I think I'm infected and I have no idea where to go from here..

[Mcruz_20]

Previously I was using Norton, since it was free with my internet provider.  I have asked around, and was recommended MalwareBytes. Norton always quarantines, but never removes.  And this is my first time hearing of something that actually removes.

The Malwarebyte premium trial picked up a LOT of pups,  after that I decided to try the AdwCleaner, just in case there was something the Premium trial missed.

Attached is the screenshot I have from the AdwCleaner result, that have been found.

 

In the scan it has been set to quarantine, then asks for a restart in order to complete the quarantine process, which I did, 10 times with same result.

 

The current result being:

 

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build:    10-08-2020
# Database: 2020-12-21.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    01-04-2021
# Duration: 00:00:44
# OS:       Windows 7 Professional
# Scanned:  31930
# Detected: 2

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
PUP.Optional.Legacy             HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

AdwCleaner[S00].txt - [5157 octets] - [04/01/2021 01:16:53]
AdwCleaner[C00].txt - [4368 octets] - [04/01/2021 01:18:46]
AdwCleaner[S01].txt - [1834 octets] - [04/01/2021 01:25:38]
AdwCleaner[C01].txt - [2010 octets] - [04/01/2021 01:48:24]
AdwCleaner[S02].txt - [1851 octets] - [04/01/2021 18:37:03]
AdwCleaner[C02].txt - [2003 octets] - [04/01/2021 18:37:27]
AdwCleaner[S03].txt - [1973 octets] - [04/01/2021 18:42:05]
AdwCleaner[C03].txt - [2125 octets] - [04/01/2021 18:43:32]
AdwCleaner[S04].txt - [2095 octets] - [04/01/2021 21:40:24]
AdwCleaner[S05].txt - [2156 octets] - [04/01/2021 21:50:16]
AdwCleaner[C05].txt - [2490 octets] - [04/01/2021 21:50:52]
AdwCleaner[S06].txt - [2278 octets] - [04/01/2021 22:00:06]
AdwCleaner[C06].txt - [2612 octets] - [04/01/2021 22:01:28]
AdwCleaner[S07].txt - [2400 octets] - [04/01/2021 22:13:37]
AdwCleaner[S08].txt - [2461 octets] - [04/01/2021 22:40:15]
AdwCleaner[C08].txt - [2795 octets] - [04/01/2021 22:40:34]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S09].txt ##########
 

 

I honestly have no clue what this is.  I'm presuming it's something that has been embedded in a software on the computer, yet I can't seem to figure where it's coming from.  

There was a forum from 2017 that uses the same 'PUP.Optional.Legacy' although i was not sure if that forum was discussing specifically for this very same pup optional or something else entirely.  At the same time, I'm not sure if forum information would be considered outdated.

Please help! Any help will be greatly appreciated.

 

Sincerely

Mae

[kevinf80]

Hello Mae and welcome to Malwarebytes, Continue with the following: If you do not have Malwarebytes installed do the following: Download Malwarebytes version 4 from the following link: https://www.malwarebytes.com/mwb-download/thankyou/ Double click on the installer and follow the prompts. When the install completes or Malwarebytes is already installed do the following: Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab. Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Clsoe out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following:   Click on the Detection History tab > from main interface. Then click on "History" that will open to a historical list Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply   Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror   Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status...   Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans"   Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin....

[Mcruz_20]

I have ran the Malware byte version 4 attaching a screen shot as well as the text report.

 

Jan. 3rd I had what was found quarantined.  

 

MalwareByte Version 4 scan result:

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/5/21
Scan Time: 8:39 PM
Log File: 327b553c-4fd9-11eb-a2ea-a4badbd478d4.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1130
Update Package Version: 1.0.35343
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Laurie-PC\Laurie

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 191462
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 18 min, 2 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

 

 

AdwCleaner scan result:

 

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build:    10-08-2020
# Database: 2020-12-21.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    01-05-2021
# Duration: 00:00:10
# OS:       Windows 7 Professional
# Cleaned:  0
# Failed:   2

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Not Deleted   HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
Not Deleted   HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete IFEO
[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset BITS
[+] Reset Windows Firewall
[+] Reset Hosts File
[+] Reset Chromium Policies
[+] Reset IE Policies
[+] Reset Proxy Settings
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5157 octets] - [04/01/2021 01:16:53]
AdwCleaner[C00].txt - [4368 octets] - [04/01/2021 01:18:46]
AdwCleaner[S01].txt - [1834 octets] - [04/01/2021 01:25:38]
AdwCleaner[C01].txt - [2010 octets] - [04/01/2021 01:48:24]
AdwCleaner[S02].txt - [1851 octets] - [04/01/2021 18:37:03]
AdwCleaner[C02].txt - [2003 octets] - [04/01/2021 18:37:27]
AdwCleaner[S03].txt - [1973 octets] - [04/01/2021 18:42:05]
AdwCleaner[C03].txt - [2125 octets] - [04/01/2021 18:43:32]
AdwCleaner[S04].txt - [2095 octets] - [04/01/2021 21:40:24]
AdwCleaner[S05].txt - [2156 octets] - [04/01/2021 21:50:16]
AdwCleaner[C05].txt - [2490 octets] - [04/01/2021 21:50:52]
AdwCleaner[S06].txt - [2278 octets] - [04/01/2021 22:00:06]
AdwCleaner[C06].txt - [2612 octets] - [04/01/2021 22:01:28]
AdwCleaner[S07].txt - [2400 octets] - [04/01/2021 22:13:37]
AdwCleaner[S08].txt - [2461 octets] - [04/01/2021 22:40:15]
AdwCleaner[C08].txt - [2795 octets] - [04/01/2021 22:40:34]
AdwCleaner[S09].txt - [2583 octets] - [04/01/2021 22:45:18]
AdwCleaner[C09].txt - [2917 octets] - [04/01/2021 23:10:31]
AdwCleaner[S10].txt - [2705 octets] - [05/01/2021 21:17:34]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C10].txt ##########
 

 

