computer hacked

Started by mare_wbpa, June 27, 2024, 08:04:10 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

mare_wbpa

Frst.txt is saved in the same directory Frst is located

DR M

Is the FRST tool on your Desktop or in your Downloads folder?

The 2 logs created are in the same location where the tool is.
Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

mare_wbpa

Frst is on my desktop and in the download folder but I can't find the txt from the scan

mare_wbpa

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.06.2024
Ran by mary ann (administrator) on LAPTOP-4EQFBMN3 (HP HP Laptop 17-cn2xxx) (28-06-2024 18:36:58)
Running from C:\Users\mary ann\Downloads\FRST64.exe
Loaded Profiles: mary ann
Platform: Microsoft Windows 11 Home Version 23H2 22631.3737 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\AVGUI.exe <4>
(C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(C:\Program Files\AVG\Antivirus\AVGSvc.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.5.15.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityBackground.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.5.15.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_24151.2105.2943.2101_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe <12>
(C:\Users\mary ann\AppData\Local\Apps\2.0\QN4P3DWA.NPN\VQCN9APE.Z4M\scre..tion_25b0fbb6ef7eb094_0018.0001_51e59eb280deee18\ScreenConnect.ClientService.exe ->) (Connectwise, LLC -> ScreenConnect Software) C:\Users\mary ann\AppData\Local\Apps\2.0\QN4P3DWA.NPN\VQCN9APE.Z4M\scre..tion_25b0fbb6ef7eb094_0018.0001_51e59eb280deee18\ScreenConnect.WindowsClient.exe
(C:\Users\mary ann\AppData\Local\OneLaunch\5.31.2\OneLaunch.exe ->) (ONELAUNCH TECHNOLOGIES INC. -> OneLaunch) C:\Users\mary ann\AppData\Local\OneLaunch\5.31.2\onelaunchtray.exe
(DriverStore\FileRepository\ipf_cpu.inf_amd64_ac13c23bf8b4219a\ipf_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_ac13c23bf8b4219a\ipf_helper.exe
(ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc) C:\Program Files\WindowsApps\AD2F1837.myHP_34.52424.589.0_x64__v10z8vjag6ke6\win32\HP.ContextAware.exe
(ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.5.15.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityBackground.exe
(ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\OmenCommandCenterBackground.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <10>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(explorer.exe ->) (Storage Appliance Corporation -> Storage Appliance Corp.) C:\ProgramData\OfficeGuardianV2N\Reminder\SacReminder.exe
(EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(SECOMN64.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOCL64.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(services.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\afwServ.exe
(services.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(services.exe ->) (Connectwise, LLC -> ) C:\Users\mary ann\AppData\Local\Apps\2.0\QN4P3DWA.NPN\VQCN9APE.Z4M\scre..tion_25b0fbb6ef7eb094_0018.0001_51e59eb280deee18\ScreenConnect.ClientService.exe
(services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_e37f0d22409571ae\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_e37f0d22409571ae\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_e37f0d22409571ae\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_e37f0d22409571ae\x64\SysInfoCap.exe
(services.exe ->) (HP Inc. -> HP Inc; HP Development Company, L.P.) C:\Program Files\HP\HP One Agent\hp-one-agent-service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_191d9fb378307f35\ipfsvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a687edda40db3316\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_0db786bd9a6ade98\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_ac13c23bf8b4219a\ipf_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_ab7d4ea1d12c01d4\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\AS\IAS\IntelAudioService.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\wps\1.18.255.1\mc-fw-host.exe <2>
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_e4e95354d5d4b4dd\RtkAudUService64.exe <3>
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(services.exe ->) (Storage Appliance Corporation -> Storage Appliance Corp.) C:\ProgramData\OfficeGuardianV2N\UACProxy.exe
(services.exe ->) (Storage Appliance Corporation -> Storage Appliance Corporation) C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(sihost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5536.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(sihost.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> ) C:\Program Files\WindowsApps\AD2F1837.myHP_34.52424.589.0_x64__v10z8vjag6ke6\win32\DesktopExtension.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1501.533.0_x64__8wekyb3d8bbwe\DevHome.PI.exe
(svchost.exe ->) (AVG Technologies USA, LLC -> AVG Technologies) C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5536.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> ) C:\Program Files\WindowsApps\AD2F1837.myHP_34.52424.589.0_x64__v10z8vjag6ke6\HP.myHP.exe
(svchost.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPQuickDrop_2.5.10921.0_x64__v10z8vjag6ke6\HPQuickDrop.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\OmenInstallMonitor\OmenInstallMonitor.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\Overlay\OverlayHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.13200.20.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (ONELAUNCH TECHNOLOGIES INC. -> OneLaunch) C:\Users\mary ann\AppData\Local\OneLaunch\5.31.2\chromium\chromium.exe <7>
(svchost.exe ->) (ONELAUNCH TECHNOLOGIES INC. -> OneLaunch) C:\Users\mary ann\AppData\Local\OneLaunch\5.31.2\OneLaunch.exe
(svchost.exe ->) (PC HELPSOFT LABS INC. -> PC Helpsoft) C:\Program Files (x86)\PC Cleaner\PCCNotifications.exe
(svchost.exe ->) (Wavesor Software (Eightpoint Technologies Ltd. SEZC) -> Wavesor Software) C:\Users\mary ann\Wavesor Software\WaveBrowser\wavebrowser.exe <12>
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
Failed to access process -> mc-fw-host.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_e4e95354d5d4b4dd\RtkAudUService64.exe [1987544 2024-05-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [464320 2024-06-26] (AVG Technologies USA, LLC -> Gen Digital Inc.)
HKLM\...\Run: [HPOneAgentService] => C:\Program Files\HP\HP One Agent\hp-one-agent-service.exe [1605136 2024-05-20] (HP Inc. -> HP Inc; HP Development Company, L.P.)
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [380784 2022-08-16] (EXPRSVPN LLC -> ExpressVPN)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe [539152 2024-04-24] (HP Inc. -> HP Inc.)
HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\Run: [MicrosoftEdgeAutoLaunch_999B8E90B693400311D9758E783E7FCC] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3883560 2024-06-20] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\Run: [SacReminderHDDV2N] => C:\ProgramData\OfficeGuardianV2N\reminder\SacReminder.exe [862032 2010-11-18] (Storage Appliance Corporation -> Storage Appliance Corp.)
HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\Run: [Wavesor SWUpdater] => C:\Users\mary ann\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe [213400 2024-04-11] (Wavesor Software (Eightpoint Technologies Ltd. SEZC) -> Wavesor Software)
HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\Run: [OneLaunch] => C:\Users\mary ann\AppData\Local\OneLaunch\5.31.2\onelaunch.exe [17846264 2024-05-08] (ONELAUNCH TECHNOLOGIES INC. -> OneLaunch)
HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\Run: [OneLaunchChromium] => C:\Users\mary ann\AppData\Local\OneLaunch\5.31.2\ChromiumStartupProxy.exe [195064 2024-05-08] (ONELAUNCH TECHNOLOGIES INC. -> OneLaunch)
HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\Run: [OneLaunchUpdater] => C:\Users\mary ann\AppData\Local\OneLaunch\5.31.2\OneLaunchUpdaterProxy.exe [195064 2024-05-08] (ONELAUNCH TECHNOLOGIES INC. -> OneLaunch)
HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\MountPoints2: {cb5214c5-ba6e-11ee-9675-cc5ef8f272ec} - "D:\GHScrabbleInstall.exe"
HKLM\...\Windows x64\Print Processors\Canon MG2500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBX.DLL [30208 2023-07-07] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2500 series: C:\windows\system32\CNMLMBX.DLL [391168 2023-07-07] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{48F69C39-1356-4A7B-A899-70E3539D4982}] -> C:\Program Files\AVG\Browser\Application\125.0.25426.176\Installer\chrmstp.exe [2024-06-19] (AVG Technologies USA, LLC -> Gen Digital Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\126.0.6478.127\Installer\chrmstp.exe [2024-06-26] (Google LLC -> Google LLC)
Startup: C:\Users\mary ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2024-01-10]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\ChromiumLaunchTask" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-808705873-2307071823-1975692619-1001" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-808705873-2307071823-1975692619-500" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\OneLaunchLaunchTask" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\OneLaunchUpdateTask" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\PC Cleaner automatic scan and notifications" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{B7E812A0-8F9B-484B-BB1A-FEA794A52B0F}" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN "\WavesorSWUpdaterTaskUserS-1-5-21-808705873-2307071823-1975692619-1001Core" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(17): schtasks.exe -> /Change /TN "\WavesorSWUpdaterTaskUserS-1-5-21-808705873-2307071823-1975692619-1001UA" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\HPOneAgentRepairTask" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\OmenInstallMonitor" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\OmenInstallMonitorCustomEvent" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\OmenOverlay" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\OmenOverlayCustomEvent" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\OneDrive Reporting Task-S-1-5-21-808705873-2307071823-1975692619-1001" /ENABLE
Task: {0DF0C6B6-575F-4680-B6AC-B1A7705BD1B8} - System32\Tasks\AVG Secure Browser Heartbeat Task (Hourly) => C:\Program Files\AVG\Browser\Application\AVGBrowser.exe [3137968 2024-06-17] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {97169D64-028B-4D24-A1E1-32CFE50BCEFA} - System32\Tasks\AVG Secure Browser Heartbeat Task (Logon) => C:\Program Files\AVG\Browser\Application\AVGBrowser.exe [3137968 2024-06-17] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {F3CF72D0-BA0B-4D08-9A68-C3B197B53B39} - System32\Tasks\AVG\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [5131704 2024-06-26] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {97A9314E-F50B-4E91-BEE4-CE020216906C} - System32\Tasks\AVG\AVG Antivirus Patcher => C:\Program Files\Common Files\AVG\Icarus\avg-av\icarus.exe [8027576 2024-06-20] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {9F2FF50B-9FD5-4F95-B1A2-B7CC463BF101} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2181560 2024-01-12] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {FEB83023-3CE9-4DD1-9ED1-2B388C7BF3C1} - System32\Tasks\AVGBrowserProtectS-1-5-21-808705873-2307071823-1975692619-1001 => C:\Program Files\AVG\Browser\Application\AVGBrowserProtect.exe [1690040 2024-04-23] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {9AAD71D1-07E2-45D3-883B-237BF6E09ADE} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [209224 2024-03-02] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {0194822B-53DE-4043-A680-1B0E4CD02BB0} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [209224 2024-03-02] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {E5E05489-F755-45B0-922B-FB928247C5DB} - System32\Tasks\ChromiumLaunchTask => C:\Users\mary ann\AppData\Local\OneLaunch\5.31.2\chromium\chromium.exe [1741816 2024-05-08] (ONELAUNCH TECHNOLOGIES INC. -> OneLaunch)
Task: {F3F2D9EB-1B0C-4EA5-8DA6-89267E4CF512} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem128.0.6537.0{8D9A1D6A-B4AD-436B-A14F-D5A9B784B54F} => C:\Program Files (x86)\Google\GoogleUpdater\128.0.6537.0\updater.exe [4623976 2024-06-13] (Google LLC -> Google LLC)
Task: {3F7DEAE6-2942-47F5-9639-EBAA31964D8D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [703536 2024-05-13] (HP Inc. -> HP Inc.) -> C:\Program Files (x86)\HP\HP Support Framework\\/show
Task: {577E5A4B-3BE3-475E-9CF9-E9EDAFD48E35} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2024-05-13] (HP Inc. -> HP Inc.)
Task: {6ABFFDA9-1E94-45A8-91C1-951A89882612} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161744 2024-05-13] (HP Inc. -> HP Inc.)
Task: {4C8C4A6C-ADEB-4F6B-933D-DB060D0B5D2F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161744 2024-05-13] (HP Inc. -> HP Inc.)
Task: {CC570B68-43FB-4442-89FF-BA3D6B507FE2} - System32\Tasks\HP\Consent Manager Launcher => C:\windows\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> start hptouchpointanalyticsservice
Task: {D39C6D05-2383-47BB-A52D-A759C725F23B} - System32\Tasks\HPOneAgentRepairTask => C:\ProgramData\Package Cache\{E3864E7A-058C-4AC3-8331-E2E4F64C69A4}\HPOneAgent.exe [1169488 2024-06-28] (HP Inc. -> HP Inc.)
Task: {8057C08C-800D-4493-9F4F-2B5D30E99E61} - System32\Tasks\McAfee\WPS\McAfee Anti-tracker notification => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {040010EA-1BBC-447B-9090-3BB096E813B3} - System32\Tasks\McAfee\WPS\McAfee Cloud Configuration Check => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {EAEA0964-16A6-458B-BD62-1B45C21DF280} - System32\Tasks\McAfee\WPS\McAfee Health Check => C:\Program Files\McAfee\wps\1.18.255.1\sustainability\mc-sustainability.exe [950824 2024-05-31] (McAfee, LLC -> McAfee, LLC)
Task: {1A8D192A-E602-4692-A574-CA6BD75D59A7} - System32\Tasks\McAfee\WPS\McAfee Hotfix => C:\Program Files\McAfee\wps\1.18.255.1\dad\3.21.6\mc-dad.exe [2641432 2024-06-21] (McAfee, LLC -> McAfee, LLC)
Task: {AFC537DA-7894-48F4-BFA1-C58EFE38A190} - System32\Tasks\McAfee\WPS\McAfee Message Check => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {681F2B7E-072A-4EAA-85E1-8819F061C123} - System32\Tasks\McAfee\WPS\McAfee PC Optimizer Task => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {72D83402-547D-4D39-8E88-C50F51A9D6DE} - System32\Tasks\McAfee\WPS\McAfee restart of PC => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {68370CD0-6967-45A7-AE10-414612E86E20} - System32\Tasks\McAfee\WPS\McAfee Scheduled AV Scan => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {2108BDB0-9C3A-4ED1-AD6E-9B0E548EF94F} - System32\Tasks\McAfee\WPS\McAfee Scheduled Tracker Remover => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {FE923434-2E65-4870-8746-8E2BB7D1881B} - System32\Tasks\McAfee\wps\McAfee Updater => {81A7CB63-BB07-4DAD-8E72-07B3A9BB08E2} C:\Program Files\McAfee\wps\1.18.255.1\mc-update.exe [3296312 2024-05-31] (McAfee, LLC -> McAfee, LLC)
Task: {BE36AFFD-9B2B-429F-88D2-9607ED6EA43E} - System32\Tasks\McAfee\WPS\McAfee Virus Definition Update => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {DE988299-04E9-47DF-A3C4-016A3ADEA8F1} - System32\Tasks\McAfee\WPS\McAfee Windows Notification Token => \\?\C:\Program Files\McAfee\wps\1.18.255.1\mc-wns-client\mc-wns-client.exe [923696 2024-05-31] (McAfee, LLC -> )
Task: {28EC1EFD-13A8-44F4-808D-71184443B2AF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28499424 2024-06-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {A4D6DDE5-82CA-4009-8F3E-2B89C8802798} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28499424 2024-06-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {2BE3E1C8-EDF8-48F3-B9AA-D492CDDA32A3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309800 2024-06-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {3DA13173-0A3C-4796-8C92-8E5E7E34CBC5} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309800 2024-06-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {C32D3DA8-1D09-4ACE-8F31-4FD485343EB9} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [169648 2024-06-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {D876E5B7-2851-4C88-AF4B-1C662D57E990} - System32\Tasks\Microsoft\Windows\Application Experience\PcaWallpaperAppDetect => C:\windows\system32\rundll32.exe [73728 2024-05-14] (Microsoft Windows -> Microsoft Corporation) -> %windir%\system32\PcaSvc.dll,PcaWallpaperAppDetect
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {F4907934-B6EB-4C2A-81EE-1492B2971241} - System32\Tasks\Mozilla\Firefox Background Update 80E4E1F205DA295 => C:\Users\mary ann\AppData\Local\Mozilla Firefox\firefox.exe [676936 2024-06-26] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\80E4E1F205DA295\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\80E4E1F205DA295\backgroundupdate.moz_log --backgroundtask backgroundup (the data entry has 4 more characters).
Task: {1AC12C42-DC1C-4FF7-85AB-74E9CBEE60BC} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-808705873-2307071823-1975692619-1001 80E4E1F205DA295 => C:\Users\mary ann\AppData\Local\Mozilla Firefox\firefox.exe [676936 2024-06-26] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\80E4E1F205DA295\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\80E4E1F205DA295\backgroundupdate.moz_log --backgroundtask backgroundup (the data entry has 4 more characters).
Task: {95878FD7-7EAF-4EFD-BF0F-F68E2E844724} - System32\Tasks\Mozilla\Firefox Default Browser Agent 80E4E1F205DA295 => C:\Users\mary ann\AppData\Local\Mozilla Firefox\default-browser-agent.exe [34888 2024-06-26] (Mozilla Corporation -> Mozilla Foundation)
Task: {E974BB8A-19B5-4689-89F8-A316CDCE34D0} - System32\Tasks\OmenInstallMonitor => C:\Program Files\HP\OmenInstallMonitor\OmenInstallMonitor.exe [69592 2024-06-19] (HP Inc. -> HP Inc.)
Task: {2F6183DD-A23C-49B3-8DBA-0D378EF5D9CC} - System32\Tasks\OmenInstallMonitorCustomEvent => C:\Program Files\HP\OmenInstallMonitor\OmenInstallMonitor.exe [69592 2024-06-19] (HP Inc. -> HP Inc.)
Task: {2828F2E3-D7F1-4D01-8017-06BF8792260B} - System32\Tasks\OmenOverlay => C:\Program Files\HP\Overlay\OverlayHelper.exe [66512 2024-06-19] (HP Inc. -> HP Inc.)
Task: {0BB65447-B206-4778-BAF8-8177469E73F8} - System32\Tasks\OmenOverlayCustomEvent => C:\Program Files\HP\Overlay\OverlayHelper.exe [66512 2024-06-19] (HP Inc. -> HP Inc.)
Task: {6FD85296-0C24-4C3F-B0C5-E102B3F31688} - System32\Tasks\OneLaunchLaunchTask => C:\Users\mary ann\AppData\Local\OneLaunch\5.31.2\onelaunch.exe [17846264 2024-05-08] (ONELAUNCH TECHNOLOGIES INC. -> OneLaunch)
Task: {1E8A82A6-1996-49E0-995B-69D10551A9DB} - System32\Tasks\OneLaunchUpdateTask => C:\Users\mary ann\AppData\Local\OneLaunch\5.31.2\OneLaunchUpdaterProxy.exe [195064 2024-05-08] (ONELAUNCH TECHNOLOGIES INC. -> OneLaunch)
Task: {C0B62B96-581A-45A9-9A75-5E06BA2A7786} - System32\Tasks\PC Cleaner automatic scan and notifications => C:\Program Files (x86)\PC Cleaner\PCCNotifications.exe [5092712 2024-04-03] (PC HELPSOFT LABS INC. -> PC Helpsoft) <==== ATTENTION
Task: {AC78B30B-70FC-4FBC-AFA3-6376BABD084E} - System32\Tasks\Wavesor Software_S-1-5-21-808705873-2307071823-1975692619-1001\WaveBrowser-StartAtLogin => C:\Users\mary ann\Wavesor Software\WaveBrowser\wavebrowser.exe [3168168 2023-12-06] (Wavesor Software (Eightpoint Technologies Ltd. SEZC) -> Wavesor Software)
Task: {6F4941CA-2BD9-40E4-AA0F-7898E844E2DB} - System32\Tasks\WavesorSWUpdaterTaskUserS-1-5-21-808705873-2307071823-1975692619-1001Core => C:\Users\mary ann\Wavesor Software\SWUpdater\SWUpdater.exe [111000 2024-04-11] (Wavesor Software (Eightpoint Technologies Ltd. SEZC) -> Wavesor Software)
Task: {C5EA2C8B-21E7-44C5-9DEA-5A31E8A160B0} - System32\Tasks\WavesorSWUpdaterTaskUserS-1-5-21-808705873-2307071823-1975692619-1001UA => C:\Users\mary ann\Wavesor Software\SWUpdater\SWUpdater.exe [111000 2024-04-11] (Wavesor Software (Eightpoint Technologies Ltd. SEZC) -> Wavesor Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{76589a44-f848-4698-a640-9c4b72e3128b}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Profile: C:\Users\mary ann\AppData\Local\Microsoft\Edge\User Data\Default [2024-06-28]
Edge Extension: (Google Docs Offline) - C:\Users\mary ann\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-26]
Edge Extension: (Edge relevant text changes) - C:\Users\mary ann\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]

