computer hacked

[DR M]

Mary Ann, read the instructions below carefully, and start doing each step exactly as it is described:

• Download the attached fixlist.txt (see at the end of my reply, the attached file has a clip icon beside it), and save it at the same place where FRST tool is. Right now, it's in your Downloads folder.
• Right-click on FRST64.exe in your Downloads folder, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  
• Press the Fix button once and wait.
  
• FRST will process fixlist.txt
  
• When finished, it will produce a log fixlog.txt in your Downloads folder.
  
• Post the log in your next reply.
  

In your next reply please post:

The fixlog.txt

[mare_wbpa]

When I click on fixlist,txt I go to the download there is no FRST64.exe in the download folder. When i click or double click this is what I get.

createrestorepoint:
closeprocesses:
AV: McAfee (Disabled - Up to date) {0BE13B34-492A-21C0-AE43-C1742279CCB6}
FW: McAfee (Disabled) {33DABA11-0345-2098-851C-6841DCAA8BCD}
CustomCLSID: HKU\S-1-5-21-808705873-2307071823-1975692619-1001_Classes\CLSID\{15fbdf8d-ed5b-42c6-d352-5188c9f76bb4}\localserver32 -> "C:\Users\mary ann\AppData\Local\OneLaunch\5.27.0\onelaunch.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-808705873-2307071823-1975692619-1001_Classes\CLSID\{28ce06bf-ae80-8555-553d-a861d3a89734}\localserver32 -> "C:\Users\mary ann\AppData\Local\OneLaunch\5.29.3\onelaunch.exe" -ToastActivated => No File
2023-04-21 14:34 - 2023-04-21 14:34 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2023-04-21 14:34 - 2023-04-21 14:34 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mc-fw-host => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mc-fw-host => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (875745c2-2c6c-44d9-94e6-f9f7739195dd) => ""="Service"
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\StartupApproved\Run: => "OneLaunchChromium"
FirewallRules: [TCP Query User{C1714D50-F69F-4A58-A8D3-6D23481E254A}C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe] => (Block) C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe => No File
FirewallRules: [UDP Query User{9B8A9E98-202A-47C8-ABD7-D68DF3D2D0AF}C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe] => (Block) C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe => No File
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\MountPoints2: {cb5214c5-ba6e-11ee-9675-cc5ef8f272ec} - "D:\GHScrabbleInstall.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {040010EA-1BBC-447B-9090-3BB096E813B3} - \McAfee\WPS\McAfee Cloud Configuration Check -> No File <==== ATTENTION
Task: {1A8D192A-E602-4692-A574-CA6BD75D59A7} - \McAfee\WPS\McAfee Hotfix -> No File <==== ATTENTION
Task: {2108BDB0-9C3A-4ED1-AD6E-9B0E548EF94F} - \McAfee\WPS\McAfee Scheduled Tracker Remover -> No File <==== ATTENTION
Task: {681F2B7E-072A-4EAA-85E1-8819F061C123} - \McAfee\WPS\McAfee PC Optimizer Task -> No File <==== ATTENTION
Task: {68370CD0-6967-45A7-AE10-414612E86E20} - \McAfee\WPS\McAfee Scheduled AV Scan -> No File <==== ATTENTION
Task: {72D83402-547D-4D39-8E88-C50F51A9D6DE} - \McAfee\WPS\McAfee restart of PC -> No File <==== ATTENTION
Task: {8057C08C-800D-4493-9F4F-2B5D30E99E61} - \McAfee\WPS\McAfee Anti-tracker notification -> No File <==== ATTENTION
Task: {AFC537DA-7894-48F4-BFA1-C58EFE38A190} - \McAfee\WPS\McAfee Message Check -> No File <==== ATTENTION
Task: {BE36AFFD-9B2B-429F-88D2-9607ED6EA43E} - \McAfee\WPS\McAfee Virus Definition Update -> No File <==== ATTENTION
Task: {DE988299-04E9-47DF-A3C4-016A3ADEA8F1} - \McAfee\WPS\McAfee Windows Notification Token -> No File <==== ATTENTION
Task: {EAEA0964-16A6-458B-BD62-1B45C21DF280} - \McAfee\WPS\McAfee Health Check -> No File <==== ATTENTION
Task: {FE923434-2E65-4870-8746-8E2BB7D1881B} - \McAfee\wps\McAfee Updater -> No File <==== ATTENTION
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
R2 ScreenConnect Client (875745c2-2c6c-44d9-94e6-f9f7739195dd); C:\Users\mary ann\AppData\Local\Apps\2.0\QN4P3DWA.NPN\VQCN9APE.Z4M\scre..tion_25b0fbb6ef7eb094_0018.0001_51e59eb280deee18\ScreenConnect.ClientService.exe [95520 2024-06-26] (Connectwise, LLC -> )
S3 vmbusproxy; C:\windows\system32\drivers\vmbusproxy.sys [94208 2024-01-12] (Microsoft Windows -> )
2024-06-29 20:54 - 2024-06-29 20:54 - 000003332 _____ C:\windows\system32\Tasks\SystemOptimizerCustomEvent
2024-06-29 20:54 - 2024-06-29 20:54 - 000002892 _____ C:\windows\system32\Tasks\SystemOptimizer
2024-06-29 16:52 - 2024-06-29 16:52 - 012365296 _____ (McAfee, LLC) C:\Users\mary ann\Downloads\MCPR.exe
2024-06-29 16:50 - 2024-06-29 16:50 - 000002334 _____ C:\Users\mary ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee LLC.lnk
2024-06-29 16:49 - 2024-06-29 16:49 - 002397032 _____ (LogMeIn, Inc.) C:\Users\mary ann\Downloads\Support-LogMeInRescue.exe
2024-06-29 15:01 - 2024-06-29 15:01 - 000223878 _____ C:\Users\mary ann\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab
2024-06-07 13:58 - 2024-06-07 14:00 - 000000000 ____D C:\ProgramData\PC Cleaner
2024-06-07 13:58 - 2024-06-07 13:58 - 007867760 _____ (PC Helpsoft ) C:\Users\mary ann\Downloads\PC_Cleaner_setup.exe
2024-06-20 08:33 - 2024-06-20 08:33 - 000000000 _____ C:\Users\mary ann\Downloads\6Hp4nfE6.htm
2024-06-26 15:19 - 2024-06-26 15:19 - 000086304 _____ C:\Users\mary ann\Downloads\support.Client.exe
2024-06-29 20:54 - 2024-01-25 15:43 - 000000000 ____D C:\windows\system32\Tasks\AVAST Software
C:\Users\mary ann\AppData\Local\Apps\2.0\QN4P3DWA.NPN
C:\windows\system32\drivers\vmbusproxy.sys
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
RemoveProxy:
emptytemp:

