow me to get through to allow a post.

 

My computer is over heating majorly. An evo is not suppose to be able to over heat. I was told it is suppose to be part of the specs to qualify to be called an evo. I haven't had it on any longer than to run this fix and then to try to upload the info to you.

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 25.03.2024
Ran by buttonB (27-03-2024 10:23:13) Run:1
Running from C:\Users\buttonB\Desktop\BC03272024
Loaded Profiles: buttonB & Bunnun
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
zip: C:\Users\buttonB\Documents\configuration.xml
SearchScopes: HKLM-x32 -> DefaultScope {6949496C-4974-4946-B3D6-2240BA5585D4} URL =
S3 Browser; %SystemRoot%\System32\browser.dll [X]
S4 IDBWM; %SystemRoot%\System32\drivers\Intel\ICPS\IDBWMService.exe [X]
S4 Intel Analytics Service; %SystemRoot%\System32\drivers\Intel\ICPS\IntelAnalyticsService.exe [X]
S4 Intel Connectivity Network Service; %SystemRoot%\System32\drivers\Intel\ICPS\IntelConnectivityNetworkService.exe [X]
S4 Intel Provider Data Helper Service; %SystemRoot%\System32\drivers\Intel\ICPS\IntelProviderDataHelperService.exe [X]
S4 IntelConnectService; %SystemRoot%\System32\drivers\Intel\ICPS\IntelConnectService.exe [X]
R4 INTCCoSvc; \SystemRoot\System32\drivers\Intel\ICPS\IntcCo11X64.sys [X]
S3 IOx64v69; \??\C:\Windows\LGPS\install\2022-03-07_083038\IOx64v69 [X]
HKU\S-1-5-21-332997564-2752265082-2101897690-1002\...\Run: [MicrosoftEdgeAutoLaunch_B5B535DA4A55F5AEE85A6C9113CA0F26] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start (No File)
Task: {186B7BE1-3D1E-4F94-9D23-500ED86764C3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe  --automatic (No File)
Task: {F7E9A72F-8A6A-444E-A9F0-AD8FF557197F} - System32\Tasks\LGPCCareWin32 => C:\Program Files (x86)\LG Software\LG PC Care\LG PC Care.exe  /hide (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {07E06A61-FB1A-4CC2-B34F-7B8A4FFD5D14} - System32\Tasks\RNIdle Task => C:\Windows\System32\drivers\Intel\ICPS\RNIdleTask.exe  (No File)
Winsock: Catalog9 17 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 18 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 17 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 18 %windir%\system32\vsocklib.dll => No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
BHO: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\BHO\ie_to_edge_bho_64.dll => No File
HKU\S-1-5-21-332997564-2752265082-2101897690-1002\...\Run: [MicrosoftEdgeAutoLaunch_B5B535DA4A55F5AEE85A6C9113CA0F26] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start (No File)
Task: {186B7BE1-3D1E-4F94-9D23-500ED86764C3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe  --automatic (No File)
Task: {F7E9A72F-8A6A-444E-A9F0-AD8FF557197F} - System32\Tasks\LGPCCareWin32 => C:\Program Files (x86)\LG Software\LG PC Care\LG PC Care.exe  /hide (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {07E06A61-FB1A-4CC2-B34F-7B8A4FFD5D14} - System32\Tasks\RNIdle Task => C:\Windows\System32\drivers\Intel\ICPS\RNIdleTask.exe  (No File)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
C:\Firewall.reg
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
Emptytemp:
End::
*****************

HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore => removed successfully
SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.
================== Zip: ===================
C:\Users\buttonB\Documents\configuration.xml -> copied successfully to C:\Users\buttonB\Desktop\27.03.2024_10.23.24.zip
=========== Zip: End ===========
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\System\CurrentControlSet\Services\Browser => removed successfully
Browser => service removed successfully
IDBWM => service not found.
Intel Analytics Service => service not found.
Intel Connectivity Network Service => service not found.
Intel Provider Data Helper Service => service not found.
IntelConnectService => service not found.
INTCCoSvc => service not found.
HKLM\System\CurrentControlSet\Services\IOx64v69 => removed successfully
IOx64v69 => service removed successfully
"HKU\S-1-5-21-332997564-2752265082-2101897690-1002\Software\Microsoft\Windows\CurrentVersion\Run\\MicrosoftEdgeAutoLaunch_B5B535DA4A55F5AEE85A6C9113CA0F26" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{186B7BE1-3D1E-4F94-9D23-500ED86764C3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{186B7BE1-3D1E-4F94-9D23-500ED86764C3}" => removed successfully
C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F7E9A72F-8A6A-444E-A9F0-AD8FF557197F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7E9A72F-8A6A-444E-A9F0-AD8FF557197F}" => removed successfully
C:\Windows\System32\Tasks\LGPCCareWin32 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LGPCCareWin32" => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07E06A61-FB1A-4CC2-B34F-7B8A4FFD5D14}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07E06A61-FB1A-4CC2-B34F-7B8A4FFD5D14}" => removed successfully
C:\Windows\System32\Tasks\RNIdle Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RNIdle Task" => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000017 => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000018 => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} => removed successfully
HKLM\Software\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} => removed successfully
"HKU\S-1-5-21-332997564-2752265082-2101897690-1002\Software\Microsoft\Windows\CurrentVersion\Run\\MicrosoftEdgeAutoLaunch_B5B535DA4A55F5AEE85A6C9113CA0F26" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{186B7BE1-3D1E-4F94-9D23-500ED86764C3}" => not found
"C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7E9A72F-8A6A-444E-A9F0-AD8FF557197F}" => not found
"C:\Windows\System32\Tasks\LGPCCareWin32" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LGPCCareWin32" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07E06A61-FB1A-4CC2-B34F-7B8A4FFD5D14}" => not found
"C:\Windows\System32\Tasks\RNIdle Task" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RNIdle Task" => not found
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => removed successfully

========= netsh winsock reset catalog =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.



========= End of CMD: =========


========= netsh int ip reset resetlog.txt =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.



========= End of CMD: =========


========= reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg =========

The operation completed successfully.


========= End of Reg: =========

C:\Firewall.reg => moved successfully

========= netsh advfirewall reset =========

Ok.



========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.



========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.

{7C7BE5D1-CCAD-4193-B98E-1B38DA61AC36} canceled.
{EAE5E8EC-0641-4245-910B-8069C4D43C2D} canceled.
2 out of 2 jobs canceled.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKU\S-1-5-21-332997564-2752265082-2101897690-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-332997564-2752265082-2101897690-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-332997564-2752265082-2101897690-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-332997564-2752265082-2101897690-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-332997564-2752265082-2101897690-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= sfc /scannow =========


Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.