FireFox:
========
FF DefaultProfile: 5h3lizib.default
FF ProfilePath: C:\Users\mary ann\AppData\Roaming\Mozilla\Firefox\Profiles\5h3lizib.default [2024-01-10]
FF ProfilePath: C:\Users\mary ann\AppData\Roaming\Mozilla\Firefox\Profiles\lopv9txo.default-release [2024-06-28]
FF Notifications: Mozilla\Firefox\Profiles\lopv9txo.default-release -> hxxps://www.truthfinder.com
FF Extension: (Capital One Shopping: Save Now) - C:\Users\mary ann\AppData\Roaming\Mozilla\Firefox\Profiles\lopv9txo.default-release\Extensions\{aff8af88-06a9-4eee-b383-3af08c47b8c8}.xpi [2024-04-05]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=3 -> C:\Program Files (x86)\AVG\Browser\Update\1.8.1650.5\npAvgBrowserUpdate3.dll [2024-03-02] (AVG Technologies USA, LLC -> AVG Technologies)
FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=9 -> C:\Program Files (x86)\AVG\Browser\Update\1.8.1650.5\npAvgBrowserUpdate3.dll [2024-03-02] (AVG Technologies USA, LLC -> AVG Technologies)

Chrome:
=======
CHR Profile: C:\Users\mary ann\AppData\Local\Google\Chrome\User Data\Default [2024-06-28]
CHR HomePage: Default -> bing.com
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?EID=MBHSE&FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Extension: (Microsoft Bing Homepage & Search Engine) - C:\Users\mary ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflanjgoamglnnocilcllegbbbfogfjc [2024-06-26]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\mary ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2024-04-30]
CHR Extension: (Google Docs Offline) - C:\Users\mary ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mary ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-02-24]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKU\S-1-5-21-808705873-2307071823-1975692619-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cflanjgoamglnnocilcllegbbbfogfjc]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avg; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [209224 2024-03-02] (AVG Technologies USA, LLC -> AVG Technologies)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [802744 2024-06-26] (AVG Technologies USA, LLC -> Gen Digital Inc.)
R2 AVG Firewall; C:\Program Files\AVG\Antivirus\afwServ.exe [2360248 2024-06-26] (AVG Technologies USA, LLC -> Gen Digital Inc.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [1239992 2024-06-26] (AVG Technologies USA, LLC -> Gen Digital Inc.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [9077176 2024-06-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgm; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [209224 2024-03-02] (AVG Technologies USA, LLC -> AVG Technologies)
S3 AVGSecureBrowserElevationService; C:\Program Files\AVG\Browser\Application\125.0.25426.176\elevation_service.exe [1772840 2024-06-17] (AVG Technologies USA, LLC -> Gen Digital Inc.)
R2 AVGWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2024-01-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14012384 2024-06-07] (Microsoft Corporation -> Microsoft Corporation)
R2 dptftcs; C:\windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_191d9fb378307f35\ipfsvc.exe [557096 2023-06-23] (Intel Corporation -> Intel Corporation)
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [439664 2022-08-16] (EXPRSVPN LLC -> ExpressVPN)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [893984 2022-08-15] (HP Inc. -> HP Inc.)
R2 hp-one-agent-service; C:\Program Files\HP\HP One Agent\hp-one-agent-service.exe [1605136 2024-05-20] (HP Inc. -> HP Inc; HP Development Company, L.P.)
R2 HPAppHelperCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_e37f0d22409571ae\x64\AppHelperCap.exe [928808 2024-06-02] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_e37f0d22409571ae\x64\DiagsCap.exe [927792 2024-06-02] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_e37f0d22409571ae\x64\NetworkCap.exe [923584 2024-06-02] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_e37f0d22409571ae\x64\SysInfoCap.exe [928704 2024-06-02] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe [569008 2024-05-07] (HP Inc. -> HP Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 Intel(R) Platform License Manager Service; C:\windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_4e9e8c349f3a1aca\lib\PlatformLicenseManagerService.exe [741584 2023-10-25] (Intel Corporation -> Intel(R) Corporation)
R2 IntelAudioService; C:\windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\AS\IAS\IntelAudioService.exe [530520 2023-10-18] (Intel Corporation -> Intel)
R2 ipfsvc; C:\windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_ac13c23bf8b4219a\ipf_uf.exe [2999912 2023-06-27] (Intel Corporation -> Intel Corporation)
R2 mc-fw-host; C:\Program Files\McAfee\wps\1.18.255.1\mc-fw-host.exe [2711192 2024-05-31] (McAfee, LLC -> McAfee, LLC)
S3 mc-wps-update; C:\Program Files\McAfee\wps\1.18.255.1\mc-update.exe [3296312 2024-05-31] (McAfee, LLC -> McAfee, LLC)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [879456 2024-06-27] (McAfee, LLC -> McAfee, LLC)
R2 SacNetAgentService_C57C4F854F53; C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe [163664 2010-11-18] (Storage Appliance Corporation -> Storage Appliance Corporation)
R2 ScreenConnect Client (875745c2-2c6c-44d9-94e6-f9f7739195dd); C:\Users\mary ann\AppData\Local\Apps\2.0\QN4P3DWA.NPN\VQCN9APE.Z4M\scre..tion_25b0fbb6ef7eb094_0018.0001_51e59eb280deee18\ScreenConnect.ClientService.exe [95520 2024-06-26] (Connectwise, LLC -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\NisSrv.exe [3191272 2024-03-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe [133688 2024-03-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 CFUACProxy_officeguardianv2n; "C:\ProgramData\OfficeGuardianV2N\UACProxy.exe" -s "-pC:\ProgramData\OfficeGuardianV2N"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avgArDisk; C:\windows\System32\drivers\avgArDisk.sys [20544 2024-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgArPot; C:\windows\System32\drivers\avgArPot.sys [229952 2024-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgbidsdriver; C:\windows\System32\drivers\avgbidsdriver.sys [380992 2024-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgbidsh; C:\windows\System32\drivers\avgbidsh.sys [292936 2024-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgbuniv; C:\windows\System32\drivers\avgbuniv.sys [84544 2024-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgElam; C:\windows\System32\drivers\avgElam.sys [27760 2024-02-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
R1 avgKbd; C:\windows\System32\drivers\avgKbd.sys [28736 2024-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgMonFlt; C:\windows\System32\drivers\avgMonFlt.sys [271944 2024-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgNetHub; C:\windows\System32\drivers\avgNetHub.sys [548928 2024-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgRdr; C:\windows\System32\drivers\avgRdr2.sys [97856 2024-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgRvrt; C:\windows\System32\drivers\avgRvrt.sys [69184 2024-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgSnx; C:\windows\System32\drivers\avgSnx.sys [942536 2024-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgSP; C:\windows\System32\drivers\avgSP.sys [1195992 2024-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R3 avgStm; C:\windows\System32\drivers\avgStm.sys [203736 2024-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgVmm; C:\windows\System32\drivers\avgVmm.sys [306648 2024-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 BthHFEnum; C:\windows\System32\drivers\bthhfenum.sys [184320 2023-04-21] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\windows\System32\drivers\bthmodem.sys [106496 2023-04-21] (Microsoft Corporation) [File not signed]
S3 CtaChildDriver; C:\windows\System32\drivers\CtaChildDriver.sys [55776 2023-02-14] (Intel Corporation -> )
R3 expressvpntun; C:\windows\System32\drivers\expressvpn-tun.sys [56552 2022-08-16] (Express VPN International Ltd. -> ExpressVPN)
R0 fse; C:\windows\System32\drivers\fse.sys [218608 2024-06-12] (Microsoft Windows -> Microsoft Corporation)
S3 GSCAuxDriver; C:\windows\System32\DriverStore\FileRepository\gscauxdriver.inf_amd64_3b711bdc1649d583\GSCAuxDriverx64.sys [109040 2023-02-14] (Intel Corporation -> Intel Corporation)
S3 GSCx64; C:\windows\System32\DriverStore\FileRepository\gscheci.inf_amd64_3658d9d706e4cea6\TeeDriverGSCW8x64.sys [278584 2023-02-14] (Intel Corporation -> Intel Corporation)
R3 HPCustomCapDriver; C:\windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [26648 2022-06-23] (HP Inc. -> HP Inc.)
R2 HpReadHWData; C:\windows\system32\drivers\HpReadHWData.sys [53368 2024-01-14] (HP Inc. -> Windows (R) Win 7 DDK provider)
R3 iaLPSS2_GPIO2_ADL; C:\windows\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_bda8110c074a36f5\iaLPSS2_GPIO2_ADL.sys [141312 2023-07-24] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ADL; C:\windows\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_c4c17f8529a3943d\iaLPSS2_I2C_ADL.sys [211456 2023-07-24] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_SPI_ADL; C:\windows\System32\DriverStore\FileRepository\ialpss2_spi_adl.inf_amd64_334c460fea9b11a4\iaLPSS2_SPI_ADL.sys [171608 2022-12-15] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_UART2_ADL; C:\windows\System32\DriverStore\FileRepository\ialpss2_uart2_adl.inf_amd64_43d5df63d19fde70\iaLPSS2_UART2_ADL.sys [329320 2022-12-15] (Intel Corporation -> Intel Corporation)
R3 IntelGNA; C:\windows\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88776 2022-08-29] (Intel Corporation -> Intel Corporation)
S3 Intel_NF_I2C; C:\windows\System32\DriverStore\FileRepository\intel_nf_i2c_child.inf_amd64_a329fd450939b60d\Intel_NF_I2C.sys [222688 2023-02-14] (Intel Corporation -> Intel Corporation)
R3 ipf_acpi; C:\windows\System32\DriverStore\FileRepository\ipf_acpi.inf_amd64_4c3f63d0ffe9d9b8\ipf_acpi.sys [88632 2023-06-27] (Intel Corporation -> Intel Corporation)
R3 ipf_cpu; C:\windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_ac13c23bf8b4219a\ipf_cpu.sys [85560 2023-06-27] (Intel Corporation -> Intel Corporation)
R3 ipf_lf; C:\windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_ac13c23bf8b4219a\ipf_lf.sys [481896 2023-06-27] (Intel Corporation -> Intel Corporation)
S3 LT6911Au; C:\windows\System32\DriverStore\FileRepository\lt6911au.inf_amd64_62449180becc5735\LT6911Au.sys [66728 2023-03-23] (Intel Corporation -> Intel(R) Corporation)
S0 mfeelam; C:\windows\System32\DRIVERS\mfeelam.sys [19536 2024-05-31] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R0 mfesec; C:\windows\System32\DRIVERS\mfesec.sys [85304 2024-05-31] (McAfee, LLC -> McAfee, LLC)
S3 rtux64w10; C:\windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_03831aeaaa2c730e\rtux64w10.sys [683520 2022-05-07] (Microsoft Windows -> Realtek Corporation)
S3 scsiscan; C:\windows\system32\DRIVERS\scsiscan.sys [57344 2024-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 vmbusproxy; C:\windows\system32\drivers\vmbusproxy.sys [94208 2024-01-12] (Microsoft Windows -> )
S3 WdBoot; C:\windows\system32\drivers\wd\WdBoot.sys [20928 2024-03-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\wd\WdFilter.sys [603416 2024-03-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [105752 2024-03-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-06-28 15:58 - 2024-06-28 16:05 - 000040419 _____ C:\Users\mary ann\Downloads\Addition.txt
2024-06-28 15:57 - 2024-06-28 18:37 - 000045289 _____ C:\Users\mary ann\Downloads\FRST.txt
2024-06-28 15:57 - 2024-06-28 18:37 - 000000000 ____D C:\FRST
2024-06-28 15:28 - 2024-06-28 15:28 - 000001512 _____ C:\Users\mary ann\Desktop\FRST64 - Shortcut (2).lnk
2024-06-28 11:47 - 2024-06-28 11:47 - 000001512 _____ C:\Users\mary ann\Desktop\FRST64 - Shortcut.lnk
2024-06-27 19:25 - 2024-06-27 19:25 - 002395648 _____ (Farbar) C:\Users\mary ann\Downloads\FRST64(1).exe
2024-06-27 19:11 - 2024-06-27 19:11 - 002395648 _____ (Farbar) C:\Users\mary ann\Downloads\FRST64.exe
2024-06-26 18:11 - 2024-06-26 18:10 - 000314816 _____ (Gen Digital Inc.) C:\windows\system32\avgBoot.exe
2024-06-26 18:11 - 2024-06-26 17:54 - 000000568 _____ C:\windows\SysWOW64\user.config
2024-06-26 18:09 - 2024-06-26 18:09 - 000234888 _____ (AVG Technologies CZ, s.r.o.) C:\Users\mary ann\Downloads\avg_antivirus_free_setup (1).exe
2024-06-26 18:09 - 2024-06-26 18:09 - 000234888 _____ (AVG Technologies CZ, s.r.o.) C:\Users\mary ann\Desktop\avg_antivirus_free_setup (1).exe
2024-06-26 15:20 - 2024-06-28 16:32 - 000000000 ____D C:\Users\mary ann\AppData\Local\Deployment
2024-06-26 15:20 - 2024-06-26 15:20 - 000000568 _____ C:\windows\system32\user.config
2024-06-26 15:20 - 2024-06-26 15:20 - 000000000 ____D C:\Users\mary ann\AppData\Local\Apps\2.0
2024-06-26 15:19 - 2024-06-26 15:19 - 000086304 _____ C:\Users\mary ann\Downloads\support.Client.exe
2024-06-26 12:02 - 2024-06-28 18:30 - 000000000 ____D C:\Users\mary ann\AppData\Local\Mozilla Firefox
2024-06-20 08:33 - 2024-06-20 08:33 - 000000000 _____ C:\Users\mary ann\Downloads\6Hp4nfE6.htm
2024-06-12 19:40 - 2024-06-12 19:40 - 000024821 _____ C:\windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-06-12 19:37 - 2024-06-12 19:37 - 000024821 _____ C:\windows\system32\IntegratedServicesRegionPolicySet.json
2024-06-12 19:22 - 2024-06-12 19:30 - 000000000 ___HD C:\$WinREAgent
2024-06-07 13:58 - 2024-06-26 15:13 - 000002420 _____ C:\windows\system32\Tasks\PC Cleaner automatic scan and notifications
2024-06-07 13:58 - 2024-06-19 21:59 - 000000000 ____D C:\Program Files (x86)\PC Cleaner
2024-06-07 13:58 - 2024-06-07 14:00 - 000000000 ____D C:\ProgramData\PC Cleaner
2024-06-07 13:58 - 2024-06-07 13:58 - 007867760 _____ (PC Helpsoft ) C:\Users\mary ann\Downloads\PC_Cleaner_setup.exe
2024-06-07 13:58 - 2024-06-07 13:58 - 000001102 _____ C:\Users\mary ann\Desktop\PC Cleaner.lnk
2024-06-07 13:58 - 2024-06-07 13:58 - 000000000 ____D C:\Users\mary ann\AppData\Roaming\PC Cleaner
2024-06-07 13:58 - 2024-06-07 13:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaner
2024-06-02 15:49 - 2024-06-02 15:49 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-05-31 14:31 - 2024-05-31 14:31 - 000000000 ____D C:\Program Files\Common Files\DynamicAppDownloader