FarBar (frst) Recovery Scan result:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-01-2021
Ran by Laurie (administrator) on LAURIE-PC (Dell Inc. Vostro 3700) (05-01-2021 21:39:35)
Running from F:\
Loaded Profiles: Laurie
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
() [File not signed] C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <32>
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Mouse Suite\hpMonitor.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\ProgramData\HP Mouse Suite Config\hpwjd.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\ProgramData\HP Mouse Suite Config\hpwmsd.exe
(Hewlett-Packard Company -> HP) C:\Windows\System32\HPSIsvc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\Laurie\Downloads\adwcleaner_8.0.8.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\22.20.5.39\NortonSecurity.exe <2>
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [FreeFallProtection] => C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] () [File not signed]
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [203776 2009-11-11] (Microsoft) [File not signed]
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1313640 2011-08-10] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1602856 2010-01-07] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1433944 2016-10-14] (Logitech -> Logitech, Inc.)
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\Run: [Google Update] => C:\Users\Laurie\AppData\Local\Google\Update\1.3.36.52\GoogleUpdateCore.exe [219592 2020-12-03] (Google LLC -> Google LLC)
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\Run: [Lync] => "C:\Program Files\Microsoft Office 15\root\office15\lync.exe" /fromrunkey
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\Run: [Opera Browser Assistant] => C:\Users\Laurie\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3154456 2020-11-24] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\MountPoints2: {4352a402-afe4-11e8-8a0c-a4badbd478d4} - E:\LaunchU3.exe -a
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\MountPoints2: {4352a418-afe4-11e8-8a0c-a4badbd478d4} - E:\LaunchU3.exe -a
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\MountPoints2: {a8e7b72d-2877-11e3-a11f-a4badbd478d4} - E:\SISetup.exe
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\MountPoints2: {c7e18ee8-76af-11e1-9fa3-a4badbd478d4} - E:\WIN\setup.exe
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [220672 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-12-16] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows NT x86\Print Processors\HP1100PrintProc: C:\Windows\System32\spool\prtprocs\W32X86\HP1100PP.DLL [69632 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Windows NT x86\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\W32X86\hpzpplhn.dll [89600 2009-06-22] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows NT x86\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\W32X86\hpzppw71.dll [280064 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\BP20 Langmon: C:\Windows\system32\BP20LMK.DLL [18484 2005-07-08] (Samsung Electronics.) [File not signed]
HKLM\...\Print\Monitors\HP 7012 Status Monitor: C:\Windows\system32\hpinksts7012LM.dll [265216 2013-08-10] (Hewlett-Packard Co.) [File not signed]
HKLM\...\Print\Monitors\HP1100LM: C:\Windows\system32\HP1100LM.DLL [151552 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\PCL hpz3llhn: C:\Windows\system32\hpz3llhn.dll [30208 2009-06-22] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\Windows\system32\hpz3lw71.dll [37376 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-11] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2020-05-03] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> c:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2009-10-20] (Broadcom Corporation -> Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
SubSystems: [Windows] => "%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16" <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HPMonitor.exe.lnk [2012-05-04]
ShortcutTarget: HPMonitor.exe.lnk -> C:\Program Files\Hewlett-Packard\HP Mouse Suite\hpMonitor.exe (Hewlett-Packard Company -> Hewlett-Packard)
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08904883-64B8-45CB-B891-2A211DBEB9FB} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4028747183-1748937531-3781133392-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {0AF84082-F0E8-4437-851E-5D77B5A012B3} - System32\Tasks\Norton 360\Norton Security Suite Error Analyzer => C:\Program Files\Norton Security Suite\Engine\22.15.0.88\SymErr.exe
Task: {0C3E21D6-EDB7-40C1-A029-C9C2FEAB6929} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [1313640 2011-08-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {101D7AA3-9810-4886-A467-FE9EB0760EA8} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [1675608 2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {195294C3-DBE3-4407-B334-166559256F2C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {19A0890A-FE0B-401E-B473-1A198586D2DD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4028747183-1748937531-3781133392-1000Core => C:\Users\Laurie\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {2F942384-9B14-43F4-B18C-D6B17D7CB432} - System32\Tasks\{C9D63014-18A8-4A61-9AE7-A5A2EB684280} => "C:\Program Files\Internet Explorer\iexplore.exe" http://www.skype.com/go/downloading?source=lightinstaller&ver=4.2.0.169.404&LastError=12002
Task: {329423E0-C9A7-42F1-AF3B-10B490F9BACB} - System32\Tasks\{E9528341-1F1B-49EF-9D61-444AD27061EF} => C:\Windows\system32\pcalua.exe -a C:\Users\Laurie\AppData\Local\Temp\jre-8u111-windows-au.exe -d C:\Windows\system32 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {372A4A37-24C1-41E4-BDEA-484379262CE9} - System32\Tasks\HP AR Program Upload - 24f37fe2a4ba4f86a53adb3c4d10567c26d1f5827eab42deaaa33644bd1c2c5c => C:\Program Files\HP\HP Officejet Pro 8620\bin\HPRewards.exe
Task: {3D11F4B7-117D-4860-876A-F20E4DFB4AD1} - System32\Tasks\{ACB29FCD-F6E0-4228-95E9-71173AEE8BEC} => C:\Windows\system32\pcalua.exe -a "C:\Users\Laurie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R36LX1L4\OnlineBackup[1].exe" -d C:\Users\Laurie\Desktop
Task: {3E20EAE5-16BC-43BE-81DD-2427F35F9CBA} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4028747183-1748937531-3781133392-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {408A2EB3-6FB5-4C46-A665-B667949B80DE} - System32\Tasks\{184974B6-258D-4376-8216-2283A90B1A3B} => "C:\Program Files\Internet Explorer\iexplore.exe" http://www.skype.com/go/downloading?source=lightinstaller&ver=4.2.0.169.404&LastError=12002
Task: {40F6D897-BA24-48C7-9D2E-E5F4DC34552D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {47629B73-4DA3-401E-8BD5-1B91C91EFFD4} - System32\Tasks\{E11D0A21-918E-4AF3-8169-0EDEF768E466} => "C:\Program Files\Internet Explorer\iexplore.exe" http://www.skype.com/go/downloading?source=lightinstaller&ver=4.2.0.169.404&LastError=12002
Task: {4985B14A-0249-4B50-A1D2-E08C2845EF3B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-11] (Adobe Inc. -> Adobe)
Task: {49C6687A-E12A-4E73-B326-CA2C84837198} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [1821576 2011-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {665C53EB-836C-4689-BE2A-1ECF5526A85C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [625872 2021-01-03] (Mozilla Corporation -> Mozilla Foundation)
Task: {67CAC25B-282E-4B87-8420-5DDB397182B4} - System32\Tasks\Opera scheduled Autoupdate 1542348622 => C:\Users\Laurie\AppData\Local\Programs\Opera\launcher.exe [1583640 2020-12-16] (Opera Software AS -> Opera Software)
Task: {6B5CE00A-78AD-4552-BC9E-B8904AB897B3} - System32\Tasks\Norton Security Suite\Norton Security Suite Error Processor => C:\Program Files\Norton Security Suite\Engine\22.20.5.39\SymErr.exe [101832 2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {731353E8-7CB6-442B-9C78-D98407AFA5F4} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4028747183-1748937531-3781133392-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {75F1A47A-8022-47B3-ADC0-6CA90C1D174C} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} C:\Program Files\Windows Live\SOXE\wlsoxe.dll [179584 2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {863721D2-69F0-41D7-9282-DF24F3E69AF6} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4028747183-1748937531-3781133392-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {87539507-E39C-4F9A-9A92-125ED2B7D453} - System32\Tasks\{1A7DD522-9C59-4C9A-BC87-8D8BF9AB8351} => C:\Users\Laurie\Desktop\OnlineBackup.exe
Task: {8E499830-3684-42A6-BB6B-D67BB8F71DE7} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4028747183-1748937531-3781133392-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {9B293AD7-0ABD-49A8-A71B-5C520E021BCC} - System32\Tasks\Norton 360\Norton Security Suite Error Processor => C:\Program Files\Norton Security Suite\Engine\22.15.0.88\SymErr.exe
Task: {9BB8BE74-BB3D-426C-B4B7-0489E6AD4DAB} - System32\Tasks\{6C58071A-24CB-44B6-BE7A-7B8A6D72F2B2} => "c:\program files\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/6.0.0.126/en/abandoninstall?page=tsProgressBar
Task: {9D3C2232-4D9C-4C79-BF89-092A84C69D9C} - System32\Tasks\{ECAF1075-DF49-453B-8420-39CE83162377} => C:\Windows\system32\pcalua.exe -a "C:\Users\Laurie\Downloads\RosettaStoneAudioOptimizerInstaller (1).exe" -d C:\Users\Laurie\Downloads
Task: {A31CDB0C-DC7E-47D5-AFA0-F773FB720A82} - System32\Tasks\{0A258209-D9A9-40D3-B506-747E4C7DBBC2} => "C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/4.2.0.169.404/en/abandoninstall?source=lightinstaller&page=tsProblems&LastError=12002&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;alreadyoffered
Task: {B093AA05-19B6-4E2C-B95F-6C578119C8E1} - System32\Tasks\{1F75455C-DA83-4BEB-932F-6111F180300E} => C:\Program Files\Skype\Phone\Skype.exe
Task: {B1465507-D30C-46AD-8D41-79849CC68674} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4028747183-1748937531-3781133392-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {B7E5E0EC-FB48-4A31-916C-08765F03D506} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
Task: {BFE07199-978F-47E0-A2E2-8CAEDF6346AB} - System32\Tasks\HP AR Program Upload - f531175367fd4927a001c7a78724139bbcf47e11426c4d408f64311998d5749f => C:\Program Files\HP\HP Officejet Pro 8620\bin\HPRewards.exe
Task: {C045450C-FF76-409E-BF7A-55CDFA72F507} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4028747183-1748937531-3781133392-1000UA => C:\Users\Laurie\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {C2B68802-4D1B-499E-850E-0FE2FAC108F3} - System32\Tasks\{C810E854-DB1A-487A-A873-BFA7883360DB} => C:\Windows\system32\pcalua.exe -a C:\Users\Laurie\Downloads\Bkp1_Backup294_fullintqk2.exe -d C:\Users\Laurie\Downloads
Task: {D01A58AF-3F81-482D-83EB-58C926F04F06} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-11] (Adobe Inc. -> Adobe)
Task: {DA488A8F-5C3A-41BC-A6B3-57E57BE0E8C3} - System32\Tasks\Install => C:\Windows\System32\Adobe\Shockwave 11\nssstub.exe [497016 2010-07-22] (Symantec Corporation -> Symantec Corporation) -> "C:\Windows\System32\Adobe\Shockwave 11\nssstub.exe" /runonce /download
Task: {DB3F2097-A241-4A51-BFBB-14DDA77B9238} - System32\Tasks\Norton Security Suite\Norton Security Suite Error Analyzer => C:\Program Files\Norton Security Suite\Engine\22.20.5.39\SymErr.exe [101832 2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {E17E361F-F0F3-417C-B28C-582EC01320F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {E6AAAF9A-E2EB-454A-BE5F-8C27B4B1F263} - System32\Tasks\{E2CFA2C8-5193-4A5E-AFBC-B0FA56A2A65F} => "C:\Program Files\Internet Explorer\iexplore.exe" http://www.skype.com/go/downloading?source=lightinstaller&ver=4.2.0.169.404&LastError=12002
Task: {E948A1CC-E78E-4759-B3D6-FB7BFBB09ED1} - System32\Tasks\{0CF8A126-08C2-43A9-B0C1-BCEFA2C8099E} => "C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/4.2.0.169.404/en/privacy?source=lightinstaller
Task: {EA091C12-CD64-49CF-9FAF-8E6CEE1E3706} - System32\Tasks\Opera scheduled assistant Autoupdate 1583714383 => C:\Users\Laurie\AppData\Local\Programs\Opera\launcher.exe [1583640 2020-12-16] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Laurie\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {EA9E6396-4433-446B-AA10-DCBB3A9D1F60} - System32\Tasks\{0A6E583B-D61F-40D9-AF47-E54ACE30E41E} => "C:\Program Files\Internet Explorer\iexplore.exe" http://www.skype.com/go/downloading?source=lightinstaller&ver=4.2.0.169.404&LastError=12002
Task: {ED636473-EAFB-4139-A688-FA9D0D3D3125} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security Suite\Engine\22.20.5.39\WSCStub.exe [566840 2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {F2D69E5B-8137-4295-ACE8-17A37A002AD8} - System32\Tasks\{6141761F-732E-463F-BBA8-77A90E4293EA} => "C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/4.2.0.169.404/en/eula?source=lightinstaller