Verification 0% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.


========= End of CMD: =========


========= DISM /Online /Cleanup-Image /CheckHealth =========


Deployment Image Servicing and Management tool
Version: 10.0.22621.2792

Image Version: 10.0.22631.3296

No component store corruption detected.
The operation completed successfully.


========= End of CMD: =========


=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9502428 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 60645212 B
Windows/system/drivers => 2341570 B
Edge => 0 B
Firefox => 230486986 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 127306981 B
systemprofile32 => 127306981 B
LocalService => 127337495 B
NetworkService => 127339835 B
buttonB => 133752970 B
Bunnun => 165113834 B

RecycleBin => 1397363890 B
EmptyTemp: => 2.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:25:12 ====

 

 

 


#7 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,410 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:03:24 AM

Posted 27 March 2024 - 03:41 PM

Greetings.
 

Default browser not detected!

Are you using Chrome when the pop ups appear and do you intend it to be your default browser?

What are you noticing regarding the temperature? Physically hot, temperature monitoring readout, constant fan noise, etc.?
 

Revo Uninstaller 2.4.5
Revo Uninstaller Pro 5.2.6

Your log indicates you have 2 versions of Revo installed. Please attempt to uninstall both of those. If successful, I would like you to install Revo Portable for now. If all of that is successful uninstall ESET.

===================================================

Uninstalling Programs Using Revo Uninstaller Free Portable

--------------------
  • Download Revo Uninstaller Free Portable and save it to your Desktop
  • Right click on the folder and select Extract All..., then click Extract
  • Double click on the RevoUninstaller-Portable folder
  • Right click on RevoUPort and select Run as administrator
  • Click OK on the License Agreement
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
ESET
  • If the program's uninstaller appears work through the steps to remove the program(s)
  • Be sure the Advanced option is selected then click Scan
  • For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion
  • Once done click Finish
  • Reboot your computer
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Which browser?
  • Overheating signs?
  • Revo results?

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#8 FluffyPup

FluffyPup
  • Topic Starter

  • Avatar image
  • Members
  • 236 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:05:24 AM

Posted 27 March 2024 - 11:15 PM

Installed Revo portable

Got rid of the other Revo versions

 

No ESET shows up in Revo

No ESET in Microsoft add/remove programs either

However, ESET is in my task bar and system tray.

 

Browser, I use Firefox. It is not set as my default but it is the only one installed. The advertising issue occurred with same browser, Firefox. I added that ABP Adblocker Plus. If you have any ideas I would like to hear them.

 

Overheating, this is a 17 in evo laptop. It only weight about a pound and a half. The back of the computer heated up physically hot enough I could no longer have it on my leg. The fan was running faster than I have ever heard it. I could feel the heat coming through the keyboard. Currently, it is a little warm. Considering I have only been using the computer for about 20 min, warm and feeling warmth coming through the keyboard is wrong.

I can use this computer for 10 hours and have no over heating issues.

 

I don't know if this is related or if it is Microsoft messing around, the outlook account that I used to register this computer changed all by itself about a month ago. No idea why or how it happened. Now I am having issues when the computer asks for a security pin, i don't have it. I guess this random change also assigned a security pin that was not shared with me. It is an outlook account that is my cousin's. So I do have some access to the account. No issue there. But it was very odd.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,410 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:03:24 AM

Posted 28 March 2024 - 12:13 PM

Thank you for the information.

Please use the ESET Uninstaller Tool to clear out the program.

===================================================

Changing Default Browser0

--------------------
  • Click Start, type Default, and select Default Apps above
  • Under Set defaults for applications type the name of your preferred browser
  • Left click on the browser that will appear below that line
  • Near the upper right corner click Set default
  • Close the window
===================================================

Open Hardware Monitor

-------------------
  • Download Open Hardware Monitor and save it to your desktop
  • Unzip the folder onto your Desktop
  • Inside the OpenHardwareMonitor folder right click the OpenHardwareMonitor and select Run as administrator
  • Allow some time for the program to run
  • Monitor the CPU temperatures listed. The maximum temperature for that processor is 100 °C
  • Monitor the SSD temperature. SSD's general maximum temperature is 80 °C
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • ESET Uninstaller run?
  • Default browser set?
  • Temperature results

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#10 FluffyPup

FluffyPup
  • Topic Starter

  • Avatar image
  • Members
  • 236 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:05:24 AM

Posted 28 March 2024 - 04:13 PM

Default browser, in trying to get the default browser changed to Firefox, I accidentally hit pdf. It got switched to Adobe. With it came McAfee.  I didn't touch anything. I left it for you to do what you will with it. I prefer Adobe for pdf, McAfee can go.

 

I changed the default browser to Firefox in the Microsoft settings. When I look in the Firefox settings, it says it is not the default.

 

ESET; I tried to access the C: I got "access denied". I used Tweaking Tool box to start Safe Mode. From that Safe Mode, I ran to "safe mode" cmd that ESET wanted and it ran, restarted into Safe Mode with network. Fan kicked in heavy and the computer started heating up. I was able to run the ESET uninstall. I wasn't able to get out of Safe mode. I ran one repair in Tweaking toolbox, repair recycling bin with "restart computer". check. It took some time, but eventually the computer did restart to normal mode.

 

The entire time I was accessing ESET uninstall information my cell phone was pinging and dinging strangely. During the uninstall it was constant.  Now it is silent. No messages or system issues with the phone.

 

Temperature of the computer is now fine.

 

I'm concerned the issue may have migrated to the phone.

 

Onward.:)


#11 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,410 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:03:24 AM

Posted 28 March 2024 - 08:19 PM

I don't know that there is a connection with your phone but I won't be able to assist you with that. This Forum is limited to PC's.

Please run this.

===================================================

Farbar Recovery Scan Tool SearchAll

--------------------
  • Right click on FRST and select Run as administrator
  • Copy/paste the following in the Search: box
SearchAll: McAfee
  • Click Search Files button
  • When completed click OK and a Search.txt document will open on your desktop
  • Zip and upload the file here
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Uploaded zip file

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#12 FluffyPup

FluffyPup
  • Topic Starter

  • Avatar image
  • Members
  • 236 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:05:24 AM

Posted 28 March 2024 - 10:02 PM

I uploaded the zip file to you.