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-06-28 18:31 - 2024-01-10 15:05 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-06-28 18:28 - 2024-01-14 19:12 - 000000000 ____D C:\Users\mary ann\AppData\Local\OGH
2024-06-28 18:27 - 2024-01-12 18:07 - 000000000 ____D C:\Users\mary ann\AppData\Local\AVG
2024-06-28 18:26 - 2024-05-28 13:02 - 000003666 _____ C:\windows\system32\Tasks\ChromiumLaunchTask
2024-06-28 18:26 - 2024-05-28 13:02 - 000003616 _____ C:\windows\system32\Tasks\OneLaunchLaunchTask
2024-06-28 18:26 - 2024-05-28 13:02 - 000003528 _____ C:\windows\system32\Tasks\OneLaunchUpdateTask
2024-06-28 18:26 - 2024-04-11 11:58 - 000000000 ____D C:\windows\system32\Tasks\Wavesor Software_S-1-5-21-808705873-2307071823-1975692619-1001
2024-06-28 18:26 - 2022-05-07 01:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-06-28 16:20 - 2022-11-03 00:39 - 000855938 _____ C:\windows\system32\PerfStringBackup.INI
2024-06-28 16:20 - 2022-05-07 01:22 - 000000000 ____D C:\windows\INF
2024-06-28 16:15 - 2022-05-07 01:24 - 000000000 ____D C:\windows\SystemTemp
2024-06-28 16:13 - 2022-05-07 01:24 - 000000000 ____D C:\windows\ServiceState
2024-06-28 16:12 - 2024-01-12 17:23 - 000000000 ____D C:\ProgramData\AVG
2024-06-28 16:12 - 2022-11-03 00:32 - 000012288 ___SH C:\DumpStack.log.tmp
2024-06-28 16:12 - 2022-11-03 00:32 - 000000006 ____H C:\windows\Tasks\SA.DAT
2024-06-28 16:12 - 2022-05-07 01:17 - 001048576 _____ C:\windows\system32\config\BBI
2024-06-28 15:15 - 2022-11-03 00:32 - 000000000 ____D C:\windows\system32\SleepStudy
2024-06-28 12:55 - 2022-05-07 01:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-06-28 12:55 - 2022-05-07 01:24 - 000000000 ____D C:\windows\AppReadiness
2024-06-28 11:43 - 2024-01-30 12:38 - 000003824 _____ C:\windows\system32\Tasks\HPOneAgentRepairTask
2024-06-28 11:43 - 2023-09-01 10:25 - 000000000 ____D C:\ProgramData\Package Cache
2024-06-28 11:32 - 2024-04-23 13:30 - 000004172 _____ C:\windows\system32\Tasks\User_Feed_Synchronization-{B7E812A0-8F9B-484B-BB1A-FEA794A52B0F}
2024-06-28 11:28 - 2024-01-10 12:06 - 000003588 _____ C:\windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-808705873-2307071823-1975692619-1001
2024-06-28 11:28 - 2024-01-10 12:06 - 000003384 _____ C:\windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-808705873-2307071823-1975692619-1001
2024-06-28 11:28 - 2024-01-10 12:06 - 000002395 _____ C:\Users\mary ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-06-26 18:12 - 2024-01-12 17:25 - 000002006 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus Free.lnk
2024-06-26 18:12 - 2024-01-12 17:25 - 000001994 _____ C:\Users\Public\Desktop\AVG AntiVirus Free.lnk
2024-06-26 18:11 - 2024-02-24 13:05 - 000942536 _____ (Gen Digital Inc.) C:\windows\system32\Drivers\avgSnx.sys
2024-06-26 18:11 - 2024-01-12 17:25 - 000000000 ____D C:\windows\system32\Tasks\AVG
2024-06-26 18:11 - 2022-05-07 01:24 - 000000000 ___HD C:\windows\ELAMBKUP
2024-06-26 18:10 - 2024-02-24 13:05 - 000380992 _____ (Gen Digital Inc.) C:\windows\system32\Drivers\avgbidsdriver.sys
2024-06-26 18:10 - 2024-02-24 13:05 - 000306648 _____ (Gen Digital Inc.) C:\windows\system32\Drivers\avgVmm.sys
2024-06-26 18:10 - 2024-02-24 13:05 - 000292936 _____ (Gen Digital Inc.) C:\windows\system32\Drivers\avgbidsh.sys
2024-06-26 18:10 - 2024-02-24 13:05 - 000229952 _____ (Gen Digital Inc.) C:\windows\system32\Drivers\avgArPot.sys
2024-06-26 18:10 - 2024-02-24 13:05 - 000084544 _____ (Gen Digital Inc.) C:\windows\system32\Drivers\avgbuniv.sys
2024-06-26 18:10 - 2024-02-24 13:05 - 000028736 _____ (Gen Digital Inc.) C:\windows\system32\Drivers\avgKbd.sys
2024-06-26 18:10 - 2024-01-12 17:24 - 001195992 _____ (Gen Digital Inc.) C:\windows\system32\Drivers\avgSP.sys
2024-06-26 18:10 - 2024-01-12 17:24 - 000548928 _____ (Gen Digital Inc.) C:\windows\system32\Drivers\avgNetHub.sys
2024-06-26 18:10 - 2024-01-12 17:24 - 000271944 _____ (Gen Digital Inc.) C:\windows\system32\Drivers\avgMonFlt.sys
2024-06-26 18:10 - 2024-01-12 17:24 - 000097856 _____ (Gen Digital Inc.) C:\windows\system32\Drivers\avgRdr2.sys
2024-06-26 18:10 - 2024-01-12 17:24 - 000069184 _____ (Gen Digital Inc.) C:\windows\system32\Drivers\avgRvrt.sys
2024-06-26 18:10 - 2024-01-12 17:24 - 000020544 _____ (Gen Digital Inc.) C:\windows\system32\Drivers\avgArDisk.sys
2024-06-26 18:10 - 2023-04-21 14:27 - 000001623 _____ C:\windows\system32\config\VSMIDK
2024-06-26 17:35 - 2024-01-10 12:02 - 000000000 ____D C:\Users\mary ann
2024-06-26 16:45 - 2024-02-24 14:36 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-06-26 16:45 - 2024-02-24 14:36 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-06-26 15:13 - 2024-04-11 11:58 - 000003532 _____ C:\windows\system32\Tasks\WavesorSWUpdaterTaskUserS-1-5-21-808705873-2307071823-1975692619-1001UA
2024-06-26 15:13 - 2024-04-11 11:58 - 000003264 _____ C:\windows\system32\Tasks\WavesorSWUpdaterTaskUserS-1-5-21-808705873-2307071823-1975692619-1001Core
2024-06-26 15:13 - 2024-01-30 23:02 - 000003356 _____ C:\windows\system32\Tasks\OmenInstallMonitorCustomEvent
2024-06-26 15:13 - 2024-01-30 23:02 - 000003296 _____ C:\windows\system32\Tasks\OmenOverlayCustomEvent
2024-06-26 15:13 - 2024-01-14 19:14 - 000002916 _____ C:\windows\system32\Tasks\OmenInstallMonitor
2024-06-26 15:13 - 2024-01-14 19:14 - 000002856 _____ C:\windows\system32\Tasks\OmenOverlay
2024-06-26 15:13 - 2023-09-01 10:53 - 000002854 _____ C:\windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-808705873-2307071823-1975692619-500
2024-06-26 15:13 - 2022-11-03 00:32 - 000003464 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-06-26 15:13 - 2022-11-03 00:32 - 000003240 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-06-26 15:12 - 2024-01-25 15:43 - 000000000 ____D C:\windows\system32\Tasks\AVAST Software
2024-06-26 12:16 - 2024-01-10 15:05 - 000000000 ____D C:\windows\system32\Tasks\Mozilla
2024-06-25 18:35 - 2022-05-07 01:24 - 000000000 ____D C:\windows\LiveKernelReports
2024-06-23 15:39 - 2024-01-10 12:04 - 000000000 ____D C:\Users\mary ann\AppData\Local\D3DSCache
2024-06-23 14:22 - 2024-02-09 19:13 - 000000000 ____D C:\Users\mary ann\AppData\Local\OneLaunch
2024-06-22 15:59 - 2024-01-13 15:58 - 000000000 ____D C:\Users\mary ann\AppData\Local\CrashDumps
2024-06-22 11:38 - 2022-11-03 00:32 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-06-22 11:38 - 2022-11-03 00:32 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-06-19 15:31 - 2024-03-02 09:45 - 000002328 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk
2024-06-19 15:31 - 2024-03-02 09:45 - 000002293 _____ C:\Users\Public\Desktop\AVG Secure Browser.lnk
2024-06-15 13:17 - 2023-04-21 14:33 - 000000000 ____D C:\Program Files\Microsoft Office
2024-06-13 15:11 - 2024-01-10 12:02 - 000000000 ____D C:\Users\mary ann\AppData\Local\Packages
2024-06-13 14:46 - 2024-01-12 17:26 - 000000000 ____D C:\windows\system32\MRT
2024-06-13 14:44 - 2024-01-12 17:26 - 199048176 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2024-06-12 19:57 - 2022-11-03 00:32 - 000535312 _____ C:\windows\system32\FNTCACHE.DAT
2024-06-12 19:56 - 2024-01-12 17:29 - 000000000 ____D C:\windows\system32\Microsoft-Edge-WebView
2024-06-12 19:56 - 2024-01-12 17:29 - 000000000 ____D C:\windows\InboxApps
2024-06-12 19:56 - 2023-09-01 11:10 - 000000000 ____D C:\windows\TextInput
2024-06-12 19:56 - 2023-09-01 11:10 - 000000000 ____D C:\windows\HoloShell
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ___SD C:\windows\system32\UNP
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ___RD C:\windows\PrintDialog
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ___RD C:\windows\ImmersiveControlPanel
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\UUS
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\SysWOW64\WinMetadata
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\SysWOW64\setup
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\SysWOW64\Dism
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\SystemResources
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\WinMetadata
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\WinBioPlugIns
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\ShellExperiences
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\Sgrm
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\setup
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\PerceptionSimulation
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\oobe
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\migwiz
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\Dism
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\appraiser
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\ShellExperiences
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\ShellComponents
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\BrowserCore
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\bcastdvr
2024-06-12 19:56 - 2022-05-07 01:17 - 000000000 ____D C:\windows\servicing
2024-06-12 19:49 - 2022-05-07 01:17 - 000000000 ____D C:\windows\CbsTemp
2024-06-12 19:48 - 2022-05-07 02:10 - 000036864 _____ (Microsoft Corporation) C:\windows\system32\OEMDefaultAssociations.dll
2024-06-12 19:48 - 2022-05-07 02:10 - 000024383 _____ C:\windows\system32\OEMDefaultAssociations.xml
2024-06-12 19:48 - 2022-05-07 01:25 - 000077312 _____ (Khronos Group) C:\windows\SysWOW64\opencl.dll
2024-06-12 19:48 - 2022-05-07 01:24 - 000118784 _____ (Khronos Group) C:\windows\system32\opencl.dll
2024-06-12 19:46 - 2022-05-07 01:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-06-12 19:40 - 2022-11-03 00:34 - 003216384 _____ (Microsoft Corporation) C:\windows\SysWOW64\PrintConfig.dll
2024-05-31 11:33 - 2024-01-14 19:10 - 000085304 _____ (McAfee, LLC) C:\windows\system32\Drivers\mfesec.sys
2024-05-31 11:33 - 2024-01-14 19:10 - 000019536 _____ (McAfee, LLC) C:\windows\system32\Drivers\mfeelam.sys