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Install.job => C:\Windows\System32\Adobe\Shockwave 11\nssstub.exe C:\Windows\System32\Adobe\Shockwave 11\nssstub.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F582A184-3DAD-4EB3-8EE5-048D97CE0C35}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF DefaultProfile: 7wel4vfa.default
FF ProfilePath: C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\7wel4vfa.default [2021-01-05]
FF Extension: (Popup blocker for FF: Poper Blocker) - C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\7wel4vfa.default\Extensions\{bee8b1f2-823a-424c-959c-f8f76c8b2306}.xpi [2019-06-10]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM\...\Firefox\Extensions: [ext@RichMediaViewV1release7203.net] - C:\Program Files\RichMediaViewV1\RichMediaViewV1release7203\ff => not found
FF HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\Firefox\Extensions: [singalong@xenophesoft.com] - C:\Program Files\SingAlong\FF => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-11] (Adobe Inc. -> )
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-05-05] (Adobe Systems, Inc.) [File not signed]
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4028747183-1748937531-3781133392-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Laurie\AppData\Local\Citrix\Plugins\104\npappdetector.dll [No File]

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default [2021-01-05]
CHR DownloadDir: E:\
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr&chn=prev
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Extension: (Angry Birds) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-14]
CHR Extension: (Google Drive) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2020-10-26]
CHR Extension: (YouTube) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-12-18]
CHR Extension: (Google Search) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Adobe Acrobat) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-12-18]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2018-09-19]
CHR Extension: (Google Calendar) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-06]
CHR Extension: (Google Docs Offline) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (Star Atlas) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2019-03-13]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-12-25]
CHR Extension: (Air Hockey) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojagedhadegobocpaokaifiacjiolph [2013-06-25]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-01-03]
CHR Extension: (Norton Identity Safe) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-04-01]
CHR Extension: (Chrome Audio Capture) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfokdmfpdnokpmpbjhjbcabgligoelgp [2020-12-12]
CHR Extension: (Skype) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2019-04-24]
CHR Extension: (No Name) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2020-11-06]
CHR Extension: (Norton Safe) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2018-03-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Psykopaint) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2015-03-18]
CHR Extension: (Gmail) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-12]
CHR Extension: (Canvas Rider) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2015-05-08]
CHR Profile: C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-01-04]
CHR Profile: C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-01-05]
CHR Extension: (Slides) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-04]
CHR Extension: (Docs) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-04]
CHR Extension: (Google Drive) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-04]
CHR Extension: (YouTube) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-01-04]
CHR Extension: (Sheets) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-04]
CHR Extension: (Google Docs Offline) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-01-04]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-01-04]
CHR Extension: (Skype) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2021-01-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-04]
CHR Extension: (Gmail) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-04]
CHR Extension: (Chrome Media Router) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-04]
CHR Profile: C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\System Profile [2015-12-04]
CHR HKLM\...\Chrome\Extension: [abepbblpkilpjohncjbccmdjhdhbnhdj] - C:\Program Files\SingAlong\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security Suite\Engine\22.20.5.39\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM\...\Chrome\Extension: [gbcaiajfaejcgclffgkilnplmbiheaff] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha376\ch\WebexpEnhancedV1alpha376.crx <not found>
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
CHR HKLM\...\Chrome\Extension: [nmgjobpnfafolncdpdedfjdblkgndpda] - C:\Program Files\MediaWatchV1\MediaWatchV1home47\ch\MediaWatchV1home47.crx <not found>