 

Thank you


#13 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,410 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:03:24 AM

Posted 29 March 2024 - 11:37 AM

Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
CreateRestorePoint:
CloseProcesses:
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~0288E6C0-B964-42C2-A018-8E649CA9024E~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~059AE5EB-C671-41FE-96AD-E722D22F19C8~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~0BC791D8-2948-49DE-A4CB-137009E75073~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~0C8F3E76-7B87-43AB-94C7-4EF457BA1698~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~0F4A4310-6D83-4A10-B919-DDAC80319075~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~10B66FB2-7A29-4F6E-AD28-D51481151D79~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~1146707D-94FD-4C47-979C-958344F7E2B9~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~12480D57-AD34-4B81-9CE6-F3A075EB7280~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~13260118-63C2-48D0-A3A2-F1DC15B49E1E~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~150A20BD-E713-43A7-B964-3FD922CDD1E4~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~17A468B8-88F0-4A4B-8E37-09314DDED8D1~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~17B1EAF9-4804-436F-82D6-8F7957B5AF20~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~1CC79314-0282-499A-B6A7-895DABE8BFF7~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~1D556203-8AD6-4009-8E7D-E5E18B715D96~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~233F5389-9E56-4957-BA28-D6E12EE24892~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~23400211-D0AD-43C6-B315-2882DBE8B124~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~24B9DE69-E3A8-4D29-8930-98C17615A020~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~26A86F9B-FE05-4A4F-8127-F9315E1AAA3A~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~2A56EFF5-A177-4C25-99A1-B01C94C4C7FE~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~2B95BF6D-8848-4847-9F6E-FAD44C81D8B7~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~2C308797-57F9-41CC-840D-046CBB8AFC91~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~2EA40822-BA48-46E8-953F-CCCBAC08E5D3~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~2EB7B188-E2B9-487F-97EA-09E7C9F817BC~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~2FB767C6-57FE-45EB-8013-EA17F6A6DB99~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~32DA54AE-D2BD-4C59-AAF1-D78A4B948D3C~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~36638961-787C-4515-ACD2-8F0BEE03842A~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~39C6185B-B6FC-487A-92F4-F7A298A2723D~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~3EAAB245-8D7A-4139-8E8A-975B0DCDE13F~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~41BD21E0-55B4-4525-975E-ECE3EF500125~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~45318F48-92E5-4D37-AE8C-544D31BFA46A~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~4780AF1E-C569-4B36-A1BC-6FEB05196A9A~amd64~~22.2.0.140.14.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~4BE00D35-3993-43C1-B4CA-2FBC09009A9C~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~5553F426-EF6D-4317-8E74-76D066D834FB~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~5B26A5C2-6523-4844-99F6-0FB6421667EB~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~5C92126D-3269-4315-8CBB-150B6F918136~amd64~~22.2.0.140.14.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~5D360132-4FFF-4F78-B06B-8E4892004AD5~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~5EFBDC15-7DBD-44CF-8216-D22002BC412A~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~60A588DA-3408-4BCC-992E-09F7B8598518~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~66B7F0BB-74C6-40DC-895C-977D7F93081D~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~6B455F3C-2BA7-450B-B8B5-5D6A8AB1C146~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~7177159B-A870-4BD3-9039-E7BC36D59E40~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~73A2DF07-9817-40E5-A846-1D58DAA89248~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~7AA831B6-46A9-41A7-BA44-406577D9BDD9~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~7BDCC222-6458-43D3-B8C7-E1544C7C800F~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~7F87077B-C0FC-4973-9E50-0256BBAF9474~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~80F19131-CAAE-49CA-AB0F-189C6666F5D8~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~815E8D2A-0FCA-4563-808E-CA054F409CDC~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~84865DCD-909F-460F-BFE0-B6AA952065FC~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~84A32577-08A8-4FA6-87F4-36F8B0D48BCD~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~86ABF7B3-725E-42C1-89FF-DBF129634DFE~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~8CCB5DEE-3094-4695-AF28-9E8E17A7B7E0~amd64~~22.2.0.140.14.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~8D832BBD-9BB1-4195-B75F-A5576115027D~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~906AAE7A-406A-499D-8DC6-9ECE495F3CEB~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~93103A70-CC5F-4BD3-80EC-746CF091C4F2~amd64~~22.2.0.140.14.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~9974E5F6-6437-4543-AC7F-E1DB66C4A471~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~A2DB0128-7EE8-4630-A0E7-FE4877D75D97~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~A55A510E-5E45-43A8-9793-08AAE3A425B2~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~A645898A-DD7C-4994-86FA-94D814BE1B71~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~A699D79B-9083-45B7-8CC4-FBEC30BC530C~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~A75068A3-032E-48BA-BEAB-3725A2AC6159~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~A927866D-2FDB-4144-BA40-E96DBE52B745~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~AA7CCC1A-B007-432C-8725-D794BC92A481~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~AC768141-1DBF-4F7C-A257-89B74D8E3804~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~B046B56F-4EA1-4C38-ADC4-AD3C85932CF9~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~B7C031B4-2D71-48B0-80A8-D9635BACB82C~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~B8E29631-3F55-4547-9B06-69BEDA5E83BC~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~BB30082B-1909-421F-965C-C2A7EC1F5B89~amd64~~22.2.0.140.14.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~BCEC8EDF-299D-4953-B19D-AB7938D619AB~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~BDC779E0-777A-4720-AA47-B762CC62ACE5~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~C02CF266-D5CB-4028-A9C2-293D78945DC4~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~C0C9B099-18B9-4675-A835-CC3ED1CD62E3~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~D244C4E6-BDD3-49C3-B940-9EADB7642191~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~D52EF3B9-2827-4C31-8469-AEC7D93E273E~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~D60883F3-331E-4D5F-A678-FB69DE129302~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~D7EFDC83-0699-41F0-A580-CB86A003A4E7~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~DB27E5D7-DEA0-44EF-87B1-3F1FA420503B~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~DB3F835B-E18A-4E9C-AFDB-02409FAF1947~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~E06DF7A7-F3D3-4977-A817-6B8B4268A8BB~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~E0F48983-5914-4C13-A3B7-4413BF5A1652~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~E1BC727E-F101-41B7-83A8-FA23653750D4~amd64~~22.2.0.140.14.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~E2D9AFCB-BEA6-4C84-8D20-B391EDC0B278~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~E2E9DD26-FFFE-404B-BF3B-F2A9341F8C31~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~E8BBF978-BCC9-4504-8777-E599129143C5~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~E8C31E23-5602-42A0-BE96-3B35FE5F07E0~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~E8CECB1E-F5F1-4D52-B1B0-03C2EFA156A4~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~E92C55BA-CC14-4F3D-9B82-ABB25796BCE4~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~EAE290C0-F540-4827-80E6-FB24BAD7B64E~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~ED1A2677-7626-49D0-A799-986DA3779652~amd64~~22.2.0.140.14.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~EDD31C74-D800-4FD6-A771-4AD1632E3A8E~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~F105D5D8-567D-4C04-BECF-17C8542A1963~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~F4EAEC7D-5057-4F33-AB3C-C9DB423CABDB~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~F68B234E-3A09-4F31-B2F9-256E6BD890DD~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~F739A004-03D3-479C-A352-F3EA07A1B40E~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~F7AE89C2-0BC3-4CF9-B020-86FE4A3CA1F6~amd64~~22.2.0.140.14.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~FBE50D82-6435-4EC2-9BE7-2AA8E37AC511~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~FCCF9873-68E3-4B0C-9F7D-5B7536971A0D~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~FDA51BDE-815D-4586-82C4-93BEB3B1B421~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~FDB9E6E3-439B-4967-8F1E-2BAD3584204C~amd64~~22.7.0.172.20.cat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk
C:\Program Files (x86)\McAfee Security Scan
C:\Program Files (x86)\LG Software\LG Device Manager\LGNoticeWndMcAfee.exe
C:\Program Files (x86)\LG Software\LG Device Manager\zh-CN\LGNoticeWndMcAfee.resources.dll
C:\Program Files (x86)\LG Software\LG Device Manager\zh-CN\LGNoticeWndMcAfee.resources.dll_
C:\Program Files (x86)\LG Software\LG Device Manager\vi-VN\LGNoticeWndMcAfee.resources.dll
C:\Program Files (x86)\LG Software\LG Device Manager\vi-VN\LGNoticeWndMcAfee.resources.dll_
C:\Program Files (x86)\LG Software\LG Device Manager\pt-BR\LGNoticeWndMcAfee.resources.dll
C:\Program Files (x86)\LG Software\LG Device Manager\pt-BR\LGNoticeWndMcAfee.resources.dll_
C:\Program Files (x86)\LG Software\LG Device Manager\ko-KR\LGNoticeWndMcAfee.resources.dll
C:\Program Files (x86)\LG Software\LG Device Manager\ja-JP\LGNoticeWndMcAfee.resources.dll
C:\Program Files (x86)\LG Software\LG Device Manager\ja-JP\LGNoticeWndMcAfee.resources.dll_
C:\Program Files (x86)\LG Software\LG Device Manager\es-ES\LGNoticeWndMcAfee.resources.dll
C:\Program Files (x86)\LG Software\LG Device Manager\es-ES\LGNoticeWndMcAfee.resources.dll_
C:\Program Files (x86)\LG Software\LG Device Manager\en-US\LGNoticeWndMcAfee.resources.dll
2023-04-04 15:28 - 2023-04-04 15:28 _____ C:\Users\buttonB\AppData\Roaming\McAfee
2023-03-24 20:01 - 2023-03-24 20:01 _____ C:\Users\buttonB\AppData\Local\McAfee
2024-03-28 12:40 - 2024-03-28 12:40 _____ C:\ProgramData\McAfee
2024-03-28 12:40 - 2024-03-28 12:40 _____ C:\ProgramData\McAfee Security Scan
2024-03-28 12:40 - 2024-03-28 12:40 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2024-03-28 12:40 - 2024-03-28 12:40 _____ C:\Program Files (x86)\McAfee Security Scan
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66F54008-1EE3-43A7-95FD-C0D821EE1EFF}\1.0\0\win32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CBCE891A-81A2-44BF-9F0A-35464BCD00CE}\1.0\0\win32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CBCE891A-81A2-44BF-9F0A-35464BCD00CE}\1.0\HELPDIR|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cc6f4d12-8575-4cff-9455-cf5774aeb13b}\LocalServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MicrosoftEdge\Main\FavoriteBarItems\Favorite1|ItemName
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MicrosoftEdge\Main\FavoriteBarItems\Favorite1|ItemUrl
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C045794F-5C1D-4F0C-A00D-9046E9F275A6}|Author
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C045794F-5C1D-4F0C-A00D-9046E9F275A6}|Description
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McComponentHostService|ImagePath
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McComponentHostService|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McComponentHostService|Description
DeleteValue: HKEY_USERS\S-1-5-21-332997564-2752265082-2101897690-1001\Control Panel\NotifyIconSettings\5614055671459473457|ExecutablePath
DeleteValue: HKEY_USERS\S-1-5-21-332997564-2752265082-2101897690-1001\Control Panel\NotifyIconSettings\5614055671459473457|Publisher
DeleteValue: HKEY_USERS\S-1-5-21-332997564-2752265082-2101897690-1001\Software\LGE\LG Quick Guide|McAfee
DeleteValue: HKEY_USERS\S-1-5-21-332997564-2752265082-2101897690-1001\Software\Microsoft\Windows\CurrentVersion\RunNotification|StartupTNotiMcAfee Security Scan Plus.lnk
DeleteValue: HKEY_USERS\S-1-5-21-332997564-2752265082-2101897690-1001\Software\Microsoft\Windows\CurrentVersion\Search\JumplistData|McAfee.McAgent
DeleteValue: HKEY_USERS\S-1-5-21-332997564-2752265082-2101897690-1001\Software\Microsoft\Windows\CurrentVersion\UFH\SHC|4
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan
DeleteKey: HKEY_USERS\S-1-5-21-332997564-2752265082-2101897690-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{8ebcfd25-9c45-4241-a36b-bf26267b5b5e}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$mcafee security scan
DeleteKey: HKEY_USERS\S-1-5-21-332997564-2752265082-2101897690-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{8ebcfd25-9c45-4241-a36b-bf26267b5b5e}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$mcafee security scan
DeleteKey: HKEY_USERS\S-1-5-21-332997564-2752265082-2101897690-1001\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\McAfee.McAgent
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Fixlog