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

DR M

Hi, mare_wbpa.

I'll need also the Addition.txt log, which is located in the same place where the FRST.txt you posted above is.

Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

mare_wbpa

Is this it?

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/27/2014
Scan Time: 1:02:44 PM
Logfile: MBAM log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.27.05
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: mary ann

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 283518
Time Elapsed: 22 min, 44 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 7
PUP.Optional.MyFreeze.A, C:\Program Files\My.Freeze.com NetAssistant, , [2e531d873e3d072fb5d1744b43bf29d7],
PUP.Optional.IWin.A, C:\ProgramData\iWin Games, , [265bc4e00972b48257854282dd25db25],
PUP.Optional.IWin.A, C:\ProgramData\iWin Games\drm, , [265bc4e00972b48257854282dd25db25],
PUP.Optional.IWin.A, C:\ProgramData\iWin Games\drm\data, , [265bc4e00972b48257854282dd25db25],
PUP.Optional.IWin.A, C:\ProgramData\iWin Games\firefox, , [265bc4e00972b48257854282dd25db25],
PUP.Optional.IWin.A, C:\ProgramData\iWin Games\firefox\chrome, , [265bc4e00972b48257854282dd25db25],
PUP.Optional.IWin.A, C:\ProgramData\iWin Games\opal, , [265bc4e00972b48257854282dd25db25],

Files: 10
PUP.Optional.MyFreeze.A, C:\Program Files\My.Freeze.com NetAssistant\EULA.url, , [2e531d873e3d072fb5d1744b43bf29d7],
PUP.Optional.MyFreeze.A, C:\Program Files\My.Freeze.com NetAssistant\freeze.url, , [2e531d873e3d072fb5d1744b43bf29d7],
PUP.Optional.MyFreeze.A, C:\Program Files\My.Freeze.com NetAssistant\INSTALL.LOG, , [2e531d873e3d072fb5d1744b43bf29d7],
PUP.Optional.MyFreeze.A, C:\Program Files\My.Freeze.com NetAssistant\netassist_version.txt, , [2e531d873e3d072fb5d1744b43bf29d7],
PUP.Optional.MyFreeze.A, C:\Program Files\My.Freeze.com NetAssistant\Privacy_Policy.url, , [2e531d873e3d072fb5d1744b43bf29d7],
PUP.Optional.IWin.A, C:\ProgramData\iWin Games\firefox\chrome.manifest, , [265bc4e00972b48257854282dd25db25],
PUP.Optional.IWin.A, C:\ProgramData\iWin Games\firefox\install.rdf, , [265bc4e00972b48257854282dd25db25],
PUP.Optional.IWin.A, C:\ProgramData\iWin Games\firefox\iWinArcadeLauncher.exe, , [265bc4e00972b48257854282dd25db25],
PUP.Optional.IWin.A, C:\ProgramData\iWin Games\firefox\version, , [265bc4e00972b48257854282dd25db25],
PUP.Optional.IWin.A, C:\ProgramData\iWin Games\firefox\chrome\iwinarcade.jar, , [265bc4e00972b48257854282dd25db25],

Physical Sectors: 0
(No malicious items detected)


(end)

DR M

No. As you can see the scan date above is 7/27/2014.

The file I want to see, is named as Addition.txt, and, as I said, it is located in the same place where the FRST.txt you already posted is.
Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

mare_wbpa

How about this?

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.06.2024
Ran by mary ann (28-06-2024 18:37:45)
Running from C:\Users\mary ann\Downloads
Microsoft Windows 11 Home Version 23H2 22631.3737 (X64) (2024-01-10 05:27:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-808705873-2307071823-1975692619-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-808705873-2307071823-1975692619-503 - Limited - Disabled)
Guest (S-1-5-21-808705873-2307071823-1975692619-501 - Limited - Disabled)
mary ann (S-1-5-21-808705873-2307071823-1975692619-1001 - Administrator - Enabled) => C:\Users\mary ann
SACNETDRIVEUSER01 (S-1-5-21-808705873-2307071823-1975692619-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-808705873-2307071823-1975692619-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AV: McAfee (Disabled - Up to date) {0BE13B34-492A-21C0-AE43-C1742279CCB6}
FW: AVG Antivirus (Enabled) {2092F4DC-EC63-3680-C854-E2DACF7E736A}
FW: McAfee (Disabled) {33DABA11-0345-2098-851C-6841DCAA8BCD}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AVG AntiVirus Free (HKLM\...\AVG Antivirus) (Version: 24.6.9241.1898 - Gen Digital Inc.)
AVG Secure Browser (HKLM-x32\...\AVG Secure Browser) (Version: 125.0.25426.176 - Gen Digital Inc.)
AVG Update Helper (HKLM-x32\...\{EDB7AEE7-E932-4836-AE50-D3B0B7766CB5}) (Version: 1.8.1650.5 - AVG Technologies) Hidden
ExpressVPN (HKLM-x32\...\{0ebb04c1-1fe8-4092-98b8-60acd20c184b}) (Version: 10.29.0.16 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B8779D7841}) (Version: 10.29.0.16 - ExpressVPN) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 126.0.6478.127 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.13 - Google LLC) Hidden
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.19.0 - HP Inc)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP One Agent (HKLM\...\{22C961A0-D978-43C0-9E2E-0ED40AD1763E}) (Version: 1.1.0.54209 - HP Inc.) Hidden
HP One Agent (HKLM\...\{E3864E7A-058C-4AC3-8331-E2E4F64C69A4}) (Version: 1.1.0.54209 - HP Inc.)
McAfee (HKLM\...\McAfee.wps) (Version: 1.18.255.1 - McAfee, LLC)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17628.20144 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 126.0.2592.68 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 126.0.2592.68 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\OneDriveSetup.exe) (Version: 24.116.0609.0005 - Microsoft Corporation)
Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.17628.20144 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29325 (HKLM-x32\...\{d7a6435f-ac9a-4af6-8fdc-ca130d13fac9}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29325 (HKLM-x32\...\{B40FC85D-2B12-46E0-B950-E5B27E348793}) (Version: 14.28.29325 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29325 (HKLM-x32\...\{EE2E15BB-54C8-4DB0-B1F3-026E3C166991}) (Version: 14.28.29325 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\Mozilla Firefox 127.0.2 (x64 en-US)) (Version: 127.0.2 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17628.20110 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17628.20144 - Microsoft Corporation) Hidden
OneLaunch 5.31.2 (HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\{4947c51a-26a9-4ed0-9a7b-c21e5ae0e71a}_is1) (Version: 5.31.2 - OneLaunch)
PC Cleaner v9.6.0.4 (HKLM-x32\...\PC Cleaner_is1) (Version: 9.6.0.4 - PC Helpsoft) <==== ATTENTION
SCRABBLE (HKLM-x32\...\SCRABBLE) (Version:  - )
Serif PhotoPlus X3 (HKLM-x32\...\{E8972F40-874D-4FA6-A6F4-52A8C99D8DDA}) (Version: 13.0.2.012 - Serif (Europe) Ltd)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - gamigo, Inc.) Hidden
Vacation Adventures: Park Ranger 11 Collector's Edition (HKLM-x32\...\WTA-34c9b635-51a8-4655-a136-e546f6b1b577) (Version: 7.0.0.650 - WildTangent) Hidden
WaveBrowser (HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\WaveBrowser) (Version: 1.3.16.1 - Wavesor Software)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.910 - McAfee, LLC)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.1.83 - WildTangent)
WildTangent ShortcutProvider (HKLM-x32\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 7.0.0.710 - WildTangent) Hidden

Packages:
=========

Any DVD -> C:\Program Files\WindowsApps\15191PeakPlayer.50533F9B98293_3.3.9.0_x64__y5c4dfz5b21fm [2024-06-04] (Any DVD &amp; Office App)
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5536.0_x64__8j3eq9eme6ctt [2024-06-16] (INTEL CORP) [Startup Task]
Dev Home (Preview) -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1501.533.0_x64__8wekyb3d8bbwe [2024-06-19] (Microsoft Corporation) [Startup Task]
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_23.4.24.0_x64__xbfy0k16fey96 [2024-05-29] (Dropbox Inc.)
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2024-06-13] (HP Inc.)
HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.51.329.0_x64__v10z8vjag6ke6 [2024-06-28] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_2.6.1.0_x64__v10z8vjag6ke6 [2024-06-23] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.3.7.0_x64__v10z8vjag6ke6 [2024-04-14] (HP Inc.)
HP QuickDrop -> C:\Program Files\WindowsApps\AD2F1837.HPQuickDrop_2.5.10921.0_x64__v10z8vjag6ke6 [2024-05-23] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_154.2.1075.0_x64__v10z8vjag6ke6 [2024-06-28] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.35.35.0_x64__v10z8vjag6ke6 [2024-05-17] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.5.15.0_x64__v10z8vjag6ke6 [2024-06-22] (HP Inc.)
McAfee -> C:\Program Files\McAfee\wps\1.18.255.1 [2024-05-31] ()
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2406.5002.0_x64__8wekyb3d8bbwe [2024-06-19] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2024-01-14] (Microsoft Corp.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.21110.548.0_x64__8wekyb3d8bbwe [2024-04-14] (Microsoft Corporation)
Microsoft.AV1VideoExtension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.2.1293.0_x64__8wekyb3d8bbwe [2024-06-07] (Microsoft Corporation)
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24052.57.0_x64__cw5n1h2txyewy [2024-06-18] (Microsoft Windows) [Startup Task]
Movie Maker - Video Editor -> C:\Program Files\WindowsApps\21336V3TApps.MovieMaker-FREE_3.7.5.0_x64__bzg06mxvgh4fa [2024-06-10] (V3TApps)
myHP -> C:\Program Files\WindowsApps\AD2F1837.myHP_34.52424.589.0_x64__v10z8vjag6ke6 [2024-06-23] (HP Inc.) [Startup Task]
OMEN Gaming Hub -> C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6 [2024-06-19] (HP Inc.) [Startup Task]
Photos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11060.20006.0_x64__8wekyb3d8bbwe [2024-06-25] (Microsoft Corporation) [Startup Task]
Picsart - Photo Studio -> C:\Program Files\WindowsApps\2FE3CB00.PICSART-PHOTOSTUDIO_10.31.5.0_x64__crhqpqs3x1ygc [2024-06-28] (PicsArt Inc.)
Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.3899848563C1F_1.0.137.0_x64__kx24dqmazqk8j [2024-05-14] (Random Salad Games LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0 [2024-06-20] (Spotify AB) [Startup Task]
WinAppRuntime.Main.1.4 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.4_4000.1227.1637.0_x64__8wekyb3d8bbwe [2024-05-16] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_5001.159.55.0_x64__8wekyb3d8bbwe [2024-06-13] (Microsoft Corp.)
Windows App Runtime DDLM 4000.1082.2259.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.1082.2259.0-x6_4000.1082.2259.0_x64__8wekyb3d8bbwe [2024-05-04] (Microsoft Corporation)
Windows App Runtime DDLM 4000.1082.2259.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.1082.2259.0-x8_4000.1082.2259.0_x86__8wekyb3d8bbwe [2024-05-04] (Microsoft Corporation)
Windows App Runtime DDLM 4000.964.11.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.964.11.0-x6_4000.964.11.0_x64__8wekyb3d8bbwe [2024-01-14] (Microsoft Corporation)
Windows App Runtime DDLM 4000.964.11.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.964.11.0-x8_4000.964.11.0_x86__8wekyb3d8bbwe [2024-01-14] (Microsoft Corporation)
Windows CoPilot MSIX Pack -> C:\Program Files\WindowsApps\MicrosoftWindows.Client.CoPilot_724.1301.930.5_x64__cw5n1h2txyewy [2024-04-23] (Microsoft Windows)
Windows Feature Experience Pack -> C:\windows\SystemApps\MicrosoftWindows.Client.LKG_cw5n1h2txyewy [2024-06-12] (Microsoft Windows)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-808705873-2307071823-1975692619-1001_Classes\CLSID\{0cabafe4-d0ad-69db-56ce-c16b50636778}\localserver32 -> C:\Users\mary ann\AppData\Local\OneLaunch\5.31.2\onelaunch.exe (ONELAUNCH TECHNOLOGIES INC. -> OneLaunch)
CustomCLSID: HKU\S-1-5-21-808705873-2307071823-1975692619-1001_Classes\CLSID\{15fbdf8d-ed5b-42c6-d352-5188c9f76bb4}\localserver32 -> C:\Users\mary ann\AppData\Local\OneLaunch\5.27.0\onelaunch.exe (ONELAUNCH TECHNOLOGIES INC. -> OneLaunch)
CustomCLSID: HKU\S-1-5-21-808705873-2307071823-1975692619-1001_Classes\CLSID\{28ce06bf-ae80-8555-553d-a861d3a89734}\localserver32 -> C:\Users\mary ann\AppData\Local\OneLaunch\5.29.3\onelaunch.exe (ONELAUNCH TECHNOLOGIES INC. -> OneLaunch)
CustomCLSID: HKU\S-1-5-21-808705873-2307071823-1975692619-1001_Classes\CLSID\{9CD78CBC-FD21-4FFF-B452-9D792A58B7C4}\localserver32 -> C:\Users\mary ann\Wavesor Software\WaveBrowser\1.3.16.1\notification_helper.exe (Wavesor Software (Eightpoint Technologies Ltd. SEZC) -> Wavesor Software)
CustomCLSID: HKU\S-1-5-21-808705873-2307071823-1975692619-1001_Classes\CLSID\{D7EC6DDA-90E9-44BA-863B-6C3500BB5BDF}\InprocServer32 -> C:\Users\mary ann\Wavesor Software\SWUpdater\1.3.133.0\psuser_64.dll (Wavesor Software (Eightpoint Technologies Ltd. SEZC) -> Wavesor Software)
CustomCLSID: HKU\S-1-5-21-808705873-2307071823-1975692619-1001_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32 -> C:\Users\mary ann\Wavesor Software\SWUpdater\1.3.133.0\psuser_64.dll (Wavesor Software (Eightpoint Technologies Ltd. SEZC) -> Wavesor Software)
CustomCLSID: HKU\S-1-5-21-808705873-2307071823-1975692619-1001_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 -> C:\Users\mary ann\Wavesor Software\SWUpdater\1.3.133.0\psuser_64.dll (Wavesor Software (Eightpoint Technologies Ltd. SEZC) -> Wavesor Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-06-26] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-06-26] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-06-26] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ContextMenuHandlers1: [McCtxMenu] -> {4ADAAC88-E1BD-424F-816D-15E059007938} => C:\Program Files\McAfee\wps\1.18.255.1\mc-ctxmnu.dll [2024-05-31] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-06-26] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2024-06-26] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ContextMenuHandlers6: [McCtxMenu] -> {4ADAAC88-E1BD-424F-816D-15E059007938} => C:\Program Files\McAfee\wps\1.18.255.1\mc-ctxmnu.dll [2024-05-31] (McAfee, LLC -> McAfee, LLC)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com.lnk -> C:\Program Files (x86)\Online Services\Amazon\WizLink.exe () -> hxxp://www.amazon.com/gp/ubp/oneButton/config/redirectHome?tagbase=hpga1-ubpl&ref=aagateway-taskbar-hp