Opera: 
=======
OPR Extension: (Rich Hints Agent) - C:\Users\Laurie\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2020-11-13]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-11] (Adobe Inc. -> Adobe)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [81920 2009-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [99896 2009-11-09] (Hewlett-Packard Company -> HP)
R2 InstallFilterService; C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-11-29] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [5959136 2021-01-03] (Malwarebytes Inc -> Malwarebytes)
R2 NortonSecurity; C:\Program Files\Norton Security Suite\Engine\22.20.5.39\NortonSecurity.exe [308680 2020-07-23] (Symantec Corporation -> Symantec Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe [229458 2010-04-06] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [1710464 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\Windows\System32\DRIVERS\Acceler.sys [41648 2009-12-02] (STMicroelectronics -> ST Microelectronics)
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl6.sys [2661368 2010-07-04] (Broadcom Corporation -> Broadcom Corporation)
R1 BHDrvx86; C:\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20201215.001\BHDrvx86.sys [1465712 2020-11-03] (Symantec Corporation -> Broadcom)
S3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [86056 2009-10-02] (Broadcom Corporation -> Broadcom Corporation.)
S3 btwavdt; C:\Windows\System32\drivers\btwavdt.sys [108072 2009-08-28] (Broadcom Corporation -> Broadcom Corporation.)
S3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [29472 2009-04-06] (Broadcom Corporation -> Broadcom Corporation.)
S3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [18472 2009-08-28] (Broadcom Corporation -> Broadcom Corporation.)
R1 ccSet_NGC; C:\Windows\System32\drivers\NGC\1614050.027\ccSetx86.sys [151792 2020-07-23] (Symantec Corporation -> Symantec Corporation)
S3 CtAudDrv; C:\Windows\system32\Drivers\CtAudDrv.sys [134144 2009-05-28] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
R3 CtClsFlt; C:\Windows\System32\DRIVERS\CtClsFlt.sys [143968 2009-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [400736 2020-08-03] (Symantec Corporation -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [123232 2020-08-04] (Symantec Corporation -> Broadcom)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129056 2021-01-03] (Malwarebytes Corporation -> Malwarebytes)
S3 HP8207_8307; C:\Windows\System32\DRIVERS\HP8207_8307.sys [13952 2010-02-04] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R1 IDSVix86; C:\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20210105.061\IDSvix86.sys [1211760 2020-09-17] (Symantec Corporation -> Broadcom)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [183592 2021-01-03] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [161440 2021-01-05] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [66648 2021-01-05] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [213912 2021-01-03] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [107632 2021-01-05] (Malwarebytes Inc -> Malwarebytes)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [17408 2012-12-24] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-08-10] (Microsoft Corporation -> Microsoft Corporation)
R2 rimspci; C:\Windows\System32\DRIVERS\rimspe86.sys [47104 2009-07-01] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [49152 2009-06-30] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R2 rixdpcie; C:\Windows\System32\DRIVERS\rixdpe86.sys [38400 2009-07-04] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R1 SRTSP; C:\Windows\System32\drivers\NGC\1614050.027\SRTSP.SYS [731496 2020-07-23] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\drivers\NGC\1614050.027\SRTSPX.SYS [42216 2020-07-23] (Symantec Corporation -> Symantec Corporation)
R0 stdflt; C:\Windows\System32\DRIVERS\stdflt.sys [16176 2009-11-27] (STMicroelectronics -> ST Microelectronics)
R3 STHDA; C:\Windows\System32\DRIVERS\stwrt.sys [423936 2010-04-06] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 swmsflt; C:\Windows\System32\DRIVERS\swmsflt.sys [28288 2009-09-10] (Sierra Wireless Inc. -> )
S3 swmx00; C:\Windows\System32\DRIVERS\swmx00.sys [142848 2009-09-10] (Microsoft Windows Hardware Compatibility Publisher -> Sierra Wireless Inc.)
R0 SymEFASI; C:\Windows\System32\drivers\NGC\1614050.027\SYMEFASI.SYS [1502560 2020-07-23] (Symantec Corporation -> Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [85216 2019-03-30] (Symantec Corporation -> Symantec Corporation)
R3 SymEvnt; C:\Program Files\Norton Security Suite\NortonData\22.5.2.15\SymPlatform\SymEvnt32.sys [565936 2020-01-17] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\Windows\System32\drivers\NGC\1614050.027\Ironx86.SYS [249912 2020-07-23] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\Windows\System32\drivers\NGC\1614050.027\symnets.sys [430944 2020-07-23] (Symantec Corporation -> Symantec Corporation)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\Windows\System32\drivers\NGC\1614050.027\wpCtrlDrv.sys [791264 2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 NAVENG; \??\C:\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160703.018\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160703.018\NAVEX15.SYS [X]
S3 Nmea; system32\DRIVERS\pctnullport.sys [X]
S3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [X]
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-05 21:30 - 2021-01-05 21:40 - 000000000 ___DC C:\FRST
2021-01-05 21:22 - 2021-01-05 21:22 - 000161440 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2021-01-05 21:22 - 2021-01-05 21:22 - 000066648 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2021-01-05 21:21 - 2021-01-05 21:21 - 000107632 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2021-01-05 21:21 - 2021-01-05 21:21 - 000000000 ____D C:\Users\Laurie\AppData\LocalLow\IGDump
2021-01-04 23:49 - 2021-01-04 23:49 - 000000000 ____D C:\Windows\system32\Tasks\Remediation
2021-01-04 01:14 - 2021-01-04 01:18 - 000000000 ___DC C:\AdwCleaner
2021-01-04 00:27 - 2021-01-04 00:27 - 008447152 _____ (Malwarebytes) C:\Users\Laurie\Downloads\adwcleaner_8.0.8.exe
2021-01-04 00:06 - 2021-01-04 00:06 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-01-03 23:25 - 2021-01-04 00:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-01-03 23:21 - 2021-01-03 23:21 - 000183592 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-01-03 23:21 - 2021-01-03 23:21 - 000001922 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-01-03 23:21 - 2021-01-03 23:21 - 000001910 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-01-03 23:21 - 2021-01-03 23:21 - 000001910 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-01-03 23:21 - 2021-01-03 23:21 - 000000000 ____D C:\Users\Laurie\AppData\Local\mbam
2021-01-03 23:20 - 2021-01-03 23:20 - 000213912 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-01-03 23:20 - 2021-01-03 23:20 - 000129056 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2021-01-03 23:20 - 2021-01-03 23:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-03 23:19 - 2021-01-03 23:19 - 000000000 ____D C:\Program Files\Malwarebytes