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#14 FluffyPup

FluffyPup
  • Topic Starter

  • Avatar image
  • Members
  • 236 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:05:24 AM

Posted 29 March 2024 - 12:20 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 28.03.2024
Ran by buttonB (29-03-2024 10:18:21) Run:2
Running from C:\Users\buttonB\Desktop\BC03272024
Loaded Profiles: buttonB
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~0288E6C0-B964-42C2-A018-8E649CA9024E~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~059AE5EB-C671-41FE-96AD-E722D22F19C8~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~0BC791D8-2948-49DE-A4CB-137009E75073~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~0C8F3E76-7B87-43AB-94C7-4EF457BA1698~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~0F4A4310-6D83-4A10-B919-DDAC80319075~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~10B66FB2-7A29-4F6E-AD28-D51481151D79~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~1146707D-94FD-4C47-979C-958344F7E2B9~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~12480D57-AD34-4B81-9CE6-F3A075EB7280~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~13260118-63C2-48D0-A3A2-F1DC15B49E1E~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~150A20BD-E713-43A7-B964-3FD922CDD1E4~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~17A468B8-88F0-4A4B-8E37-09314DDED8D1~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~17B1EAF9-4804-436F-82D6-8F7957B5AF20~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~1CC79314-0282-499A-B6A7-895DABE8BFF7~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~1D556203-8AD6-4009-8E7D-E5E18B715D96~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~233F5389-9E56-4957-BA28-D6E12EE24892~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~23400211-D0AD-43C6-B315-2882DBE8B124~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~24B9DE69-E3A8-4D29-8930-98C17615A020~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~26A86F9B-FE05-4A4F-8127-F9315E1AAA3A~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~2A56EFF5-A177-4C25-99A1-B01C94C4C7FE~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~2B95BF6D-8848-4847-9F6E-FAD44C81D8B7~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~2C308797-57F9-41CC-840D-046CBB8AFC91~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~2EA40822-BA48-46E8-953F-CCCBAC08E5D3~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~2EB7B188-E2B9-487F-97EA-09E7C9F817BC~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~2FB767C6-57FE-45EB-8013-EA17F6A6DB99~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~32DA54AE-D2BD-4C59-AAF1-D78A4B948D3C~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~36638961-787C-4515-ACD2-8F0BEE03842A~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~39C6185B-B6FC-487A-92F4-F7A298A2723D~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~3EAAB245-8D7A-4139-8E8A-975B0DCDE13F~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~41BD21E0-55B4-4525-975E-ECE3EF500125~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~45318F48-92E5-4D37-AE8C-544D31BFA46A~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~4780AF1E-C569-4B36-A1BC-6FEB05196A9A~amd64~~22.2.0.140.14.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~4BE00D35-3993-43C1-B4CA-2FBC09009A9C~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~5553F426-EF6D-4317-8E74-76D066D834FB~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~5B26A5C2-6523-4844-99F6-0FB6421667EB~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~5C92126D-3269-4315-8CBB-150B6F918136~amd64~~22.2.0.140.14.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~5D360132-4FFF-4F78-B06B-8E4892004AD5~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~5EFBDC15-7DBD-44CF-8216-D22002BC412A~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~60A588DA-3408-4BCC-992E-09F7B8598518~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~66B7F0BB-74C6-40DC-895C-977D7F93081D~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~6B455F3C-2BA7-450B-B8B5-5D6A8AB1C146~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~7177159B-A870-4BD3-9039-E7BC36D59E40~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~73A2DF07-9817-40E5-A846-1D58DAA89248~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~7AA831B6-46A9-41A7-BA44-406577D9BDD9~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~7BDCC222-6458-43D3-B8C7-E1544C7C800F~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~7F87077B-C0FC-4973-9E50-0256BBAF9474~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~80F19131-CAAE-49CA-AB0F-189C6666F5D8~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~815E8D2A-0FCA-4563-808E-CA054F409CDC~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~84865DCD-909F-460F-BFE0-B6AA952065FC~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~84A32577-08A8-4FA6-87F4-36F8B0D48BCD~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~86ABF7B3-725E-42C1-89FF-DBF129634DFE~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~8CCB5DEE-3094-4695-AF28-9E8E17A7B7E0~amd64~~22.2.0.140.14.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~8D832BBD-9BB1-4195-B75F-A5576115027D~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~906AAE7A-406A-499D-8DC6-9ECE495F3CEB~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~93103A70-CC5F-4BD3-80EC-746CF091C4F2~amd64~~22.2.0.140.14.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~9974E5F6-6437-4543-AC7F-E1DB66C4A471~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~A2DB0128-7EE8-4630-A0E7-FE4877D75D97~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~A55A510E-5E45-43A8-9793-08AAE3A425B2~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~A645898A-DD7C-4994-86FA-94D814BE1B71~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~A699D79B-9083-45B7-8CC4-FBEC30BC530C~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~A75068A3-032E-48BA-BEAB-3725A2AC6159~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~A927866D-2FDB-4144-BA40-E96DBE52B745~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~AA7CCC1A-B007-432C-8725-D794BC92A481~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~AC768141-1DBF-4F7C-A257-89B74D8E3804~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~B046B56F-4EA1-4C38-ADC4-AD3C85932CF9~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~B7C031B4-2D71-48B0-80A8-D9635BACB82C~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~B8E29631-3F55-4547-9B06-69BEDA5E83BC~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~BB30082B-1909-421F-965C-C2A7EC1F5B89~amd64~~22.2.0.140.14.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~BCEC8EDF-299D-4953-B19D-AB7938D619AB~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~BDC779E0-777A-4720-AA47-B762CC62ACE5~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~C02CF266-D5CB-4028-A9C2-293D78945DC4~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~C0C9B099-18B9-4675-A835-CC3ED1CD62E3~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~D244C4E6-BDD3-49C3-B940-9EADB7642191~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~D52EF3B9-2827-4C31-8469-AEC7D93E273E~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~D60883F3-331E-4D5F-A678-FB69DE129302~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~D7EFDC83-0699-41F0-A580-CB86A003A4E7~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~DB27E5D7-DEA0-44EF-87B1-3F1FA420503B~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~DB3F835B-E18A-4E9C-AFDB-02409FAF1947~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~E06DF7A7-F3D3-4977-A817-6B8B4268A8BB~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~E0F48983-5914-4C13-A3B7-4413BF5A1652~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~E1BC727E-F101-41B7-83A8-FA23653750D4~amd64~~22.2.0.140.14.