[Corrine]

Mary Ann, I've copied Dr M's instructions below.  Please note that what you are supposed to run is the fixlist.txt NOT FRST.exe. The fixlog.txt looks like the following (although it is an actual paperclip, not the emoji image I used):

📎fixlist.txt
5.56 KB

Be sure the fixlist.txt is in the same fold as FRST.exe. They need to be together in the same folder so that FRST can run the instructions in the fixlist.txt.

FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Download the attached fixlist.txt (see at the end of my reply, the attached file has a clip icon beside it), and save it at the same place where FRST tool is. Right now, it's in your Downloads folder.
• Right-click on FRST64 in your Downloads folder, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  
• Press the Fix button once and wait.
  
• FRST will process fixlist.txt
  
• When finished, it will produce a log fixlog.txt in your Downloads folder.
  
• Post the log in your next reply.
  

In your next reply please post:

The fixlog.txt

[mare_wbpa]

I'm sorry, I was so frustrated that I had to walk away from the computer. Brfore we go any further, My computer took 20 minutes to start. Is that from all the fixlist,txt that I downloaded?

[mare_wbpa]

When you say download, do you mean rt click, left click, double click or other. I'm trying to get back to the basics so that I'm not wasting your time. I really appreciate what you're trying to do for me. I hope I don't seem ungrateful. You must be frustrated too.  I'm missing something.

[Corrine]

Hi, Mary Ann. 

No, the fixlist.txt is a small file so shouldn't have any impact on the startup. However, you should have only one copy of fixlist.txt.

What you need to do is make sure that both FRST.exe and one copy of fixlist.txt are in the same location.  Both FRST.exe and fixlist.txt should be in your Downloads folder or, possibly, on your desktop.

After you have determined that both files are in the same location, right-click FRST.exe and select the option to run as administrator.

After that, it will open.  Click yes and the tool will run. When it is finished running, you'll find fixlog.txt in the same folder as FRST.EXE and fixlist.txt. Copy the fixlog.txt in your next reply.

If you are unsure of the steps, please see DR M's instructions located at the top of the page again.

[DR M]

Mary Ann, what I believe is that you already downloaded the fixlist.txt and it is in your Downloads folder.

Please, check now and let me know if you have it there.

I'll be waiting for your reply, before I give you the actual instruction.