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-05 21:28 - 2009-07-13 20:34 - 000025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-01-05 21:28 - 2009-07-13 20:34 - 000025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-01-05 21:20 - 2009-07-13 20:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-01-05 00:53 - 2019-02-05 20:03 - 000000000 ____D C:\ProgramData\Mozilla
2021-01-05 00:53 - 2018-11-18 17:22 - 000000000 ____D C:\Users\Laurie\AppData\LocalLow\Mozilla
2021-01-04 22:42 - 2014-01-29 06:44 - 000000258 __RSH C:\ProgramData\ntuser.pol
2021-01-04 01:48 - 2010-07-04 16:19 - 000000000 ____D C:\ProgramData\Dell
2021-01-04 01:48 - 2010-07-04 16:18 - 000000000 ____D C:\Program Files\Dell
2021-01-04 00:09 - 2018-11-18 17:21 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2021-01-04 00:05 - 2014-02-23 20:06 - 000000000 ____D C:\Program Files\MediaViewerV1
2021-01-04 00:05 - 2014-01-29 06:44 - 000000000 ____D C:\Program Files\MediaPlayerV1
2020-12-25 18:57 - 2018-11-15 22:10 - 000004068 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1542348622
2020-12-12 21:26 - 2010-07-04 16:22 - 000786598 _____ C:\Windows\system32\PerfStringBackup.INI
2020-12-12 21:26 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\inf
2020-12-11 23:05 - 2018-03-18 22:05 - 000004466 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-12-11 23:05 - 2012-03-29 22:29 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2020-12-11 23:05 - 2012-03-29 22:29 - 000004312 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-12-11 23:05 - 2011-06-12 07:26 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2020-12-11 23:05 - 2010-07-04 16:17 - 000000000 ____D C:\Windows\system32\Macromed
2020-12-11 23:03 - 2012-11-07 21:33 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-11 22:42 - 2018-03-27 14:13 - 000001991 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories ========

2014-06-29 09:47 - 2014-06-29 09:48 - 000006850 _____ () C:\ProgramData\SMRResults410.dat
2020-05-01 21:59 - 2020-05-01 21:59 - 000003439 _____ () C:\Users\Laurie\AppData\Local\recently-used.xbel
2013-03-10 16:10 - 2013-01-14 08:34 - 000007168 _____ () C:\Users\Laurie\AppData\Local\Z@!-6e88c3a4-640f-4f9f-b2ee-7c551f128a28.tmp

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2020-08-30 14:58
==================== End of FRST.txt ========================

 

 

 

lastly, additons log:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-01-2021
Ran by Laurie (05-01-2021 21:42:36)
Running from F:\
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2010-07-20 00:54:12)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4028747183-1748937531-3781133392-500 - Administrator - Disabled)
Guest (S-1-5-21-4028747183-1748937531-3781133392-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4028747183-1748937531-3781133392-1002 - Limited - Enabled)
Laurie (S-1-5-21-4028747183-1748937531-3781133392-1000 - Administrator - Enabled) => C:\Users\Laurie

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Norton Security Suite (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {255E32D5-E2F8-754A-3F87-286C949C5537}
FW: Norton Security Suite (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 20.02 alpha (HKLM\...\7-Zip) (Version: 20.02 alpha - Igor Pavlov)
Accelerometer (HKLM\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 1.06.08.33 - STMicroelectronics)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Connect Add-in (HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\Adobe Connect Add-in) (Version:  - )
Adobe Flash Player 32 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 32.0.0.465 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon Kindle (HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\Amazon Kindle) (Version: 1.29.0.58059 - Amazon)
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{AC474F86-9A17-4BCB-8B15-11ABFD5B7F95}) (Version: 1.2.3 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.0.2.0 - Synaptics Incorporated)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.18.34 - Dell Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Drive (HKLM\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Google Video Support Plugin (HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 19.12.1000.0 - Google, LLC.)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP Mouse Suite (HKLM\...\{213FF60A-9899-4145-8428-D144778BE117}) (Version: 1.1.2 - Hewlett-Packard)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
InstallVC90Support (HKLM\...\{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}) (Version: 1.01.0000 - Novatel Wireless) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Junk Mail filter update (HKLM\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 84.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 84.0.1 (x86 en-US)) (Version: 84.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 84.0.1.7660 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Security Suite (HKLM\...\NGC) (Version: 22.20.5.39 - Symantec Corporation)
OfficeOne Send To Publisher 3.0 (HKLM\...\Send To Publisher_is1) (Version: 3.0 - OfficeOne)
Online Backup (HKLM\...\Online Backup) (Version: 2.33 - www.backup.com)
Opera Stable 73.0.3856.284 (HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\Opera 73.0.3856.284) (Version: 73.0.3856.284 - Opera Software)
QuickSet32 (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 1.3.3 - Dell Inc.)
Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Vegas Pro 11.0 (HKLM\...\{6AEFCA01-8DF1-11E1-A17B-F04DA23A5C58}) (Version: 11.0.682 - Sony)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.900 - Broadcom Corporation)
Windows Driver Package - Hewlett - Packard (HidUsb) HIDClass  (01/26/2010 1.12.7600.16385) (HKLM\...\A6E523F705B22F88BB9D8884283C37B7A6271523) (Version: 01/26/2010 1.12.7600.16385 - Hewlett - Packard)
Windows Driver Package - Hewlett-Packard (HidUsb) HIDClass  (01/26/2010 1.12.7600.16385) (HKLM\...\BE846670A37757CAE6EC31E7083177405783FCD9) (Version: 01/26/2010 1.12.7600.16385 - Hewlett-Packard)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Laurie\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{04EBE69E-2DED-44F6-9854-9A3988F751ED}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Dropbox\Update\1.3.51.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{2027D000-8CEB-4191-9620-15DD2561855F}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Dropbox\Update\1.3.57.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.36.52\GoogleUpdateOnDemand.exe (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.36.52\GoogleUpdateOnDemand.exe (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Video Support Plugin\19.12.1000.0\googletalkax.dll (Google LLC -> Google)
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.35.443\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett Packard -> Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Laurie\AppData\Local\Google\Update\1.3.33.23\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.35.422\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.34.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.36.32\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{6DDCE70D-A4AE-4E97-908C-BE7B2DB750AD}\localserver32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.36.52\GoogleUpdateOnDemand.exe (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.35.342\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.36.52\psuser.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.34.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.33.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.33.23\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Video Support Plugin\19.12.1000.0\o1dax.dll (Google LLC -> Google)
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.36.52\psuser.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.36.52\GoogleUpdateOnDemand.exe (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.36.52\psuser.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.35.452\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.33.17\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.35.302\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security Suite\Engine\22.20.5.39\buShell.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security Suite\Engine\22.20.5.39\buShell.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security Suite\Engine\22.20.5.39\buShell.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2020-08-08] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security Suite\Engine\22.20.5.39\buShell.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security Suite\Engine\22.20.5.39\NavShExt.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security Suite\Engine\22.20.5.39\NavShExt.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2020-08-08] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2020-08-08] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security Suite\Engine\22.20.5.39\buShell.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security Suite\Engine\22.20.5.39\NavShExt.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2010-07-04 16:19 - 2009-11-03 20:37 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
2013-08-10 06:05 - 2013-08-10 06:05 - 000265216 _____ (Hewlett-Packard Co.) [File not signed] C:\Windows\System32\hpinksts7012LM.dll
2010-07-04 16:19 - 2009-11-03 20:37 - 000077824 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\DTMessageLib.dll
2010-07-04 16:19 - 2009-11-03 20:30 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
2005-07-08 15:11 - 2005-07-08 15:11 - 000018484 _____ (Samsung Electronics.) [File not signed] C:\Windows\System32\BP20LMK.DLL