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~E2D9AFCB-BEA6-4C84-8D20-B391EDC0B278~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~E2E9DD26-FFFE-404B-BF3B-F2A9341F8C31~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~E8BBF978-BCC9-4504-8777-E599129143C5~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~E8C31E23-5602-42A0-BE96-3B35FE5F07E0~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~E8CECB1E-F5F1-4D52-B1B0-03C2EFA156A4~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~E92C55BA-CC14-4F3D-9B82-ABB25796BCE4~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~EAE290C0-F540-4827-80E6-FB24BAD7B64E~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~ED1A2677-7626-49D0-A799-986DA3779652~amd64~~22.2.0.140.14.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~EDD31C74-D800-4FD6-A771-4AD1632E3A8E~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~F105D5D8-567D-4C04-BECF-17C8542A1963~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~F4EAEC7D-5057-4F33-AB3C-C9DB423CABDB~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~F68B234E-3A09-4F31-B2F9-256E6BD890DD~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~F739A004-03D3-479C-A352-F3EA07A1B40E~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~F7AE89C2-0BC3-4CF9-B020-86FE4A3CA1F6~amd64~~22.2.0.140.14.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~FBE50D82-6435-4EC2-9BE7-2AA8E37AC511~amd64~~22.12.0.211.5.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~FCCF9873-68E3-4B0C-9F7D-5B7536971A0D~amd64~~22.7.0.172.20.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~FDA51BDE-815D-4586-82C4-93BEB3B1B421~amd64~~22.2.0.152.6.cat
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~FDB9E6E3-439B-4967-8F1E-2BAD3584204C~amd64~~22.7.0.172.20.cat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk
C:\Program Files (x86)\McAfee Security Scan
C:\Program Files (x86)\LG Software\LG Device Manager\LGNoticeWndMcAfee.exe
C:\Program Files (x86)\LG Software\LG Device Manager\zh-CN\LGNoticeWndMcAfee.resources.dll
C:\Program Files (x86)\LG Software\LG Device Manager\zh-CN\LGNoticeWndMcAfee.resources.dll_
C:\Program Files (x86)\LG Software\LG Device Manager\vi-VN\LGNoticeWndMcAfee.resources.dll
C:\Program Files (x86)\LG Software\LG Device Manager\vi-VN\LGNoticeWndMcAfee.resources.dll_
C:\Program Files (x86)\LG Software\LG Device Manager\pt-BR\LGNoticeWndMcAfee.resources.dll
C:\Program Files (x86)\LG Software\LG Device Manager\pt-BR\LGNoticeWndMcAfee.resources.dll_
C:\Program Files (x86)\LG Software\LG Device Manager\ko-KR\LGNoticeWndMcAfee.resources.dll
C:\Program Files (x86)\LG Software\LG Device Manager\ja-JP\LGNoticeWndMcAfee.resources.dll
C:\Program Files (x86)\LG Software\LG Device Manager\ja-JP\LGNoticeWndMcAfee.resources.dll_
C:\Program Files (x86)\LG Software\LG Device Manager\es-ES\LGNoticeWndMcAfee.resources.dll
C:\Program Files (x86)\LG Software\LG Device Manager\es-ES\LGNoticeWndMcAfee.resources.dll_
C:\Program Files (x86)\LG Software\LG Device Manager\en-US\LGNoticeWndMcAfee.resources.dll
2023-04-04 15:28 - 2023-04-04 15:28 _____ C:\Users\buttonB\AppData\Roaming\McAfee
2023-03-24 20:01 - 2023-03-24 20:01 _____ C:\Users\buttonB\AppData\Local\McAfee
2024-03-28 12:40 - 2024-03-28 12:40 _____ C:\ProgramData\McAfee
2024-03-28 12:40 - 2024-03-28 12:40 _____ C:\ProgramData\McAfee Security Scan
2024-03-28 12:40 - 2024-03-28 12:40 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2024-03-28 12:40 - 2024-03-28 12:40 _____ C:\Program Files (x86)\McAfee Security Scan
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66F54008-1EE3-43A7-95FD-C0D821EE1EFF}\1.0\0\win32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CBCE891A-81A2-44BF-9F0A-35464BCD00CE}\1.0\0\win32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CBCE891A-81A2-44BF-9F0A-35464BCD00CE}\1.0\HELPDIR|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cc6f4d12-8575-4cff-9455-cf5774aeb13b}\LocalServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MicrosoftEdge\Main\FavoriteBarItems\Favorite1|ItemName
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MicrosoftEdge\Main\FavoriteBarItems\Favorite1|ItemUrl
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C045794F-5C1D-4F0C-A00D-9046E9F275A6}|Author
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C045794F-5C1D-4F0C-A00D-9046E9F275A6}|Description
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McComponentHostService|ImagePath
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McComponentHostService|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McComponentHostService|Description
DeleteValue: HKEY_USERS\S-1-5-21-332997564-2752265082-2101897690-1001\Control Panel\NotifyIconSettings\5614055671459473457|ExecutablePath
DeleteValue: HKEY_USERS\S-1-5-21-332997564-2752265082-2101897690-1001\Control Panel\NotifyIconSettings\5614055671459473457|Publisher
DeleteValue: HKEY_USERS\S-1-5-21-332997564-2752265082-2101897690-1001\Software\LGE\LG Quick Guide|McAfee
DeleteValue: HKEY_USERS\S-1-5-21-332997564-2752265082-2101897690-1001\Software\Microsoft\Windows\CurrentVersion\RunNotification|StartupTNotiMcAfee Security Scan Plus.lnk
DeleteValue: HKEY_USERS\S-1-5-21-332997564-2752265082-2101897690-1001\Software\Microsoft\Windows\CurrentVersion\Search\JumplistData|McAfee.McAgent
DeleteValue: HKEY_USERS\S-1-5-21-332997564-2752265082-2101897690-1001\Software\Microsoft\Windows\CurrentVersion\UFH\SHC|4
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan
DeleteKey: HKEY_USERS\S-1-5-21-332997564-2752265082-2101897690-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{8ebcfd25-9c45-4241-a36b-bf26267b5b5e}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$mcafee security scan
DeleteKey: HKEY_USERS\S-1-5-21-332997564-2752265082-2101897690-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{8ebcfd25-9c45-4241-a36b-bf26267b5b5e}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$mcafee security scan
DeleteKey: HKEY_USERS\S-1-5-21-332997564-2752265082-2101897690-1001\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\McAfee.McAgent
End::
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~0288E6C0-B964-42C2-A018-8E649CA9024E~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~059AE5EB-C671-41FE-96AD-E722D22F19C8~amd64~~22.2.0.152.6.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~0BC791D8-2948-49DE-A4CB-137009E75073~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~0C8F3E76-7B87-43AB-94C7-4EF457BA1698~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~0F4A4310-6D83-4A10-B919-DDAC80319075~amd64~~22.7.0.172.20.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~10B66FB2-7A29-4F6E-AD28-D51481151D79~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~1146707D-94FD-4C47-979C-958344F7E2B9~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~12480D57-AD34-4B81-9CE6-F3A075EB7280~amd64~~22.7.0.172.20.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~13260118-63C2-48D0-A3A2-F1DC15B49E1E~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~150A20BD-E713-43A7-B964-3FD922CDD1E4~amd64~~22.7.0.172.20.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~17A468B8-88F0-4A4B-8E37-09314DDED8D1~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~17B1EAF9-4804-436F-82D6-8F7957B5AF20~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~1CC79314-0282-499A-B6A7-895DABE8BFF7~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~1D556203-8AD6-4009-8E7D-E5E18B715D96~amd64~~22.2.0.152.6.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~233F5389-9E56-4957-BA28-D6E12EE24892~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~23400211-D0AD-43C6-B315-2882DBE8B124~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~24B9DE69-E3A8-4D29-8930-98C17615A020~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~26A86F9B-FE05-4A4F-8127-F9315E1AAA3A~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~2A56EFF5-A177-4C25-99A1-B01C94C4C7FE~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~2B95BF6D-8848-4847-9F6E-FAD44C81D8B7~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~2C308797-57F9-41CC-840D-046CBB8AFC91~amd64~~22.2.0.152.6.