[mare_wbpa]

I found FRST in my documents but not  fixlist.txt

[DR M]

Click on the attached fixlist.txt and save it in your Downloads folder. You cannot view this attachment.

Click on it and save it.

[mare_wbpa]

OK fixlist.txt is in my download folder

[DR M]

Perfect!

Now find FRST tool inside the Downloads folder.

It's this one:

Double click on it, say YES, and then click on FIX.

[mare_wbpa]

Fix result of Farbar Recovery Scan Tool (x64) Version: 01.07.2024
Ran by mary ann (04-07-2024 12:07:40) Run:4
Running from C:\Users\mary ann\Downloads
Loaded Profiles: mary ann
Boot Mode: Normal
==============================================

fixlist content:
*****************
createrestorepoint:
closeprocesses:
AV: McAfee (Disabled - Up to date) {0BE13B34-492A-21C0-AE43-C1742279CCB6}
FW: McAfee (Disabled) {33DABA11-0345-2098-851C-6841DCAA8BCD}
CustomCLSID: HKU\S-1-5-21-808705873-2307071823-1975692619-1001_Classes\CLSID\{15fbdf8d-ed5b-42c6-d352-5188c9f76bb4}\localserver32 -> "C:\Users\mary ann\AppData\Local\OneLaunch\5.27.0\onelaunch.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-808705873-2307071823-1975692619-1001_Classes\CLSID\{28ce06bf-ae80-8555-553d-a861d3a89734}\localserver32 -> "C:\Users\mary ann\AppData\Local\OneLaunch\5.29.3\onelaunch.exe" -ToastActivated => No File
2023-04-21 14:34 - 2023-04-21 14:34 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2023-04-21 14:34 - 2023-04-21 14:34 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mc-fw-host => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mc-fw-host => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (875745c2-2c6c-44d9-94e6-f9f7739195dd) => ""="Service"
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\StartupApproved\Run: => "OneLaunchChromium"
FirewallRules: [TCP Query User{C1714D50-F69F-4A58-A8D3-6D23481E254A}C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe] => (Block) C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe => No File
FirewallRules: [UDP Query User{9B8A9E98-202A-47C8-ABD7-D68DF3D2D0AF}C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe] => (Block) C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe => No File
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\MountPoints2: {cb5214c5-ba6e-11ee-9675-cc5ef8f272ec} - "D:\GHScrabbleInstall.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {040010EA-1BBC-447B-9090-3BB096E813B3} - \McAfee\WPS\McAfee Cloud Configuration Check -> No File <==== ATTENTION
Task: {1A8D192A-E602-4692-A574-CA6BD75D59A7} - \McAfee\WPS\McAfee Hotfix -> No File <==== ATTENTION
Task: {2108BDB0-9C3A-4ED1-AD6E-9B0E548EF94F} - \McAfee\WPS\McAfee Scheduled Tracker Remover -> No File <==== ATTENTION
Task: {681F2B7E-072A-4EAA-85E1-8819F061C123} - \McAfee\WPS\McAfee PC Optimizer Task -> No File <==== ATTENTION
Task: {68370CD0-6967-45A7-AE10-414612E86E20} - \McAfee\WPS\McAfee Scheduled AV Scan -> No File <==== ATTENTION
Task: {72D83402-547D-4D39-8E88-C50F51A9D6DE} - \McAfee\WPS\McAfee restart of PC -> No File <==== ATTENTION
Task: {8057C08C-800D-4493-9F4F-2B5D30E99E61} - \McAfee\WPS\McAfee Anti-tracker notification -> No File <==== ATTENTION
Task: {AFC537DA-7894-48F4-BFA1-C58EFE38A190} - \McAfee\WPS\McAfee Message Check -> No File <==== ATTENTION
Task: {BE36AFFD-9B2B-429F-88D2-9607ED6EA43E} - \McAfee\WPS\McAfee Virus Definition Update -> No File <==== ATTENTION
Task: {DE988299-04E9-47DF-A3C4-016A3ADEA8F1} - \McAfee\WPS\McAfee Windows Notification Token -> No File <==== ATTENTION
Task: {EAEA0964-16A6-458B-BD62-1B45C21DF280} - \McAfee\WPS\McAfee Health Check -> No File <==== ATTENTION
Task: {FE923434-2E65-4870-8746-8E2BB7D1881B} - \McAfee\wps\McAfee Updater -> No File <==== ATTENTION
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
R2 ScreenConnect Client (875745c2-2c6c-44d9-94e6-f9f7739195dd); C:\Users\mary ann\AppData\Local\Apps\2.0\QN4P3DWA.NPN\VQCN9APE.Z4M\scre..tion_25b0fbb6ef7eb094_0018.0001_51e59eb280deee18\ScreenConnect.ClientService.exe [95520 2024-06-26] (Connectwise, LLC -> )
S3 vmbusproxy; C:\windows\system32\drivers\vmbusproxy.sys [94208 2024-01-12] (Microsoft Windows -> )
2024-06-29 20:54 - 2024-06-29 20:54 - 000003332 _____ C:\windows\system32\Tasks\SystemOptimizerCustomEvent
2024-06-29 20:54 - 2024-06-29 20:54 - 000002892 _____ C:\windows\system32\Tasks\SystemOptimizer
2024-06-29 16:52 - 2024-06-29 16:52 - 012365296 _____ (McAfee, LLC) C:\Users\mary ann\Downloads\MCPR.exe
2024-06-29 16:50 - 2024-06-29 16:50 - 000002334 _____ C:\Users\mary ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee LLC.lnk
2024-06-29 16:49 - 2024-06-29 16:49 - 002397032 _____ (LogMeIn, Inc.) C:\Users\mary ann\Downloads\Support-LogMeInRescue.exe
2024-06-29 15:01 - 2024-06-29 15:01 - 000223878 _____ C:\Users\mary ann\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab
2024-06-07 13:58 - 2024-06-07 14:00 - 000000000 ____D C:\ProgramData\PC Cleaner
2024-06-07 13:58 - 2024-06-07 13:58 - 007867760 _____ (PC Helpsoft ) C:\Users\mary ann\Downloads\PC_Cleaner_setup.exe
2024-06-20 08:33 - 2024-06-20 08:33 - 000000000 _____ C:\Users\mary ann\Downloads\6Hp4nfE6.htm
2024-06-26 15:19 - 2024-06-26 15:19 - 000086304 _____ C:\Users\mary ann\Downloads\support.Client.exe
2024-06-29 20:54 - 2024-01-25 15:43 - 000000000 ____D C:\windows\system32\Tasks\AVAST Software
C:\Users\mary ann\AppData\Local\Apps\2.0\QN4P3DWA.NPN
C:\windows\system32\drivers\vmbusproxy.sys
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
RemoveProxy:
emptytemp:
*****************