==================== Loaded Modules (Whitelisted) =============

2024-01-10 13:18 - 2008-08-26 07:30 - 000512000 ____R (DMSoft Technologies) [File not signed] C:\ProgramData\OfficeGuardianV2N\Reminder\SkinCrafterDll.dll
2024-05-19 18:03 - 2024-05-19 18:03 - 000432640 _____ (HP Inc.) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\LauncherSDK\8cbe5e918dda168b51e846c407cdf9ee\LauncherSDK.ni.dll
2024-05-19 18:03 - 2024-05-19 18:03 - 000037888 _____ (HP Inc.) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\Logging\a57e819a0e855073c225a8a8648c564b\Logging.ni.dll
2024-05-19 18:03 - 2024-05-19 18:03 - 000153088 _____ (HP Inc.) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\RpcClient\ce3507418d8404104e703920744369f2\RpcClient.ni.dll
2024-05-19 18:03 - 2024-05-19 18:03 - 000118272 _____ (HP Inc.) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\WMISDK\882ad647075f59ad2bfd65cae6b3b027\WMISDK.ni.dll
2024-01-10 13:18 - 2010-09-07 14:38 - 000315392 ____R (Initio) [File not signed] C:\ProgramData\OfficeGuardianV2N\Reminder\iCommon.dll
2023-04-21 14:34 - 2023-04-21 14:34 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2023-04-21 14:34 - 2023-04-21 14:34 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2024-05-19 16:28 - 2024-05-19 16:28 - 003884544 _____ (Newtonsoft) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\Newtonsoft.Json\33b839d1b7d68746d6cf900a829f229e\Newtonsoft.Json.ni.dll
2024-01-10 13:18 - 2010-11-18 04:19 - 000458752 ____R (Storage Appliance Corp.) [File not signed] C:\ProgramData\OfficeGuardianV2N\Reminder\devutil.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mc-fw-host => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mc-fw-host => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (875745c2-2c6c-44d9-94e6-f9f7739195dd) => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2024-05-13] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2024-05-13] (HP Inc. -> HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-02] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-07 01:24 - 2022-05-07 01:22 - 000000824 _____ C:\windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-808705873-2307071823-1975692619-1001\Control Panel\Desktop\\Wallpaper -> c:\c\users\mary ann\pictures\lighthouses\portland lighthouse 1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6AAF5100-7702-4EB3-833C-9206A1C19C0A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9ED79D5F-B8DD-4B65-A43B-DCE80831C0BB}] => (Allow) C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe (Storage Appliance Corporation -> Storage Appliance Corporation)
FirewallRules: [{F321F15B-F4DE-42EE-B63B-FC7FEFE289EF}] => (Allow) C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe (Storage Appliance Corporation -> Storage Appliance Corporation)
FirewallRules: [{3801F270-B500-4859-BC46-8FE781A27627}] => (Allow) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> Gen Digital Inc.)
FirewallRules: [{CD6882EC-9C5B-44CA-BC45-85DDBE0ACC40}] => (Allow) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> Gen Digital Inc.)
FirewallRules: [TCP Query User{C1714D50-F69F-4A58-A8D3-6D23481E254A}C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe] => (Block) C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe (Wavesor Software (Eightpoint Technologies Ltd. SEZC) -> Wavesor Software)
FirewallRules: [UDP Query User{9B8A9E98-202A-47C8-ABD7-D68DF3D2D0AF}C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe] => (Block) C:\users\mary ann\wavesor software\wavebrowser\wavebrowser.exe (Wavesor Software (Eightpoint Technologies Ltd. SEZC) -> Wavesor Software)
FirewallRules: [{529D592E-21DC-4BD2-BAEE-A4E21212098E}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{719B05F2-CFCD-4B20-B5E7-B48A1AE2DC9E}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{0726D4D3-8390-4F3E-97E7-C0C8C278E0A7}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{32F77349-BD03-4404-88CF-CF367D5C97EA}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{9DDBFE59-B0AC-4776-AF5E-E6D9E1FB036A}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{DD13EC75-6843-40AC-AB60-7166786F7C4A}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{374DC90C-C8B1-40B1-A275-38CB797618B3}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{BF9C8B0E-C4C1-4288-BF6A-F878450CA31F}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{2882FC40-4223-4CE4-9C64-0BB8CA73DA5F}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{AB48554F-09A1-4EDE-830E-FD306AB3AA0B}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{893BCE91-39F3-4875-9917-CDA09B195F96}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{524BF9CD-6EA0-4839-B271-8D7F50A2F55F}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{EA467D72-787A-4AB8-B113-7BA70BA074D7}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{95F688E0-00CE-4C35-A0FE-889208ABA447}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{21E039A9-606D-45AF-A3D2-3F666C8AC2A9}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\OmenCommandCenterBackground.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{2A437DF8-3D21-4106-8FD6-36FF58381425}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\OmenCommandCenterBackground.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{6AA9A644-BE78-4B56-9DAD-A1B93BACDE97}] => (Allow) C:\Program Files\AVG\Browser\Application\AVGBrowser.exe (AVG Technologies USA, LLC -> Gen Digital Inc.)
FirewallRules: [{25B1D9D4-23E6-4D33-BBBE-95394C7E4C92}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{5E34EA93-61BD-4AAA-A1E4-A4CACD333C83}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D1B17939-2F28-407E-B682-EE1FC89D0D77}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{133582C7-65DB-4A18-804B-179C42A4A4DF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{5101D43F-9E67-4216-A523-9BAA79533B7C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{A4AC2425-F578-47F8-B7B9-BDCBC4735C57}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{FBBE790B-2777-4EC3-A590-0637CBD8C622}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{57731D3C-5200-461F-9DDB-4DB4206173EB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{5F338D0C-C496-465F-864B-C3814A9E7B34}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CC0382CC-A948-430D-A87B-8D63FFF1E934}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CB56E3CB-EB49-4AB4-9F20-800BD12CCA14}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DEEDE94B-E332-4C88-8DC5-18A704E1C88A}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24151.2105.2943.2101_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{21099701-2A2E-45CA-9FAA-62DE986D2BEE}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24151.2105.2943.2101_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{888597FD-1199-4E5B-882D-F20D5700F283}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

21-06-2024 13:01:25 Windows Update
25-06-2024 16:33:17 Windows Update
25-06-2024 16:33:17 Windows Update
25-06-2024 16:33:22 Windows Update

==================== Faulty Device Manager Devices ============

Name: SCSI Scanner Device
Description: SCSI Scanner Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: scsiscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (06/28/2024 06:26:06 PM) (Source: Application Error) (EventID: 1000) (User: LAPTOP-4EQFBMN3)
Description: Faulting application name: mc-fw-host.exe, version: 1.18.144.0, time stamp: 0x660d0bd1
Faulting module name: ntdll.dll, version: 10.0.22621.3733, time stamp: 0x67ca8829
Exception code: 0xc0000409
Fault offset: 0x000000000008f0bf
Faulting process id: 0x0x1b44
Faulting application start time: 0x0x1dac9aa2ac93d0c
Faulting application path: \\?\C:\Program Files\McAfee\wps\1.18.255.1\mc-fw-host.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: 13dbb6ff-8229-4a1b-bd90-76473d02b473
Faulting package full name:
Faulting package-relative application ID:

Error: (06/28/2024 04:12:40 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: regsvr32.exe, version: 10.0.22621.1, time stamp: 0x51713c57
Faulting module name: ntdll.dll, version: 10.0.22621.3733, time stamp: 0x67ca8829
Exception code: 0xc0000409
Fault offset: 0x000000000008f0bf
Faulting process id: 0x0x664
Faulting application start time: 0x0x1dac99786f04233
Faulting application path: \\?\C:\Windows\System32\regsvr32.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: b1cc0773-8822-4873-a0de-339ce970335b
Faulting package full name:
Faulting package-relative application ID:

Error: (06/28/2024 04:12:40 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: regsvr32.exe, version: 10.0.22621.1, time stamp: 0x51713c57
Faulting module name: ntdll.dll, version: 10.0.22621.3733, time stamp: 0x67ca8829
Exception code: 0xc0000409
Fault offset: 0x000000000008f0bf
Faulting process id: 0x0x3bec
Faulting application start time: 0x0x1dac99786ee53e8
Faulting application path: \\?\C:\Windows\System32\regsvr32.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: 8a75f7f1-f15d-413a-9e29-60e4978cb063
Faulting package full name:
Faulting package-relative application ID:

Error: (06/28/2024 04:12:38 PM) (Source: Application Error) (EventID: 1000) (User: LAPTOP-4EQFBMN3)
Description: Faulting application name: mc-fw-host.exe, version: 1.18.144.0, time stamp: 0x660d0bd1
Faulting module name: ntdll.dll, version: 10.0.22621.3733, time stamp: 0x67ca8829
Exception code: 0xc0000409
Fault offset: 0x000000000008f0bf
Faulting process id: 0x0x3a64
Faulting application start time: 0x0x1dac997857a2af4
Faulting application path: \\?\C:\Program Files\McAfee\wps\1.18.255.1\mc-fw-host.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: 712dcf33-c39a-4dd2-9345-b423c932b3b7
Faulting package full name:
Faulting package-relative application ID:

Error: (06/28/2024 03:27:36 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: regsvr32.exe, version: 10.0.22621.1, time stamp: 0x51713c57
Faulting module name: ntdll.dll, version: 10.0.22621.3733, time stamp: 0x67ca8829
Exception code: 0xc0000409
Fault offset: 0x000000000008f0bf
Faulting process id: 0x0x2b24
Faulting application start time: 0x0x1dac9913b094a71
Faulting application path: \\?\C:\Windows\System32\regsvr32.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: 03bd82ba-b828-42f3-8b95-317489c9fed9
Faulting package full name:
Faulting package-relative application ID:

Error: (06/28/2024 03:27:36 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: regsvr32.exe, version: 10.0.22621.1, time stamp: 0x51713c57
Faulting module name: ntdll.dll, version: 10.0.22621.3733, time stamp: 0x67ca8829
Exception code: 0xc0000409
Fault offset: 0x000000000008f0bf
Faulting process id: 0x0x2b94
Faulting application start time: 0x0x1dac9913b074363
Faulting application path: \\?\C:\Windows\System32\regsvr32.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: 5ac0c5ef-cffd-419c-b2f2-564f8acb427e
Faulting package full name:
Faulting package-relative application ID:

Error: (06/28/2024 03:27:34 PM) (Source: Application Error) (EventID: 1000) (User: LAPTOP-4EQFBMN3)
Description: Faulting application name: mc-fw-host.exe, version: 1.18.144.0, time stamp: 0x660d0bd1
Faulting module name: ntdll.dll, version: 10.0.22621.3733, time stamp: 0x67ca8829
Exception code: 0xc0000409
Fault offset: 0x000000000008f0bf
Faulting process id: 0x0x3a54
Faulting application start time: 0x0x1dac99139fe27a4
Faulting application path: \\?\C:\Program Files\McAfee\wps\1.18.255.1\mc-fw-host.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: b9f846a0-6578-4ac1-97dd-a5ce58a9d686
Faulting package full name:
Faulting package-relative application ID:

Error: (06/28/2024 03:15:40 PM) (Source: Application Error) (EventID: 1000) (User: LAPTOP-4EQFBMN3)
Description: Faulting application name: mc-fw-host.exe, version: 1.18.144.0, time stamp: 0x660d0bd1
Faulting module name: ntdll.dll, version: 10.0.22621.3733, time stamp: 0x67ca8829
Exception code: 0xc0000409
Fault offset: 0x000000000008f0bf
Faulting process id: 0x0x1454
Faulting application start time: 0x0x1dac98f9098bb18
Faulting application path: \\?\C:\Program Files\McAfee\wps\1.18.255.1\mc-fw-host.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: abe8511d-be58-4a15-9fa6-22b8cf387888
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (06/28/2024 06:26:04 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {e45fc52a-3d7a-4adc-9454-9d88a33133fa}, had event 74

Error: (06/28/2024 03:15:39 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {e45fc52a-3d7a-4adc-9454-9d88a33133fa}, had event 74

Error: (06/28/2024 11:26:33 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {e45fc52a-3d7a-4adc-9454-9d88a33133fa}, had event 74

Error: (06/27/2024 06:58:18 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {e45fc52a-3d7a-4adc-9454-9d88a33133fa}, had event 74

Error: (06/27/2024 03:34:12 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {e45fc52a-3d7a-4adc-9454-9d88a33133fa}, had event 74

Error: (06/27/2024 07:40:12 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {e45fc52a-3d7a-4adc-9454-9d88a33133fa}, had event 74

Error: (06/26/2024 06:12:50 PM) (Source: Schannel) (EventID: 4108) (User: NT AUTHORITY)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092013. The TLS connection request has failed. The attached data contains the server certificate.
 The SSPI client process is avgToolsSvc (PID: 5344).