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~2EA40822-BA48-46E8-953F-CCCBAC08E5D3~amd64~~22.7.0.172.20.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~2EB7B188-E2B9-487F-97EA-09E7C9F817BC~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~2FB767C6-57FE-45EB-8013-EA17F6A6DB99~amd64~~22.2.0.152.6.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~32DA54AE-D2BD-4C59-AAF1-D78A4B948D3C~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~36638961-787C-4515-ACD2-8F0BEE03842A~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~39C6185B-B6FC-487A-92F4-F7A298A2723D~amd64~~22.7.0.172.20.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~3EAAB245-8D7A-4139-8E8A-975B0DCDE13F~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~41BD21E0-55B4-4525-975E-ECE3EF500125~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~45318F48-92E5-4D37-AE8C-544D31BFA46A~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~4780AF1E-C569-4B36-A1BC-6FEB05196A9A~amd64~~22.2.0.140.14.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~4BE00D35-3993-43C1-B4CA-2FBC09009A9C~amd64~~22.7.0.172.20.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~5553F426-EF6D-4317-8E74-76D066D834FB~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~5B26A5C2-6523-4844-99F6-0FB6421667EB~amd64~~22.2.0.152.6.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~5C92126D-3269-4315-8CBB-150B6F918136~amd64~~22.2.0.140.14.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~5D360132-4FFF-4F78-B06B-8E4892004AD5~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~5EFBDC15-7DBD-44CF-8216-D22002BC412A~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~60A588DA-3408-4BCC-992E-09F7B8598518~amd64~~22.2.0.152.6.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~66B7F0BB-74C6-40DC-895C-977D7F93081D~amd64~~22.7.0.172.20.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~6B455F3C-2BA7-450B-B8B5-5D6A8AB1C146~amd64~~22.2.0.152.6.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~7177159B-A870-4BD3-9039-E7BC36D59E40~amd64~~22.2.0.152.6.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~73A2DF07-9817-40E5-A846-1D58DAA89248~amd64~~22.7.0.172.20.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~7AA831B6-46A9-41A7-BA44-406577D9BDD9~amd64~~22.7.0.172.20.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~7BDCC222-6458-43D3-B8C7-E1544C7C800F~amd64~~22.7.0.172.20.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~7F87077B-C0FC-4973-9E50-0256BBAF9474~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~80F19131-CAAE-49CA-AB0F-189C6666F5D8~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~815E8D2A-0FCA-4563-808E-CA054F409CDC~amd64~~22.2.0.152.6.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~84865DCD-909F-460F-BFE0-B6AA952065FC~amd64~~22.2.0.152.6.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~84A32577-08A8-4FA6-87F4-36F8B0D48BCD~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~86ABF7B3-725E-42C1-89FF-DBF129634DFE~amd64~~22.7.0.172.20.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~8CCB5DEE-3094-4695-AF28-9E8E17A7B7E0~amd64~~22.2.0.140.14.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~8D832BBD-9BB1-4195-B75F-A5576115027D~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~906AAE7A-406A-499D-8DC6-9ECE495F3CEB~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~93103A70-CC5F-4BD3-80EC-746CF091C4F2~amd64~~22.2.0.140.14.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~9974E5F6-6437-4543-AC7F-E1DB66C4A471~amd64~~22.2.0.152.6.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~A2DB0128-7EE8-4630-A0E7-FE4877D75D97~amd64~~22.7.0.172.20.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~A55A510E-5E45-43A8-9793-08AAE3A425B2~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~A645898A-DD7C-4994-86FA-94D814BE1B71~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~A699D79B-9083-45B7-8CC4-FBEC30BC530C~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~A75068A3-032E-48BA-BEAB-3725A2AC6159~amd64~~22.2.0.152.6.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~A927866D-2FDB-4144-BA40-E96DBE52B745~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~AA7CCC1A-B007-432C-8725-D794BC92A481~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~AC768141-1DBF-4F7C-A257-89B74D8E3804~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~B046B56F-4EA1-4C38-ADC4-AD3C85932CF9~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~B7C031B4-2D71-48B0-80A8-D9635BACB82C~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~B8E29631-3F55-4547-9B06-69BEDA5E83BC~amd64~~22.2.0.152.6.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~BB30082B-1909-421F-965C-C2A7EC1F5B89~amd64~~22.2.0.140.14.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~BCEC8EDF-299D-4953-B19D-AB7938D619AB~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~BDC779E0-777A-4720-AA47-B762CC62ACE5~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~C02CF266-D5CB-4028-A9C2-293D78945DC4~amd64~~22.7.0.172.20.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~C0C9B099-18B9-4675-A835-CC3ED1CD62E3~amd64~~22.7.0.172.20.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~D244C4E6-BDD3-49C3-B940-9EADB7642191~amd64~~22.2.0.152.6.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~D52EF3B9-2827-4C31-8469-AEC7D93E273E~amd64~~22.2.0.152.6.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~D60883F3-331E-4D5F-A678-FB69DE129302~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~D7EFDC83-0699-41F0-A580-CB86A003A4E7~amd64~~22.2.0.152.6.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~DB27E5D7-DEA0-44EF-87B1-3F1FA420503B~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~DB3F835B-E18A-4E9C-AFDB-02409FAF1947~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~E06DF7A7-F3D3-4977-A817-6B8B4268A8BB~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~E0F48983-5914-4C13-A3B7-4413BF5A1652~amd64~~22.7.0.172.20.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~E1BC727E-F101-41B7-83A8-FA23653750D4~amd64~~22.2.0.140.14.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~E2D9AFCB-BEA6-4C84-8D20-B391EDC0B278~amd64~~22.7.0.172.20.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~E2E9DD26-FFFE-404B-BF3B-F2A9341F8C31~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~E8BBF978-BCC9-4504-8777-E599129143C5~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~E8C31E23-5602-42A0-BE96-3B35FE5F07E0~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~E8CECB1E-F5F1-4D52-B1B0-03C2EFA156A4~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~E92C55BA-CC14-4F3D-9B82-ABB25796BCE4~amd64~~22.2.0.152.6.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~EAE290C0-F540-4827-80E6-FB24BAD7B64E~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~ED1A2677-7626-49D0-A799-986DA3779652~amd64~~22.2.0.140.14.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~EDD31C74-D800-4FD6-A771-4AD1632E3A8E~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~F105D5D8-567D-4C04-BECF-17C8542A1963~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~F4EAEC7D-5057-4F33-AB3C-C9DB423CABDB~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~F68B234E-3A09-4F31-B2F9-256E6BD890DD~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~F739A004-03D3-479C-A352-F3EA07A1B40E~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~F7AE89C2-0BC3-4CF9-B020-86FE4A3CA1F6~amd64~~22.2.0.140.14.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~FBE50D82-6435-4EC2-9BE7-2AA8E37AC511~amd64~~22.12.0.211.5.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~FCCF9873-68E3-4B0C-9F7D-5B7536971A0D~amd64~~22.7.0.172.20.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~FDA51BDE-815D-4586-82C4-93BEB3B1B421~amd64~~22.2.0.152.6.cat => moved successfully
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\McAfee-VSCore~FDB9E6E3-439B-4967-8F1E-2BAD3584204C~amd64~~22.7.0.172.20.cat => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk => moved successfully