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [246]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR322 => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.1.0.24
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.1.0.24
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.1.0.24
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USSMB/1
SearchScopes: HKLM -> DefaultScope {B60A0447-F861-44BA-BF17-4E19DE791D32} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {589C9167-4449-433F-A472-AB927B527141} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&l=dis&prt=NGC&chn=1122&geo=US&ver=22.19.9.63&locale=US_en&guid=83B0523B-52C1-11E2-99D8-A4BADBD478D4&doi=2016-09-01&o=APN11913&gct=kwd&qsrc=2869
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security Suite\Engine\22.20.5.39\coIEPlg.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-11-29] (Oracle America, Inc. -> Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-29] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\22.20.5.39\coIEPlg.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\accessallstate.com -> accessallstate.com
IE trusted site: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\aicpcu.org -> aicpcu.org
IE trusted site: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\allstate-lcec.lrn.com -> allstate-lcec.lrn.com
IE trusted site: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\allstate.com -> agencygateway.allstate.com
IE trusted site: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\allstateagencies.com -> allstateagencies.com
IE trusted site: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\allstatehelp.com -> allstatehelp.com
IE trusted site: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\allstateinsurance.skillwsa.com -> allstateinsurance.skillwsa.com
IE trusted site: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\allstateuniversity.com -> allstateuniversity.com
IE trusted site: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\bisyseducation.com -> bisyseducation.com
IE trusted site: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\custhelp.com -> custhelp.com
IE trusted site: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\elementk.com -> elementk.com
IE trusted site: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\gotoassist.com -> gotoassist.com
IE trusted site: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\insmark.com -> insmark.com
IE trusted site: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\insmark.us -> insmark.us
IE trusted site: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\insmarkstore.com -> insmarkstore.com
IE trusted site: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\ivantageselectagency.com -> ivantageselectagency.com
IE trusted site: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\learn.net -> learn.net
IE trusted site: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\nicta.org -> nicta.org
IE trusted site: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\plateau.com -> plateau.com
IE trusted site: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\skillport.com -> hxxps://skillport.com

There are 4 more sites.

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:04 - 2021-01-05 21:18 - 000000852 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Dell\DW WLAN Card\Driver;c:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Windows Live\Shared
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)

==================== Restore Points =========================

04-01-2021 01:47:46 AdwCleaner_BeforeCleaning_04/01/2021_01:47:42

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (01/04/2021 11:11:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MBAMService.exe, version: 3.2.0.943, time stamp: 0x5fbd52f4
Faulting module name: MBAMShim.dll_unloaded, version: 0.0.0.0, time stamp: 0x5faae952
Exception code: 0xc0000005
Fault offset: 0x67816ff0
Faulting process id: 0x94
Faulting application start time: 0x01d6e32dea593c74
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Faulting module path: MBAMShim.dll
Report Id: 38b532e3-4f25-11eb-9ba8-a4badbd478d4

Error: (01/04/2021 09:51:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MBAMService.exe, version: 3.2.0.943, time stamp: 0x5fbd52f4
Faulting module name: BrowserSDKDLL.dll, version: 3.3.0.137, time stamp: 0x5ed17bdf
Exception code: 0x40000015
Fault offset: 0x0021df52
Faulting process id: 0xa64
Faulting application start time: 0x01d6e30cc9dd25a8
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\BrowserSDKDLL.dll
Report Id: 1825edac-4f1a-11eb-ab5a-a4badbd478d4

Error: (01/04/2021 01:47:44 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {bb6caa72-a637-4e64-8f69-3fd84ec2a70a}

Error: (01/03/2021 10:46:21 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (01/03/2021 03:42:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.14913.1002, time stamp: 0x57d102c7
Faulting module name: devinv.dll, version: 10.0.14913.1002, time stamp: 0x57d1049e
Exception code: 0xc0000005
Fault offset: 0x0002ec20
Faulting process id: 0xbb0
Faulting application start time: 0x01d6e224deb14e2a
Faulting application path: C:\Windows\system32\CompatTelRunner.exe
Faulting module path: C:\Windows\system32\devinv.dll
Report Id: 5d846db5-4e1d-11eb-b664-a4badbd478d4

Error: (12/27/2020 07:00:07 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (12/25/2020 06:57:09 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (12/14/2020 12:16:50 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

System errors:
=============
Error: (01/05/2021 09:21:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (01/05/2021 09:19:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bluetooth Service service failed to start due to the following error: 
The pipe has been ended.

Error: (01/05/2021 09:19:18 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv.dll

Error: (01/05/2021 09:19:18 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv.dll

Error: (01/05/2021 09:18:52 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv.dll

Error: (01/05/2021 09:18:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/05/2021 09:18:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The FF Install Filter Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/05/2021 09:18:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Windows Defender:
===================================
Date: 2021-01-04 18:35:41.570
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{15F90D65-8577-42E4-A79B-5C604F43C97E}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2015-03-30 10:27:23.873
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{8079436B-1115-48B5-AAD4-9C6695E6798B}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2014-08-16 09:35:24.582
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/WebCake&threatid=198788
Name:Adware:Win32/WebCake
ID:198788
Severity:High
Category:Adware
Path Found:file:C:\Program Files\WebCake\WebCakeDesktop.Updater.exe;folder:C:\Program Files\WebCake\;folder:C:\Users\Laurie\AppData\Roaming\WebCake\;process:pid:2536,ProcessStart:130526781962388488;service:WebCake Desktop Updater
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:C:\Windows\System32\svchost.exe

Date: 2014-08-16 09:34:45.176
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/WebCake&threatid=198788
Name:Adware:Win32/WebCake
ID:198788
Severity:High
Category:Adware
Path Found:file:C:\Program Files\WebCake\WebCakeDesktop.Updater.exe;process:pid:2536,ProcessStart:130526781962388488
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:C:\Windows\System32\svchost.exe

==================== Memory info =========================== 

BIOS: Dell Inc. A03 04/26/2010
Motherboard: Dell Inc. 04H5M5
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 88%
Total physical RAM: 2998.68 MB
Available physical RAM: 330.35 MB
Total Virtual: 5995.69 MB
Available Virtual: 2614.69 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:29.94 GB) NTFS
Drive f: (USB DISK) (Removable) (Total:3.61 GB) (Free:1.94 GB) FAT32

\\?\Volume{d67856ff-87d9-11df-ba01-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.37 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: DED48D4C)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.4 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.6 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=3.6 GB) - (Type=0C)

==================== End of Addition.txt =======================

 

 

I am curious.  what does farbar focus mainly on the scans?