Error: (06/26/2024 06:12:50 PM) (Source: Schannel) (EventID: 4108) (User: NT AUTHORITY)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092013. The TLS connection request has failed. The attached data contains the server certificate.
 The SSPI client process is avgToolsSvc (PID: 5344).


CodeIntegrity:
===============
Date: 2024-06-28 18:32:05
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2024-06-28 18:32:05
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\wps\1.18.255.1\mc-sec-plugin-x64.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: AMI F.09 01/31/2024
Motherboard: HP 899B
Processor: 12th Gen Intel(R) Core(TM) i3-1215U
Percentage of memory in use: 75%
Total physical RAM: 7865.22 MB
Available physical RAM: 1905.57 MB
Total Virtual: 14265.22 MB
Available Virtual: 5648.49 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:476.04 GB) (Free:331.85 GB) (Model: KBG50ZNV512G KIOXIA) NTFS

\\?\Volume{5e053ad1-83ed-4e04-a11a-419f61ef1119}\ (Windows RE tools) (Fixed) (Total:0.62 GB) (Free:0.06 GB) NTFS
\\?\Volume{14810eb6-ae0c-4a9e-a1d1-9d375e83fe53}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.15 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 1E1F4777)

Partition: GPT.

==================== End of Addition.txt =======================

DR M

Thank you, mare_wbpa.

We can now start cleaning, and there is a lot to be done. While in the cleaning process, please have in mind these two basic rules:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

=================

OK.

I have some questions for you now.

1. Do you need the following programs?

SCRABBLE
OneLaunch 5.31.2
WaveBrowser


2. Did you use Clickfree Backup before?

3. Did you intentionally install PC Cleaner v9.6.0.4?

I strongly recommend its uninstall. Also, since you have AVG, you do not need McAfee.


======================

What I need from you in your next reply:

  • Your replies to the 3 questions above.

Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

mare_wbpa

I don't need scrabble, but I like it. don't need One launch or wave browser. I won't uninstall anything before I hear from you. I used the click free to transfer my files from my old toshiba laptop (10 yrs old) to this new HP which i bought last January. i didn't intentionally install PC cleaner.

DR M

Thanks, mare.

Since you like SCRABBLE, we won't uninstall it.

We will uninstall the following:

McAfee
PC Cleaner v9.6.0.4
WebAdvisor by McAfee
OneLaunch 5.31.2
WaveBrowser

You don't need to uninstall anything at the moment. I'll include them in a fix I'll prepare for you in a while.


Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

DR M

OK, mare_wbpa.

Let's begin.

1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Download the attached fixlist.txt (see at the end of my reply, the attached file has a clip icon beside it), and save it at the same place where FRST tool is. Right now, it's in your Downloads folder.
  • Right-click on FRST64 in your Downloads folder, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in your Downloads folder.
  • Post the log in your next reply.


2. Uninstall McAfee app

  • Go to Settings, by pressing the Windows logo key on to your keyboard, together with the letter i.
  • Click on Apps, from the left menu, and then Installed apps.
  • Find McAfee, and click on the 3 horizontal dots at the right. Click on Uninstall.
  • Let the app to get uninstalled and restart the computer.


In your next reply please post:

  • The fixlog.txt
  • If you successfully uninstalled McAfee

Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

mare_wbpa

I hope this is what you need. i was 2 hours trying to uninstall McAfee and finally had to call them to do it remotely

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.06.2024
Ran by mary ann (administrator) on LAPTOP-4EQFBMN3 (HP HP Laptop 17-cn2xxx) (29-06-2024 17:38:46)
Running from C:\Users\mary ann\Downloads\FRST64.exe
Loaded Profiles: mary ann
Platform: Microsoft Windows 11 Home Version 23H2 22631.3737 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\AVGUI.exe <4>
(C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(C:\Program Files\AVG\Antivirus\AVGSvc.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.5.15.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityBackground.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.5.15.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_24151.2105.2943.2101_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe <12>
(C:\Users\mary ann\AppData\Local\Apps\2.0\QN4P3DWA.NPN\VQCN9APE.Z4M\scre..tion_25b0fbb6ef7eb094_0018.0001_51e59eb280deee18\ScreenConnect.ClientService.exe ->) (Connectwise, LLC -> ScreenConnect Software) C:\Users\mary ann\AppData\Local\Apps\2.0\QN4P3DWA.NPN\VQCN9APE.Z4M\scre..tion_25b0fbb6ef7eb094_0018.0001_51e59eb280deee18\ScreenConnect.WindowsClient.exe <2>
(C:\Windows\ImmersiveControlPanel\SystemSettings.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_e37f0d22409571ae\x64\NetworkCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_e37f0d22409571ae\x64\BridgeCommunication.exe
(DriverStore\FileRepository\ipf_cpu.inf_amd64_ac13c23bf8b4219a\ipf_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_ac13c23bf8b4219a\ipf_helper.exe
(ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc) C:\Program Files\WindowsApps\AD2F1837.myHP_34.52424.589.0_x64__v10z8vjag6ke6\win32\HP.ContextAware.exe
(ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.5.15.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityBackground.exe
(ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2406.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\OmenCommandCenterBackground.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <10>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(explorer.exe ->) (Storage Appliance Corporation -> Storage Appliance Corp.) C:\ProgramData\OfficeGuardianV2N\Reminder\SacReminder.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Users\mary ann\AppData\Local\Mozilla Firefox\firefox.exe <9>
(SECOMN64.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOCL64.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(services.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\afwServ.exe
(services.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(services.exe ->) (Connectwise, LLC -> ) C:\Users\mary ann\AppData\Local\Apps\2.0\QN4P3DWA.NPN\VQCN9APE.Z4M\scre..tion_25b0fbb6ef7eb094_0018.0001_51e59eb280deee18\ScreenConnect.ClientService.exe
(services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_e37f0d22409571ae\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_e37f0d22409571ae\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_e37f0d22409571ae\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_e37f0d22409571ae\x64\SysInfoCap.exe
(services.exe ->) (HP Inc. -> HP Inc; HP Development Company, L.P.) C:\Program Files\HP\HP One Agent\hp-one-agent-service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_191d9fb378307f35\ipfsvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a687edda40db3316\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_0db786bd9a6ade98\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_ac13c23bf8b4219a\ipf_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_ab7d4ea1d12c01d4\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\AS\IAS\IntelAudioService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_e4e95354d5d4b4dd\RtkAudUService64.exe <3>
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(services.exe ->) (Storage Appliance Corporation -> Storage Appliance Corp.) C:\ProgramData\OfficeGuardianV2N\UACProxy.exe
(services.exe ->) (Storage Appliance Corporation -> Storage Appliance Corporation) C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(sihost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5536.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(sihost.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> ) C:\Program Files\WindowsApps\AD2F1837.myHP_34.52424.589.0_x64__v10z8vjag6ke6\win32\DesktopExtension.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1501.533.0_x64__8wekyb3d8bbwe\DevHome.PI.exe
(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5536.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> ) C:\Program Files\WindowsApps\AD2F1837.myHP_34.52424.589.0_x64__v10z8vjag6ke6\HP.myHP.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\OmenInstallMonitor\OmenInstallMonitor.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\Overlay\OverlayHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\mary ann\AppData\Local\Microsoft\OneDrive\24.116.0609.0005\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.13200.20.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\consent.exe <9>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_e4e95354d5d4b4dd\RtkAudUService64.exe [1987544 2024-05-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [464320 2024-06-26] (AVG Technologies USA, LLC -> Gen Digital Inc.)
HKLM\...\Run: [HPOneAgentService] => C:\Program Files\HP\HP One Agent\hp-one-agent-service.exe [1605136 2024-05-20] (HP Inc. -> HP Inc; HP Development Company, L.P.)
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [380784 2022-08-16] (EXPRSVPN LLC -> ExpressVPN)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe [539152 2024-04-24] (HP Inc. -> HP Inc.)
HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\Run: [MicrosoftEdgeAutoLaunch_999B8E90B693400311D9758E783E7FCC] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3883576 2024-06-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\Run: [SacReminderHDDV2N] => C:\ProgramData\OfficeGuardianV2N\reminder\SacReminder.exe [862032 2010-11-18] (Storage Appliance Corporation -> Storage Appliance Corp.)
HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\RunOnce: [0629_17314062260421] => C:\Users\mary ann\AppData\Local\LMIR0ECC4001.tmp_r.bat [355 2024-06-29] () [File not signed]
HKU\S-1-5-21-808705873-2307071823-1975692619-1001\...\MountPoints2: {cb5214c5-ba6e-11ee-9675-cc5ef8f272ec} - "D:\GHScrabbleInstall.exe"
HKLM\...\Windows x64\Print Processors\Canon MG2500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBX.DLL [30208 2023-07-07] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2500 series: C:\windows\system32\CNMLMBX.DLL [391168 2023-07-07] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{48F69C39-1356-4A7B-A899-70E3539D4982}] -> C:\Program Files\AVG\Browser\Application\125.0.25426.176\Installer\chrmstp.exe [2024-06-19] (AVG Technologies USA, LLC -> Gen Digital Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\126.0.6478.127\Installer\chrmstp.exe [2024-06-26] (Google LLC -> Google LLC)
Startup: C:\Users\mary ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2024-01-10]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {040010EA-1BBC-447B-9090-3BB096E813B3} - \McAfee\WPS\McAfee Cloud Configuration Check -> No File <==== ATTENTION
Task: {1A8D192A-E602-4692-A574-CA6BD75D59A7} - \McAfee\WPS\McAfee Hotfix -> No File <==== ATTENTION
Task: {2108BDB0-9C3A-4ED1-AD6E-9B0E548EF94F} - \McAfee\WPS\McAfee Scheduled Tracker Remover -> No File <==== ATTENTION
Task: {681F2B7E-072A-4EAA-85E1-8819F061C123} - \McAfee\WPS\McAfee PC Optimizer Task -> No File <==== ATTENTION
Task: {68370CD0-6967-45A7-AE10-414612E86E20} - \McAfee\WPS\McAfee Scheduled AV Scan -> No File <==== ATTENTION
Task: {72D83402-547D-4D39-8E88-C50F51A9D6DE} - \McAfee\WPS\McAfee restart of PC -> No File <==== ATTENTION
Task: {8057C08C-800D-4493-9F4F-2B5D30E99E61} - \McAfee\WPS\McAfee Anti-tracker notification -> No File <==== ATTENTION
Task: {AFC537DA-7894-48F4-BFA1-C58EFE38A190} - \McAfee\WPS\McAfee Message Check -> No File <==== ATTENTION
Task: {BE36AFFD-9B2B-429F-88D2-9607ED6EA43E} - \McAfee\WPS\McAfee Virus Definition Update -> No File <==== ATTENTION
Task: {DE988299-04E9-47DF-A3C4-016A3ADEA8F1} - \McAfee\WPS\McAfee Windows Notification Token -> No File <==== ATTENTION
Task: {EAEA0964-16A6-458B-BD62-1B45C21DF280} - \McAfee\WPS\McAfee Health Check -> No File <==== ATTENTION
Task: {FE923434-2E65-4870-8746-8E2BB7D1881B} - \McAfee\wps\McAfee Updater -> No File <==== ATTENTION
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\ChromiumLaunchTask" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-808705873-2307071823-1975692619-1001" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-808705873-2307071823-1975692619-500" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\OneLaunchLaunchTask" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\OneLaunchUpdateTask" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\PC Cleaner automatic scan and notifications" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{B7E812A0-8F9B-484B-BB1A-FEA794A52B0F}" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN "\WavesorSWUpdaterTaskUserS-1-5-21-808705873-2307071823-1975692619-1001Core" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(17): schtasks.exe -> /Change /TN "\WavesorSWUpdaterTaskUserS-1-5-21-808705873-2307071823-1975692619-1001UA" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\HPOneAgentRepairTask" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\OmenInstallMonitor" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\OmenInstallMonitorCustomEvent" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\OmenOverlay" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\OmenOverlayCustomEvent" /ENABLE
Task: {072862AD-1D86-4F44-8284-3F93811745B2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\OneDrive Reporting Task-S-1-5-21-808705873-2307071823-1975692619-1001" /ENABLE
Task: {0DF0C6B6-575F-4680-B6AC-B1A7705BD1B8} - System32\Tasks\AVG Secure Browser Heartbeat Task (Hourly) => C:\Program Files\AVG\Browser\Application\AVGBrowser.exe [3137968 2024-06-17] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {97169D64-028B-4D24-A1E1-32CFE50BCEFA} - System32\Tasks\AVG Secure Browser Heartbeat Task (Logon) => C:\Program Files\AVG\Browser\Application\AVGBrowser.exe [3137968 2024-06-17] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {F3CF72D0-BA0B-4D08-9A68-C3B197B53B39} - System32\Tasks\AVG\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [5131704 2024-06-26] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {97A9314E-F50B-4E91-BEE4-CE020216906C} - System32\Tasks\AVG\AVG Antivirus Patcher => C:\Program Files\Common Files\AVG\Icarus\avg-av\icarus.exe [8027576 2024-06-20] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {9F2FF50B-9FD5-4F95-B1A2-B7CC463BF101} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2181560 2024-01-12] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {FEB83023-3CE9-4DD1-9ED1-2B388C7BF3C1} - System32\Tasks\AVGBrowserProtectS-1-5-21-808705873-2307071823-1975692619-1001 => C:\Program Files\AVG\Browser\Application\AVGBrowserProtect.exe [1690040 2024-04-23] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {9AAD71D1-07E2-45D3-883B-237BF6E09ADE} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [209224 2024-03-02] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {0194822B-53DE-4043-A680-1B0E4CD02BB0} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [209224 2024-03-02] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {F3F2D9EB-1B0C-4EA5-8DA6-89267E4CF512} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem128.0.6537.0{8D9A1D6A-B4AD-436B-A14F-D5A9B784B54F} => C:\Program Files (x86)\Google\GoogleUpdater\128.0.6537.0\updater.exe [4623976 2024-06-13] (Google LLC -> Google LLC)
Task: {3F7DEAE6-2942-47F5-9639-EBAA31964D8D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [703536 2024-05-13] (HP Inc. -> HP Inc.) -> C:\Program Files (x86)\HP\HP Support Framework\\/show
Task: {577E5A4B-3BE3-475E-9CF9-E9EDAFD48E35} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2024-05-13] (HP Inc. -> HP Inc.)
Task: {6ABFFDA9-1E94-45A8-91C1-951A89882612} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161744 2024-05-13] (HP Inc. -> HP Inc.)
Task: {4C8C4A6C-ADEB-4F6B-933D-DB060D0B5D2F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161744 2024-05-13] (HP Inc. -> HP Inc.)
Task: {CC570B68-43FB-4442-89FF-BA3D6B507FE2} - System32\Tasks\HP\Consent Manager Launcher => C:\windows\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> start hptouchpointanalyticsservice
Task: {D39C6D05-2383-47BB-A52D-A759C725F23B} - System32\Tasks\HPOneAgentRepairTask => C:\ProgramData\Package Cache\{E3864E7A-058C-4AC3-8331-E2E4F64C69A4}\HPOneAgent.exe [1169488 2024-06-28] (HP Inc. -> HP Inc.)
Task: {28EC1EFD-13A8-44F4-808D-71184443B2AF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28499424 2024-06-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {A4D6DDE5-82CA-4009-8F3E-2B89C8802798} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28499424 2024-06-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {2BE3E1C8-EDF8-48F3-B9AA-D492CDDA32A3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309800 2024-06-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {3DA13173-0A3C-4796-8C92-8E5E7E34CBC5} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309800 2024-06-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {C32D3DA8-1D09-4ACE-8F31-4FD485343EB9} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [169648 2024-06-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {D876E5B7-2851-4C88-AF4B-1C662D57E990} - System32\Tasks\Microsoft\Windows\Application Experience\PcaWallpaperAppDetect => C:\windows\system32\rundll32.exe [73728 2024-05-14] (Microsoft Windows -> Microsoft Corporation) -> %windir%\system32\PcaSvc.dll,PcaWallpaperAppDetect
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {F4907934-B6EB-4C2A-81EE-1492B2971241} - System32\Tasks\Mozilla\Firefox Background Update 80E4E1F205DA295 => C:\Users\mary ann\AppData\Local\Mozilla Firefox\firefox.exe [676936 2024-06-26] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\80E4E1F205DA295\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\80E4E1F205DA295\backgroundupdate.moz_log --backgroundtask backgroundup (the data entry has 4 more characters).
Task: {1AC12C42-DC1C-4FF7-85AB-74E9CBEE60BC} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-808705873-2307071823-1975692619-1001 80E4E1F205DA295 => C:\Users\mary ann\AppData\Local\Mozilla Firefox\firefox.exe [676936 2024-06-26] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\80E4E1F205DA295\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\80E4E1F205DA295\backgroundupdate.moz_log --backgroundtask backgroundup (the data entry has 4 more characters).
Task: {95878FD7-7EAF-4EFD-BF0F-F68E2E844724} - System32\Tasks\Mozilla\Firefox Default Browser Agent 80E4E1F205DA295 => C:\Users\mary ann\AppData\Local\Mozilla Firefox\default-browser-agent.exe [34888 2024-06-26] (Mozilla Corporation -> Mozilla Foundation)
Task: {E974BB8A-19B5-4689-89F8-A316CDCE34D0} - System32\Tasks\OmenInstallMonitor => C:\Program Files\HP\OmenInstallMonitor\OmenInstallMonitor.exe [69592 2024-06-19] (HP Inc. -> HP Inc.)
Task: {2F6183DD-A23C-49B3-8DBA-0D378EF5D9CC} - System32\Tasks\OmenInstallMonitorCustomEvent => C:\Program Files\HP\OmenInstallMonitor\OmenInstallMonitor.exe [69592 2024-06-19] (HP Inc. -> HP Inc.)
Task: {2828F2E3-D7F1-4D01-8017-06BF8792260B} - System32\Tasks\OmenOverlay => C:\Program Files\HP\Overlay\OverlayHelper.exe [66512 2024-06-19] (HP Inc. -> HP Inc.)
Task: {0BB65447-B206-4778-BAF8-8177469E73F8} - System32\Tasks\OmenOverlayCustomEvent => C:\Program Files\HP\Overlay\OverlayHelper.exe [66512 2024-06-19] (HP Inc. -> HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{76589a44-f848-4698-a640-9c4b72e3128b}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Profile: C:\Users\mary ann\AppData\Local\Microsoft\Edge\User Data\Default [2024-06-29]
Edge Extension: (Google Docs Offline) - C:\Users\mary ann\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-26]
Edge Extension: (Edge relevant text changes) - C:\Users\mary ann\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]