"C:\Program Files (x86)\McAfee Security Scan" Folder move:

C:\Program Files (x86)\McAfee Security Scan => moved successfully
C:\Program Files (x86)\LG Software\LG Device Manager\LGNoticeWndMcAfee.exe => moved successfully
C:\Program Files (x86)\LG Software\LG Device Manager\zh-CN\LGNoticeWndMcAfee.resources.dll => moved successfully
C:\Program Files (x86)\LG Software\LG Device Manager\zh-CN\LGNoticeWndMcAfee.resources.dll_ => moved successfully
C:\Program Files (x86)\LG Software\LG Device Manager\vi-VN\LGNoticeWndMcAfee.resources.dll => moved successfully
C:\Program Files (x86)\LG Software\LG Device Manager\vi-VN\LGNoticeWndMcAfee.resources.dll_ => moved successfully
C:\Program Files (x86)\LG Software\LG Device Manager\pt-BR\LGNoticeWndMcAfee.resources.dll => moved successfully
C:\Program Files (x86)\LG Software\LG Device Manager\pt-BR\LGNoticeWndMcAfee.resources.dll_ => moved successfully
C:\Program Files (x86)\LG Software\LG Device Manager\ko-KR\LGNoticeWndMcAfee.resources.dll => moved successfully
C:\Program Files (x86)\LG Software\LG Device Manager\ja-JP\LGNoticeWndMcAfee.resources.dll => moved successfully
C:\Program Files (x86)\LG Software\LG Device Manager\ja-JP\LGNoticeWndMcAfee.resources.dll_ => moved successfully
C:\Program Files (x86)\LG Software\LG Device Manager\es-ES\LGNoticeWndMcAfee.resources.dll => moved successfully
C:\Program Files (x86)\LG Software\LG Device Manager\es-ES\LGNoticeWndMcAfee.resources.dll_ => moved successfully
C:\Program Files (x86)\LG Software\LG Device Manager\en-US\LGNoticeWndMcAfee.resources.dll => moved successfully