 

 

 

[kevinf80]

Hiya Mcruz_20,

Thanks for those logs, continue:

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from. NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more. NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The following directories are emptied:   Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. Next, Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...   Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs Let me see those logs in your reply.. Thank you, Kevin..

 

fixlist.txt

[Mcruz_20]

I just realized, where are my manners?  Kevin, thank you for taking the time to help me.

The result from Farbar fix scan:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 05-01-2021
Ran by Laurie (06-01-2021 20:55:09) Run:1
Running from F:\
Loaded Profiles: Laurie
Boot Mode: Normal

==============================================

fixlist content:
*****************
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
StartRegedit:
Windows Registry Editor Version 5.00
[-HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}]
[-HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}] 
EndRegedit:
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16" <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {329423E0-C9A7-42F1-AF3B-10B490F9BACB} - System32\Tasks\{E9528341-1F1B-49EF-9D61-444AD27061EF} => C:\Windows\system32\pcalua.exe -a C:\Users\Laurie\AppData\Local\Temp\jre-8u111-windows-au.exe -d C:\Windows\system32 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
FF HKLM\...\Firefox\Extensions: [ext@RichMediaViewV1release7203.net] - C:\Program Files\RichMediaViewV1\RichMediaViewV1release7203\ff => not found
FF HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\...\Firefox\Extensions: [singalong@xenophesoft.com] - C:\Program Files\SingAlong\FF => not found
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr&chn=prev
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
S3 NAVENG; \??\C:\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160703.018\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160703.018\NAVEX15.SYS [X]
S3 Nmea; system32\DRIVERS\pctnullport.sys [X]
S3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [X]
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X] 
2013-03-10 16:10 - 2013-01-14 08:34 - 000007168 _____ () C:\Users\Laurie\AppData\Local\Z@!-6e88c3a4-640f-4f9f-b2ee-7c551f128a28.tmp 
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{04EBE69E-2DED-44F6-9854-9A3988F751ED}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Dropbox\Update\1.3.51.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{2027D000-8CEB-4191-9620-15DD2561855F}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Dropbox\Update\1.3.57.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.35.443\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Laurie\AppData\Local\Google\Update\1.3.33.23\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.35.422\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.34.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.36.32\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.35.342\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.36.52\psuser.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.34.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.33.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.33.23\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.35.452\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.33.17\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.35.302\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Laurie\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [246] 
Toolbar: HKU\S-1-5-21-4028747183-1748937531-3781133392-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
C:\Program Files\WebCake
Hosts:
cmd: "%WINDIR%\SYSTEM32\lodctr.exe" /R
cmd: "%WINDIR%\SysWOW64\lodctr.exe" /R
cmd: "%WINDIR%\SYSTEM32\lodctr.exe" /R
cmd: "%WINDIR%\SysWOW64\lodctr.exe" /R
cmd: sfc /scannow
C:\Windows\Temp\*.*
EmptyTemp:

*****************

SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.
Registry ====> The operation completed successfully.
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir" => removed successfully.
SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16" <==== ATTENTION => Error: No automatic fix found for this entry.
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{329423E0-C9A7-42F1-AF3B-10B490F9BACB}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{329423E0-C9A7-42F1-AF3B-10B490F9BACB}" => removed successfully.
C:\Windows\System32\Tasks\{E9528341-1F1B-49EF-9D61-444AD27061EF} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E9528341-1F1B-49EF-9D61-444AD27061EF}" => removed successfully.
"HKLM\Software\Mozilla\Firefox\Extensions\\ext@RichMediaViewV1release7203.net" => removed successfully.
"HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\Software\Mozilla\Firefox\Extensions\\singalong@xenophesoft.com" => removed successfully.
"Chrome DefaultSearchURL" => removed successfully.
"Chrome DefaultSuggestURL" => removed successfully.
HKLM\System\CurrentControlSet\Services\NAVENG => could not remove. Access Denied.
HKLM\System\CurrentControlSet\Services\NAVEX15 => could not remove. Access Denied.
HKLM\System\CurrentControlSet\Services\Nmea => removed successfully.
Nmea => service removed successfully.
HKLM\System\CurrentControlSet\Services\PCTINDIS5 => removed successfully.
PCTINDIS5 => service removed successfully.
HKLM\System\CurrentControlSet\Services\SWDUMon => removed successfully.
SWDUMon => service removed successfully.
C:\Users\Laurie\AppData\Local\Z@!-6e88c3a4-640f-4f9f-b2ee-7c551f128a28.tmp => moved successfully
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{04EBE69E-2DED-44F6-9854-9A3988F751ED} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{2027D000-8CEB-4191-9620-15DD2561855F} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9} => removed successfully.
HKU\S-1-5-21-4028747183-1748937531-3781133392-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E} => removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1 => removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2 => removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3 => removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay => removed successfully.
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
"HKU\S-1-5-21-4028747183-1748937531-3781133392-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully.
"C:\Program Files\WebCake" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========

Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========

========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========

The system cannot find the path specified.

========= End of CMD: =========

========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========

Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========

========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========

The system cannot find the path specified.

========= End of CMD: =========

========= sfc /scannow =========

Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.
Verification 0% complete.Verification 1% complete.Verification 2% complete.Verification 3% complete.Verification 4% complete.Verification 5% complete.Verification 6% complete.Verification 7% complete.Verification 8% complete.Verification 8% complete.Verification 9% complete.Verification 10% complete.Verification 11% complete.Verification 12% complete.Verification 13% complete.Verification 14% complete.Verification 15% complete.Verification 16% complete.Verification 16% complete.Verification 17% complete.Verification 18% complete.Verification 19% complete.Verification 20% complete.Verification 21% complete.Verification 22% complete.Verification 23% complete.Verification 24% complete.Verification 24% complete.Verification 25% complete.Verification 26% complete.Verification 27% complete.Verification 28% complete.Verification 29% complete.Verification 30% complete.Verification 31% complete.Verification 32% complete.Verification 32% complete.Verification 33% complete.Verification 34% complete.Verification 35% complete.Verification 36% complete.Verification 37% complete.Verification 38% complete.Verification 39% complete.Verification 40% complete.Verification 40% complete.Verification 41% complete.Verification 42% complete.Verification 43% complete.Verification 44% complete.Verification 45% complete.Verification 46% complete.Verification 47% complete.Verification 48% complete.Verification 48% complete.Verification 49% complete.Verification 50% complete.Verification 51% complete.Verification 52% complete.Verification 53% complete.Verification 54% complete.Verification 55% complete.Verification 56% complete.Verification 56% complete.Verification 57% complete.Verification 58% complete.Verification 59% complete.Verification 60% complete.Verification 61% complete.Verification 62% complete.Verification 63% complete.Verification 64% complete.Verification 64% complete.Verification 65% complete.Verification 66% complete.Verification 67% complete.Verification 68% complete.Verification 69% complete.Verification 70% complete.Verification 71% complete.Verification 72% complete.Verification 72% complete.Verification 73% complete.Verification 74% complete.Verification 75% complete.Verification 76% complete.Verification 77% complete.Verification 78% complete.Verification 79% complete.Verification 80% complete.Verification 80% complete.Verification 81% complete.Verification 82% complete.Verification 83% complete.Verification 84% complete.Verification 85% complete.Verification 86% complete.Verification 87% complete.Verification 88% complete.Verification 88% complete.Verification 89% complete.Verification 90% complete.Verification 91% complete.Verification 92% complete.Verification 93% complete.Verification 94% complete.Verification 95% complete.Verification 96% complete.Verification 96% complete.Verification 97% complete.Verification 98% complete.Verification 99% complete.Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