Restore point was successfully created.
Processes closed successfully.
"AV: McAfee (Disabled - Up to date) {0BE13B34-492A-21C0-AE43-C1742279CCB6}" => removed successfully
"FW: McAfee (Disabled) {33DABA11-0345-2098-851C-6841DCAA8BCD}" => removed successfully
HKU\S-1-5-21-808705873-2307071823-1975692619-1001_Classes\CLSID\{15fbdf8d-ed5b-42c6-d352-5188c9f76bb4} => removed successfully
HKU\S-1-5-21-808705873-2307071823-1975692619-1001_Classes\CLSID\{28ce06bf-ae80-8555-553d-a861d3a89734} => removed successfully
Symbolic link found: "C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll" => "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll"
"C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll" => Symbolic link removed successfully
Symbolic link found: "C:\Program Files\Microsoft Office\root\Office16\c2r64.dll" => "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll"
"C:\Program Files\Microsoft Office\root\Office16\c2r64.dll" => Symbolic link removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mc-fw-host => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mc-fw-host => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (875745c2-2c6c-44d9-94e6-f9f7739195dd) => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
"HKU\S-1-5-21-808705873-2307071823-1975692619-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\OneLaunchChromium" => removed successfully
"HKU\S-1-5-21-808705873-2307071823-1975692619-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\OneLaunchChromium" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C1714D50-F69F-4A58-A8D3-6D23481E254A}C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9B8A9E98-202A-47C8-ABD7-D68DF3D2D0AF}C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
HKU\S-1-5-21-808705873-2307071823-1975692619-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb5214c5-ba6e-11ee-9675-cc5ef8f272ec} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{040010EA-1BBC-447B-9090-3BB096E813B3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{040010EA-1BBC-447B-9090-3BB096E813B3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\McAfee Cloud Configuration Check" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A8D192A-E602-4692-A574-CA6BD75D59A7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A8D192A-E602-4692-A574-CA6BD75D59A7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\McAfee Hotfix" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2108BDB0-9C3A-4ED1-AD6E-9B0E548EF94F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2108BDB0-9C3A-4ED1-AD6E-9B0E548EF94F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\McAfee Scheduled Tracker Remover" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{681F2B7E-072A-4EAA-85E1-8819F061C123}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{681F2B7E-072A-4EAA-85E1-8819F061C123}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\McAfee PC Optimizer Task" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68370CD0-6967-45A7-AE10-414612E86E20}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68370CD0-6967-45A7-AE10-414612E86E20}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\McAfee Scheduled AV Scan" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{72D83402-547D-4D39-8E88-C50F51A9D6DE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72D83402-547D-4D39-8E88-C50F51A9D6DE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\McAfee restart of PC" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8057C08C-800D-4493-9F4F-2B5D30E99E61}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8057C08C-800D-4493-9F4F-2B5D30E99E61}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\McAfee Anti-tracker notification" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFC537DA-7894-48F4-BFA1-C58EFE38A190}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFC537DA-7894-48F4-BFA1-C58EFE38A190}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\McAfee Message Check" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE36AFFD-9B2B-429F-88D2-9607ED6EA43E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE36AFFD-9B2B-429F-88D2-9607ED6EA43E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\McAfee Virus Definition Update" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DE988299-04E9-47DF-A3C4-016A3ADEA8F1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE988299-04E9-47DF-A3C4-016A3ADEA8F1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\McAfee Windows Notification Token" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EAEA0964-16A6-458B-BD62-1B45C21DF280}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAEA0964-16A6-458B-BD62-1B45C21DF280}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\McAfee Health Check" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE923434-2E65-4870-8746-8E2BB7D1881B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE923434-2E65-4870-8746-8E2BB7D1881B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\wps\McAfee Updater" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
ScreenConnect Client (875745c2-2c6c-44d9-94e6-f9f7739195dd) => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\ScreenConnect Client (875745c2-2c6c-44d9-94e6-f9f7739195dd) => removed successfully
ScreenConnect Client (875745c2-2c6c-44d9-94e6-f9f7739195dd) => service removed successfully
HKLM\System\CurrentControlSet\Services\vmbusproxy => removed successfully
vmbusproxy => service removed successfully
C:\windows\system32\Tasks\SystemOptimizerCustomEvent => moved successfully
C:\windows\system32\Tasks\SystemOptimizer => moved successfully
C:\Users\mary ann\Downloads\MCPR.exe => moved successfully
C:\Users\mary ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee LLC.lnk => moved successfully
C:\Users\mary ann\Downloads\Support-LogMeInRescue.exe => moved successfully
C:\Users\mary ann\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab => moved successfully