"C:\Users\buttonB\AppData\Roaming\McAfee" Folder move:

C:\Users\buttonB\AppData\Roaming\McAfee => moved successfully

"C:\Users\buttonB\AppData\Local\McAfee" Folder move:

C:\Users\buttonB\AppData\Local\McAfee => moved successfully

"C:\ProgramData\McAfee" Folder move:

C:\ProgramData\McAfee => moved successfully

"C:\ProgramData\McAfee Security Scan" Folder move:

C:\ProgramData\McAfee Security Scan => moved successfully

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus" Folder move:

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus => moved successfully
"C:\Program Files (x86)\McAfee Security Scan" => not found
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66F54008-1EE3-43A7-95FD-C0D821EE1EFF}\1.0\0\win32\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CBCE891A-81A2-44BF-9F0A-35464BCD00CE}\1.0\0\win32\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CBCE891A-81A2-44BF-9F0A-35464BCD00CE}\1.0\HELPDIR\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cc6f4d12-8575-4cff-9455-cf5774aeb13b}\LocalServer32\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MicrosoftEdge\Main\FavoriteBarItems\Favorite1\\ItemName" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MicrosoftEdge\Main\FavoriteBarItems\Favorite1\\ItemUrl" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C045794F-5C1D-4F0C-A00D-9046E9F275A6}\\Author" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C045794F-5C1D-4F0C-A00D-9046E9F275A6}\\Description" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McComponentHostService\\ImagePath" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McComponentHostService\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McComponentHostService\\Description" => removed successfully
"HKEY_USERS\S-1-5-21-332997564-2752265082-2101897690-1001\Control Panel\NotifyIconSettings\5614055671459473457\\ExecutablePath" => removed successfully
"HKEY_USERS\S-1-5-21-332997564-2752265082-2101897690-1001\Control Panel\NotifyIconSettings\5614055671459473457\\Publisher" => removed successfully
"HKEY_USERS\S-1-5-21-332997564-2752265082-2101897690-1001\Software\LGE\LG Quick Guide\\McAfee" => removed successfully
"HKEY_USERS\S-1-5-21-332997564-2752265082-2101897690-1001\Software\Microsoft\Windows\CurrentVersion\RunNotification\\StartupTNotiMcAfee Security Scan Plus.lnk" => removed successfully
"HKEY_USERS\S-1-5-21-332997564-2752265082-2101897690-1001\Software\Microsoft\Windows\CurrentVersion\Search\JumplistData\\McAfee.McAgent" => removed successfully
"HKEY_USERS\S-1-5-21-332997564-2752265082-2101897690-1001\Software\Microsoft\Windows\CurrentVersion\UFH\SHC\\4" => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan => removed successfully
HKEY_USERS\S-1-5-21-332997564-2752265082-2101897690-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{8ebcfd25-9c45-4241-a36b-bf26267b5b5e}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$mcafee security scan => removed successfully
HKEY_USERS\S-1-5-21-332997564-2752265082-2101897690-1001\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{8ebcfd25-9c45-4241-a36b-bf26267b5b5e}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$mcafee security scan => removed successfully
HKEY_USERS\S-1-5-21-332997564-2752265082-2101897690-1001\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\McAfee.McAgent => removed successfully


The system needed a reboot.

==== End of Fixlog 10:18:36 ====


#15 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,410 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:03:24 AM

Posted 29 March 2024 - 07:36 PM

That looks good.

Can you update me on the state of the computer?
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69
Back to Virus, Trojan, Spyware, and Malware Removal Help


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer Forums
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·