========= End of CMD: =========

=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\AdobeARM.log => moved successfully
C:\Windows\Temp\ArmUI.ini => moved successfully
C:\Windows\Temp\mbamiservice.log => moved successfully
C:\Windows\Temp\mb_errors508.log => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 180477551 B
Java, Flash, Steam htmlcache => 1219 B
Windows/system/drivers => 10744262 B
Edge => 0 B
Chrome => 458073380 B
Firefox => 27960023 B
Opera => 379288458 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 66228 B
ProgramData => 66228 B
systemprofile => 81155236 B
LocalService => 81287480 B
NetworkService => 82171172 B
Laurie => 128024619 B

RecycleBin => 1878031 B
EmptyTemp: => 1.3 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 06-01-2021 21:21:43)

Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\NAVENG => could not remove. Access Denied.
HKLM\System\CurrentControlSet\Services\NAVEX15 => could not remove. Access Denied.

==== End of Fixlog 21:21:43 ====

 

 

As for the Sophos Logs I can't seem to find one.

Attached are the image of where I was trying to navigate to the log

When I checked the engine, sct boot driver, & skmscan folders, none of the files in there were text txt.  files. If I am missing something please let me know.

 

Also attaching the screenshot of the scan result.  There was no interruptions or pause on scan asking me to verify if I'd like to have the virus removed.

 

 

Tried clicking on details, which did not direct me to a log of information.  I guess it would only show if there was a threat was found?

I am confused.  Does this mean the computer does not have a virus?  How is sopho scan different from the adwcleaner? Are they both similar, in terms of detecting and removing viruses or malware?

 

Mcruz_20

 

 

[kevinf80]

Hello Mcruz_20,

Thanks for those logs, sophos does not produce a log when system is clean.

AdwCleaner is basically an adware and bloatware removal tool...

Sophos AV tool finds and removes all types of malicious software on your computer—including viruses, spyware, rootkits and fast-spreading worms such as Conficker etc...

How is your PC responding now, any remaining issues or concerns..

Thank you,

Kevin

[Mcruz_20]

The speed of my computer is about the same, I see fewer pop ups compared to before. Not sure if it's because of MalwareBytes or Sopho.  Since the result of Sopho came clean, I feel a bit more at peace.  Yet I'm still unsettled from the scan I have gotten from the AdwCleaner. It's still shows PUP yet still won't go away, at the same time my mind can't help, but see viruses as malware, pup, trojans, etc. 

 

How concerned should I be in regards to these 2 pup?  Over time, wouldn't they multiply?

 

 

 

[kevinf80]

Hiya Mcruz_20,

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.   Your PC should reboot when FRST completes the fix...   Thank you,   Kevin..

fixlist.txt

[Mcruz_20]

Hello Kevin,

I still have the first fixlog on my comp.  Is it okay for me to delete that version?

Earlier after I sent the previous post, I have checked my personal email, on both chrome and opera browsers.  At first I thought the website was down. On both Chrome and Opera I was directed to a page with the message saying 'your connection is not private'.

 

 

When I logged into my email on Chrome the Skype icon disappears, and on Opera browser, it shows the 'Your connection is not private' page.

I am on my personal email more frequently than I am on my business email.

Firefox I had no issues with.

[kevinf80]

Yes you can delete previous frst text files if you want... Regarding the alert from your Chrome and Opera browsers, well that fact is basically true; thats why we have security installed to stop sniffer connections, redirects and hacks. They may also be trying to get you to buy a VPN...

[Mcruz_20]

Is there a way this could be resolved for Chrome and Opera?  Chrome is something I use out of habit, Opera I've been trying to use more frequently.

 

This is the second time I'm getting this message.  The first time i got it was before I ran the first 'fix scan'.  Is it still safe to run the 'fix scan'?

 

in the previous text, it was mentioned

 

Could this be why that I lost the ability to use some pages in chrome?  Or is this two entirely different topic?  To me the definition of failed to update means, it did not update (being a few days or a few months...). vs. outdated being very old as in 3 or 4 years. January 5th was only 3 days ago... Which is why I originally ran the scan. 

 

I did not get this message when I ran the very first 'scan' scan.

[kevinf80]

Did you run the FRST fix...?

[Mcruz_20]

For the second run of the FRST fix, I have not yet.

[kevinf80]

Can you do that please...

[Mcruz_20]

I ran the FRST

 

the result:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 05-01-2021
Ran by Laurie (08-01-2021 15:50:42) Run:1
Running from F:\
Loaded Profiles: Laurie
Boot Mode: Normal

==============================================

fixlist content:
*****************
CloseProcesses:
Unlock: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
REG: reg delete HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC} /f
Unlock: HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
REG: reg delete HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1} /f
Reboot:

*****************

Processes closed successfully.
"HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}" => was unlocked

========= reg delete HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC} /f =========

The operation completed successfully.

 

========= End of Reg: =========

"HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}" => was unlocked

========= reg delete HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1} /f =========

The operation completed successfully.

 

========= End of Reg: =========

 

The system needed a reboot.

==== End of Fixlog 15:50:44 ====

[kevinf80]

Hiya Mcruz_20,

Thanks for those logs, continue:

Use the instructions in the following link to reset Chrome:

https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/

Let me know if that makes any difference to the way Chrome now works...

Thank you,

Kevin...

[Mcruz_20]

The scan no longer shows the PUP.  I feel so relieved!  THANK YOU!!!!

 

As for Chrome there have been no changes.  

[kevinf80]

Thanks for that confirmation on Chrome, what about your other browsers, do they still have issues..?

[Mcruz_20]

I am still having the same issues with Opera browser.  I also find that downloads are restricted, as well as I'm not able to access my storage on onedrive, whether I am using Chrome or Opera.

[kevinf80]

Personally I`ve never used Opera so have knowledge regarding a fix. Have a read at the following link, see if that helps...

https://windowsreport.com/opera-not-responding-windows-8/

For onedrive common issues have a look at the following link...

https://support.microsoft.com/en-us/office/fixes-or-workarounds-for-recent-issues-in-onedrive-36110213-f3f6-490d-8cb7-3833539def0b

Let me know if that helps..

 

[Mcruz_20]

Malware is blocking it due to trojan.

[kevinf80]

That is from your downloads folder, did you download that yourself?

[Mcruz_20]

Yes. I downloaded it myself using fire fox browser.  I don't remember the last time I used Firefox and figured this is the default setting since I barely touched it.

[kevinf80]

That is for supposedly for helping to enhance your system, I would delete it and never install such software...

[Mcruz_20]

I was hesitant since the domain was not an actual company name.

Do you think uninstalling and reinstalling Opera would work?