FireFox:
========
FF DefaultProfile: 5h3lizib.default
FF ProfilePath: C:\Users\mary ann\AppData\Roaming\Mozilla\Firefox\Profiles\5h3lizib.default [2024-01-10]
FF ProfilePath: C:\Users\mary ann\AppData\Roaming\Mozilla\Firefox\Profiles\lopv9txo.default-release [2024-06-29]
FF Notifications: Mozilla\Firefox\Profiles\lopv9txo.default-release -> hxxps://www.truthfinder.com
FF Extension: (Capital One Shopping: Save Now) - C:\Users\mary ann\AppData\Roaming\Mozilla\Firefox\Profiles\lopv9txo.default-release\Extensions\{aff8af88-06a9-4eee-b383-3af08c47b8c8}.xpi [2024-04-05]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=3 -> C:\Program Files (x86)\AVG\Browser\Update\1.8.1650.5\npAvgBrowserUpdate3.dll [2024-03-02] (AVG Technologies USA, LLC -> AVG Technologies)
FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=9 -> C:\Program Files (x86)\AVG\Browser\Update\1.8.1650.5\npAvgBrowserUpdate3.dll [2024-03-02] (AVG Technologies USA, LLC -> AVG Technologies)

Chrome:
=======
CHR Profile: C:\Users\mary ann\AppData\Local\Google\Chrome\User Data\Default [2024-06-29]
CHR HomePage: Default -> bing.com
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?EID=MBHSE&FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Extension: (Microsoft Bing Homepage & Search Engine) - C:\Users\mary ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflanjgoamglnnocilcllegbbbfogfjc [2024-06-26]
CHR Extension: (Google Docs Offline) - C:\Users\mary ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mary ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-02-24]
CHR HKU\S-1-5-21-808705873-2307071823-1975692619-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cflanjgoamglnnocilcllegbbbfogfjc]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avg; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [209224 2024-03-02] (AVG Technologies USA, LLC -> AVG Technologies)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [802744 2024-06-26] (AVG Technologies USA, LLC -> Gen Digital Inc.)
R2 AVG Firewall; C:\Program Files\AVG\Antivirus\afwServ.exe [2360248 2024-06-26] (AVG Technologies USA, LLC -> Gen Digital Inc.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [1239992 2024-06-26] (AVG Technologies USA, LLC -> Gen Digital Inc.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [9077176 2024-06-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgm; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [209224 2024-03-02] (AVG Technologies USA, LLC -> AVG Technologies)
S3 AVGSecureBrowserElevationService; C:\Program Files\AVG\Browser\Application\125.0.25426.176\elevation_service.exe [1772840 2024-06-17] (AVG Technologies USA, LLC -> Gen Digital Inc.)
R2 AVGWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2024-01-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14012384 2024-06-07] (Microsoft Corporation -> Microsoft Corporation)
R2 dptftcs; C:\windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_191d9fb378307f35\ipfsvc.exe [557096 2023-06-23] (Intel Corporation -> Intel Corporation)
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [439664 2022-08-16] (EXPRSVPN LLC -> ExpressVPN)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [893984 2022-08-15] (HP Inc. -> HP Inc.)
R2 hp-one-agent-service; C:\Program Files\HP\HP One Agent\hp-one-agent-service.exe [1605136 2024-05-20] (HP Inc. -> HP Inc; HP Development Company, L.P.)
R2 HPAppHelperCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_e37f0d22409571ae\x64\AppHelperCap.exe [928808 2024-06-02] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_e37f0d22409571ae\x64\DiagsCap.exe [927792 2024-06-02] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_e37f0d22409571ae\x64\NetworkCap.exe [923584 2024-06-02] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_e37f0d22409571ae\x64\SysInfoCap.exe [928704 2024-06-02] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe [569008 2024-05-07] (HP Inc. -> HP Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 Intel(R) Platform License Manager Service; C:\windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_4e9e8c349f3a1aca\lib\PlatformLicenseManagerService.exe [741584 2023-10-25] (Intel Corporation -> Intel(R) Corporation)
R2 IntelAudioService; C:\windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\AS\IAS\IntelAudioService.exe [530520 2023-10-18] (Intel Corporation -> Intel)
R2 ipfsvc; C:\windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_ac13c23bf8b4219a\ipf_uf.exe [2999912 2023-06-27] (Intel Corporation -> Intel Corporation)
R2 SacNetAgentService_C57C4F854F53; C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe [163664 2010-11-18] (Storage Appliance Corporation -> Storage Appliance Corporation)
R2 ScreenConnect Client (875745c2-2c6c-44d9-94e6-f9f7739195dd); C:\Users\mary ann\AppData\Local\Apps\2.0\QN4P3DWA.NPN\VQCN9APE.Z4M\scre..tion_25b0fbb6ef7eb094_0018.0001_51e59eb280deee18\ScreenConnect.ClientService.exe [95520 2024-06-26] (Connectwise, LLC -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\NisSrv.exe [3191272 2024-03-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe [133688 2024-03-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 CFUACProxy_officeguardianv2n; "C:\ProgramData\OfficeGuardianV2N\UACProxy.exe" -s "-pC:\ProgramData\OfficeGuardianV2N"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avgArDisk; C:\windows\System32\drivers\avgArDisk.sys [20544 2024-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgArPot; C:\windows\System32\drivers\avgArPot.sys [229952 2024-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgbidsdriver; C:\windows\System32\drivers\avgbidsdriver.sys [380992 2024-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgbidsh; C:\windows\System32\drivers\avgbidsh.sys [292936 2024-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgbuniv; C:\windows\System32\drivers\avgbuniv.sys [84544 2024-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgElam; C:\windows\System32\drivers\avgElam.sys [27760 2024-02-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
R1 avgKbd; C:\windows\System32\drivers\avgKbd.sys [28736 2024-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgMonFlt; C:\windows\System32\drivers\avgMonFlt.sys [271944 2024-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgNetHub; C:\windows\System32\drivers\avgNetHub.sys [548928 2024-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgRdr; C:\windows\System32\drivers\avgRdr2.sys [97856 2024-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgRvrt; C:\windows\System32\drivers\avgRvrt.sys [69184 2024-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgSnx; C:\windows\System32\drivers\avgSnx.sys [942536 2024-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgSP; C:\windows\System32\drivers\avgSP.sys [1195992 2024-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R3 avgStm; C:\windows\System32\drivers\avgStm.sys [203736 2024-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgVmm; C:\windows\System32\drivers\avgVmm.sys [306648 2024-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 BthHFEnum; C:\windows\System32\drivers\bthhfenum.sys [184320 2023-04-21] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\windows\System32\drivers\bthmodem.sys [106496 2023-04-21] (Microsoft Corporation) [File not signed]
S3 CtaChildDriver; C:\windows\System32\drivers\CtaChildDriver.sys [55776 2023-02-14] (Intel Corporation -> )
R3 expressvpntun; C:\windows\System32\drivers\expressvpn-tun.sys [56552 2022-08-16] (Express VPN International Ltd. -> ExpressVPN)
R0 fse; C:\windows\System32\drivers\fse.sys [218608 2024-06-12] (Microsoft Windows -> Microsoft Corporation)
S3 GSCAuxDriver; C:\windows\System32\DriverStore\FileRepository\gscauxdriver.inf_amd64_3b711bdc1649d583\GSCAuxDriverx64.sys [109040 2023-02-14] (Intel Corporation -> Intel Corporation)
S3 GSCx64; C:\windows\System32\DriverStore\FileRepository\gscheci.inf_amd64_3658d9d706e4cea6\TeeDriverGSCW8x64.sys [278584 2023-02-14] (Intel Corporation -> Intel Corporation)
R3 HPCustomCapDriver; C:\windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [26648 2022-06-23] (HP Inc. -> HP Inc.)
R2 HpReadHWData; C:\windows\system32\drivers\HpReadHWData.sys [53368 2024-01-14] (HP Inc. -> Windows (R) Win 7 DDK provider)
R3 iaLPSS2_GPIO2_ADL; C:\windows\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_bda8110c074a36f5\iaLPSS2_GPIO2_ADL.sys [141312 2023-07-24] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ADL; C:\windows\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_c4c17f8529a3943d\iaLPSS2_I2C_ADL.sys [211456 2023-07-24] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_SPI_ADL; C:\windows\System32\DriverStore\FileRepository\ialpss2_spi_adl.inf_amd64_334c460fea9b11a4\iaLPSS2_SPI_ADL.sys [171608 2022-12-15] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_UART2_ADL; C:\windows\System32\DriverStore\FileRepository\ialpss2_uart2_adl.inf_amd64_43d5df63d19fde70\iaLPSS2_UART2_ADL.sys [329320 2022-12-15] (Intel Corporation -> Intel Corporation)
R3 IntelGNA; C:\windows\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88776 2022-08-29] (Intel Corporation -> Intel Corporation)
S3 Intel_NF_I2C; C:\windows\System32\DriverStore\FileRepository\intel_nf_i2c_child.inf_amd64_a329fd450939b60d\Intel_NF_I2C.sys [222688 2023-02-14] (Intel Corporation -> Intel Corporation)
R3 ipf_acpi; C:\windows\System32\DriverStore\FileRepository\ipf_acpi.inf_amd64_4c3f63d0ffe9d9b8\ipf_acpi.sys [88632 2023-06-27] (Intel Corporation -> Intel Corporation)
R3 ipf_cpu; C:\windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_ac13c23bf8b4219a\ipf_cpu.sys [85560 2023-06-27] (Intel Corporation -> Intel Corporation)
R3 ipf_lf; C:\windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_ac13c23bf8b4219a\ipf_lf.sys [481896 2023-06-27] (Intel Corporation -> Intel Corporation)
S3 LT6911Au; C:\windows\System32\DriverStore\FileRepository\lt6911au.inf_amd64_62449180becc5735\LT6911Au.sys [66728 2023-03-23] (Intel Corporation -> Intel(R) Corporation)
S3 rtux64w10; C:\windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_03831aeaaa2c730e\rtux64w10.sys [683520 2022-05-07] (Microsoft Windows -> Realtek Corporation)
S3 scsiscan; C:\windows\system32\DRIVERS\scsiscan.sys [57344 2024-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 vmbusproxy; C:\windows\system32\drivers\vmbusproxy.sys [94208 2024-01-12] (Microsoft Windows -> )
S3 WdBoot; C:\windows\system32\drivers\wd\WdBoot.sys [20928 2024-03-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\wd\WdFilter.sys [603416 2024-03-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [105752 2024-03-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-06-29 17:26 - 2024-06-29 17:26 - 000000430 _____ C:\Users\mary ann\AppData\Local\LMIR0ECC4001.tmp.bat
2024-06-29 17:26 - 2024-06-29 17:26 - 000000355 _____ C:\Users\mary ann\AppData\Local\LMIR0ECC4001.tmp_r.bat
2024-06-29 17:25 - 2024-06-29 17:25 - 000000543 _____ C:\Users\mary ann\Downloads\fixlist.txt
2024-06-29 16:52 - 2024-06-29 16:52 - 012365296 _____ (McAfee, LLC) C:\Users\mary ann\Downloads\MCPR.exe
2024-06-29 16:50 - 2024-06-29 16:50 - 000002334 _____ C:\Users\mary ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee LLC.lnk
2024-06-29 16:50 - 2024-06-29 16:50 - 000000000 ____D C:\Users\mary ann\AppData\Local\LogMeIn Rescue Applet
2024-06-29 16:49 - 2024-06-29 16:49 - 002397032 _____ (LogMeIn, Inc.) C:\Users\mary ann\Downloads\Support-LogMeInRescue.exe
2024-06-29 15:01 - 2024-06-29 15:01 - 000223878 _____ C:\Users\mary ann\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab
2024-06-28 15:58 - 2024-06-28 18:38 - 000040391 _____ C:\Users\mary ann\Downloads\Addition.txt
2024-06-28 15:57 - 2024-06-29 17:39 - 000040829 _____ C:\Users\mary ann\Downloads\FRST.txt
2024-06-28 15:57 - 2024-06-29 17:38 - 000000000 ____D C:\FRST
2024-06-28 15:28 - 2024-06-28 15:28 - 000001512 _____ C:\Users\mary ann\Desktop\FRST64 - Shortcut (2).lnk
2024-06-28 11:47 - 2024-06-28 11:47 - 000001512 _____ C:\Users\mary ann\Desktop\FRST64 - Shortcut.lnk
2024-06-27 19:25 - 2024-06-27 19:25 - 002395648 _____ (Farbar) C:\Users\mary ann\Downloads\FRST64(1).exe
2024-06-27 19:11 - 2024-06-27 19:11 - 002395648 _____ (Farbar) C:\Users\mary ann\Downloads\FRST64.exe
2024-06-26 18:11 - 2024-06-26 18:10 - 000314816 _____ (Gen Digital Inc.) C:\windows\system32\avgBoot.exe
2024-06-26 18:11 - 2024-06-26 17:54 - 000000568 _____ C:\windows\SysWOW64\user.config
2024-06-26 18:09 - 2024-06-26 18:09 - 000234888 _____ (AVG Technologies CZ, s.r.o.) C:\Users\mary ann\Downloads\avg_antivirus_free_setup (1).exe
2024-06-26 18:09 - 2024-06-26 18:09 - 000234888 _____ (AVG Technologies CZ, s.r.o.) C:\Users\mary ann\Desktop\avg_antivirus_free_setup (1).exe
2024-06-26 15:20 - 2024-06-29 17:38 - 000000000 ____D C:\Users\mary ann\AppData\Local\Deployment
2024-06-26 15:20 - 2024-06-26 15:20 - 000000568 _____ C:\windows\system32\user.config
2024-06-26 15:20 - 2024-06-26 15:20 - 000000000 ____D C:\Users\mary ann\AppData\Local\Apps\2.0
2024-06-26 15:19 - 2024-06-26 15:19 - 000086304 _____ C:\Users\mary ann\Downloads\support.Client.exe
2024-06-26 12:02 - 2024-06-29 17:35 - 000000000 ____D C:\Users\mary ann\AppData\Local\Mozilla Firefox
2024-06-20 08:33 - 2024-06-20 08:33 - 000000000 _____ C:\Users\mary ann\Downloads\6Hp4nfE6.htm
2024-06-12 19:40 - 2024-06-12 19:40 - 000024821 _____ C:\windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-06-12 19:37 - 2024-06-12 19:37 - 000024821 _____ C:\windows\system32\IntegratedServicesRegionPolicySet.json
2024-06-12 19:22 - 2024-06-12 19:30 - 000000000 ___HD C:\$WinREAgent
2024-06-07 13:58 - 2024-06-07 14:00 - 000000000 ____D C:\ProgramData\PC Cleaner
2024-06-07 13:58 - 2024-06-07 13:58 - 007867760 _____ (PC Helpsoft ) C:\Users\mary ann\Downloads\PC_Cleaner_setup.exe
2024-06-02 15:49 - 2024-06-02 15:49 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-05-31 14:31 - 2024-05-31 14:31 - 000000000 ____D C:\Program Files\Common Files\DynamicAppDownloader