"C:\ProgramData\PC Cleaner" Folder move:

C:\ProgramData\PC Cleaner => moved successfully
C:\Users\mary ann\Downloads\PC_Cleaner_setup.exe => moved successfully
C:\Users\mary ann\Downloads\6Hp4nfE6.htm => moved successfully
C:\Users\mary ann\Downloads\support.Client.exe => moved successfully

"C:\windows\system32\Tasks\AVAST Software" Folder move:

C:\windows\system32\Tasks\AVAST Software => moved successfully

"C:\Users\mary ann\AppData\Local\Apps\2.0\QN4P3DWA.NPN" Folder move:

C:\Users\mary ann\AppData\Local\Apps\2.0\QN4P3DWA.NPN => moved successfully
C:\windows\system32\drivers\vmbusproxy.sys => moved successfully
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => removed successfully

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-808705873-2307071823-1975692619-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-808705873-2307071823-1975692619-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 65479016 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 7413182 B
Edge => 0 B
Chrome => 36307848 B
Firefox => 1177143661 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 682962 B
NetworkService => 682962 B
mary ann => 17242863 B

RecycleBin => 14750257 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:08:02 ====

[DR M]

Great! DO NOT forget the procedure if I asked you to run a fix again! :)

Now, I want you to read very carefully the instructions below. We will run a new tool, so please, read each line very carefully to understand it well.


Download AdwCleaner and save it. It will be saved in your Downloads folder.

After that:

• Double click AdwCleaner.exe to run it.
  
• Click Scan Now.
  
• Once the scan completes, AdwCleaner shows you what it found on your computer. Check the boxes next to the items detected and disable, then click Next.
  
• Now, AdwCleaner will show you any preinstalled software it found on your device. Again, check the boxes next to the items detected and disable. If nothing found, you won't see this message.
  
• Click Continue, then click Restart now, and you're done.
  
• Once your computer has restarted:
• Click the Log Files tab.
  
• Click Skip Basic Repair to finish the cleaning process
• Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
  
• A Notepad file will open containing the results of the removal.
• Please post the contents of the file in your next reply.
  

[mare_wbpa]

AdwCleaner won't download

[DR M]

Why? Please, give details when you need something.