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-06-29 17:36 - 2024-01-10 15:05 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-06-29 17:32 - 2022-05-07 01:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-06-29 17:21 - 2024-01-10 12:02 - 000000000 ____D C:\Users\mary ann
2024-06-29 17:21 - 2022-11-03 00:39 - 000855938 _____ C:\windows\system32\PerfStringBackup.INI
2024-06-29 17:21 - 2022-05-07 01:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-06-29 17:21 - 2022-05-07 01:24 - 000000000 ____D C:\windows\AppReadiness
2024-06-29 17:21 - 2022-05-07 01:22 - 000000000 ____D C:\windows\INF
2024-06-29 17:20 - 2024-01-13 15:58 - 000000000 ____D C:\Users\mary ann\AppData\Local\CrashDumps
2024-06-29 17:19 - 2022-05-07 01:24 - 000000000 ____D C:\windows\SystemTemp
2024-06-29 17:18 - 2024-01-14 19:12 - 000000000 ____D C:\Users\mary ann\AppData\Local\OGH
2024-06-29 17:16 - 2022-05-07 01:24 - 000000000 ____D C:\windows\ServiceState
2024-06-29 17:14 - 2024-01-12 17:23 - 000000000 ____D C:\ProgramData\AVG
2024-06-29 17:14 - 2023-04-21 14:27 - 000001623 _____ C:\windows\system32\config\VSMIDK
2024-06-29 17:14 - 2022-11-03 00:32 - 000012288 ___SH C:\DumpStack.log.tmp
2024-06-29 17:14 - 2022-11-03 00:32 - 000000006 ____H C:\windows\Tasks\SA.DAT
2024-06-29 17:13 - 2022-05-07 01:17 - 001048576 _____ C:\windows\system32\config\BBI
2024-06-29 17:11 - 2022-05-07 01:24 - 000000000 ___HD C:\windows\ELAMBKUP
2024-06-29 16:49 - 2024-04-23 13:30 - 000004172 _____ C:\windows\system32\Tasks\User_Feed_Synchronization-{B7E812A0-8F9B-484B-BB1A-FEA794A52B0F}
2024-06-29 16:18 - 2024-01-10 12:02 - 000000000 ____D C:\Users\mary ann\AppData\Local\Packages
2024-06-29 14:04 - 2022-11-03 00:35 - 000000000 ____D C:\ProgramData\Packages
2024-06-29 13:33 - 2024-01-12 18:07 - 000000000 ____D C:\Users\mary ann\AppData\Local\AVG
2024-06-29 13:33 - 2022-11-03 00:32 - 000000000 ____D C:\windows\system32\SleepStudy
2024-06-29 10:26 - 2022-11-03 00:32 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-06-29 10:26 - 2022-11-03 00:32 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-06-28 11:43 - 2024-01-30 12:38 - 000003824 _____ C:\windows\system32\Tasks\HPOneAgentRepairTask
2024-06-28 11:43 - 2023-09-01 10:25 - 000000000 ____D C:\ProgramData\Package Cache
2024-06-28 11:28 - 2024-01-10 12:06 - 000003588 _____ C:\windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-808705873-2307071823-1975692619-1001
2024-06-28 11:28 - 2024-01-10 12:06 - 000003384 _____ C:\windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-808705873-2307071823-1975692619-1001
2024-06-28 11:28 - 2024-01-10 12:06 - 000002395 _____ C:\Users\mary ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-06-26 18:12 - 2024-01-12 17:25 - 000002006 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus Free.lnk
2024-06-26 18:12 - 2024-01-12 17:25 - 000001994 _____ C:\Users\Public\Desktop\AVG AntiVirus Free.lnk
2024-06-26 18:11 - 2024-02-24 13:05 - 000942536 _____ (Gen Digital Inc.) C:\windows\system32\Drivers\avgSnx.sys
2024-06-26 18:11 - 2024-01-12 17:25 - 000000000 ____D C:\windows\system32\Tasks\AVG
2024-06-26 18:10 - 2024-02-24 13:05 - 000380992 _____ (Gen Digital Inc.) C:\windows\system32\Drivers\avgbidsdriver.sys
2024-06-26 18:10 - 2024-02-24 13:05 - 000306648 _____ (Gen Digital Inc.) C:\windows\system32\Drivers\avgVmm.sys
2024-06-26 18:10 - 2024-02-24 13:05 - 000292936 _____ (Gen Digital Inc.) C:\windows\system32\Drivers\avgbidsh.sys
2024-06-26 18:10 - 2024-02-24 13:05 - 000229952 _____ (Gen Digital Inc.) C:\windows\system32\Drivers\avgArPot.sys
2024-06-26 18:10 - 2024-02-24 13:05 - 000084544 _____ (Gen Digital Inc.) C:\windows\system32\Drivers\avgbuniv.sys
2024-06-26 18:10 - 2024-02-24 13:05 - 000028736 _____ (Gen Digital Inc.) C:\windows\system32\Drivers\avgKbd.sys
2024-06-26 18:10 - 2024-01-12 17:24 - 001195992 _____ (Gen Digital Inc.) C:\windows\system32\Drivers\avgSP.sys
2024-06-26 18:10 - 2024-01-12 17:24 - 000548928 _____ (Gen Digital Inc.) C:\windows\system32\Drivers\avgNetHub.sys
2024-06-26 18:10 - 2024-01-12 17:24 - 000271944 _____ (Gen Digital Inc.) C:\windows\system32\Drivers\avgMonFlt.sys
2024-06-26 18:10 - 2024-01-12 17:24 - 000097856 _____ (Gen Digital Inc.) C:\windows\system32\Drivers\avgRdr2.sys
2024-06-26 18:10 - 2024-01-12 17:24 - 000069184 _____ (Gen Digital Inc.) C:\windows\system32\Drivers\avgRvrt.sys
2024-06-26 18:10 - 2024-01-12 17:24 - 000020544 _____ (Gen Digital Inc.) C:\windows\system32\Drivers\avgArDisk.sys
2024-06-26 16:45 - 2024-02-24 14:36 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-06-26 16:45 - 2024-02-24 14:36 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-06-26 15:13 - 2024-01-30 23:02 - 000003356 _____ C:\windows\system32\Tasks\OmenInstallMonitorCustomEvent
2024-06-26 15:13 - 2024-01-30 23:02 - 000003296 _____ C:\windows\system32\Tasks\OmenOverlayCustomEvent
2024-06-26 15:13 - 2024-01-14 19:14 - 000002916 _____ C:\windows\system32\Tasks\OmenInstallMonitor
2024-06-26 15:13 - 2024-01-14 19:14 - 000002856 _____ C:\windows\system32\Tasks\OmenOverlay
2024-06-26 15:13 - 2023-09-01 10:53 - 000002854 _____ C:\windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-808705873-2307071823-1975692619-500
2024-06-26 15:13 - 2022-11-03 00:32 - 000003464 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-06-26 15:13 - 2022-11-03 00:32 - 000003240 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-06-26 15:12 - 2024-01-25 15:43 - 000000000 ____D C:\windows\system32\Tasks\AVAST Software
2024-06-26 12:16 - 2024-01-10 15:05 - 000000000 ____D C:\windows\system32\Tasks\Mozilla
2024-06-25 18:35 - 2022-05-07 01:24 - 000000000 ____D C:\windows\LiveKernelReports
2024-06-23 15:39 - 2024-01-10 12:04 - 000000000 ____D C:\Users\mary ann\AppData\Local\D3DSCache
2024-06-19 15:31 - 2024-03-02 09:45 - 000002328 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk
2024-06-19 15:31 - 2024-03-02 09:45 - 000002293 _____ C:\Users\Public\Desktop\AVG Secure Browser.lnk
2024-06-15 13:17 - 2023-04-21 14:33 - 000000000 ____D C:\Program Files\Microsoft Office
2024-06-13 14:46 - 2024-01-12 17:26 - 000000000 ____D C:\windows\system32\MRT
2024-06-13 14:44 - 2024-01-12 17:26 - 199048176 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2024-06-12 19:57 - 2022-11-03 00:32 - 000535312 _____ C:\windows\system32\FNTCACHE.DAT
2024-06-12 19:56 - 2024-01-12 17:29 - 000000000 ____D C:\windows\system32\Microsoft-Edge-WebView
2024-06-12 19:56 - 2024-01-12 17:29 - 000000000 ____D C:\windows\InboxApps
2024-06-12 19:56 - 2023-09-01 11:10 - 000000000 ____D C:\windows\TextInput
2024-06-12 19:56 - 2023-09-01 11:10 - 000000000 ____D C:\windows\HoloShell
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ___SD C:\windows\system32\UNP
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ___RD C:\windows\PrintDialog
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ___RD C:\windows\ImmersiveControlPanel
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\UUS
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\SysWOW64\WinMetadata
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\SysWOW64\setup
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\SysWOW64\Dism
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\SystemResources
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\WinMetadata
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\WinBioPlugIns
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\ShellExperiences
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\Sgrm
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\setup
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\PerceptionSimulation
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\oobe
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\migwiz
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\Dism
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\appraiser
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\ShellExperiences
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\ShellComponents
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\BrowserCore
2024-06-12 19:56 - 2022-05-07 01:24 - 000000000 ____D C:\windows\bcastdvr
2024-06-12 19:56 - 2022-05-07 01:17 - 000000000 ____D C:\windows\servicing
2024-06-12 19:49 - 2022-05-07 01:17 - 000000000 ____D C:\windows\CbsTemp
2024-06-12 19:48 - 2022-05-07 02:10 - 000036864 _____ (Microsoft Corporation) C:\windows\system32\OEMDefaultAssociations.dll
2024-06-12 19:48 - 2022-05-07 02:10 - 000024383 _____ C:\windows\system32\OEMDefaultAssociations.xml
2024-06-12 19:48 - 2022-05-07 01:25 - 000077312 _____ (Khronos Group) C:\windows\SysWOW64\opencl.dll
2024-06-12 19:48 - 2022-05-07 01:24 - 000118784 _____ (Khronos Group) C:\windows\system32\opencl.dll
2024-06-12 19:46 - 2022-05-07 01:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-06-12 19:40 - 2022-11-03 00:34 - 003216384 _____ (Microsoft Corporation) C:\windows\SysWOW64\PrintConfig.dll

==================== Files in the root of some directories ========

2024-06-29 17:26 - 2024-06-29 17:26 - 000000430 _____ () C:\Users\mary ann\AppData\Local\LMIR0ECC4001.tmp.bat
2024-06-29 17:26 - 2024-06-29 17:26 - 000000355 _____ () C:\Users\mary ann\AppData\Local\LMIR0ECC4001.tmp_r.bat

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Corrine

Hi, Mary Ann.

The time zone where DR M lives makes it 1AM Sunday for him so he'll be getting back to you tomorrow.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

mare_wbpa

I did remove McAfee but had to call support. I had me chasing my tail for 2 hours. Couldn't find McAfee web advisor. Hoping that went with the McAfee app.