Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

New "Computer has been infected" pop-ups [Solved]

Started by Krueg9651 , Sep 18 2021 01:01 PM

  • This topic is locked This topic is locked

#1
Krueg9651
Posted 18 September 2021 - 01:01 PM

Krueg9651

    Member

  • Member
  • PipPipPip
  • 136 posts

Good afternoon,

 

First off, it's been a few years since I have had a computer infection, but just wanted to say that you guys are seriously doing God's work.   You have been incredible in the past and I thank you for creating this blog community!

 

Recently, I was searching for funny Spanish memes (Spanish teacher), and I visited a website that ended up giving me non-stop malware pop-up screens ever since.  I don't plan on doing this again in the future!  

 

I am getting non-stop "Your computer may be infected" pop-ups with different ads for "anti-virus" programs.   Below are my logs.  Thank you again:

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-09-2021
Ran by krueg_000 (administrator) on KRUEGER (Dell Inc. XPS 12-9Q33) (18-09-2021 13:50:14)
Running from C:\Users\krueg_000\OneDrive\Desktop\Anti-virus gear
Loaded Profiles: krueg_000
Platform: Windows 10 Home Version 20H2 19042.1165 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Compal Electronics, Inc. -> Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google Inc -> Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <25>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler64.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation - pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation -> Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Intel Corporation-Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Wireless Display -> Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(Intel® Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\krueg_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20388.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <4>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-05-08] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Compal Electronics, Inc. -> Dell Inc.)
HKLM\...\Run: [RtHDVBg_MA3Firmware] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25624208 2017-11-10] (Google Inc -> Google)
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\Run: [0F6421E269616DEEA6FF88A7BC7FC248079E5352._service_run] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=service /prefetch:8
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\Run: [GoogleChromeAutoLaunch_4A8E26FD5AFB3D56D0E2C9C8176A95D7] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\Run: [MicrosoftEdgeAutoLaunch_38A5A74C0F574CCAB915AEF4FDB30067] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
HKLM\...\Print\Monitors\HP C511 Status Monitor: C:\WINDOWS\system32\hpinkstsC511LM.dll [333496 2013-01-25] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\93.0.4577.82\Installer\chrmstp.exe [2021-09-15] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {000D7066-BE6D-4204-BAE6-C3E4B77DA02A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {094CD275-5C71-4753-B57E-5566CA859498} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {0E2825D2-0C1D-411C-918B-39735947DBB1} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [704824 2013-03-01] (Intel Corporation -> Intel)
Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {15ACE092-13D6-45C4-8B34-AF0EB774017C} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {1D944798-D791-455D-89AE-0463C05E5709} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1DA3C42D-A8DE-4436-86D8-84F238EF7E49} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {204DB95F-E364-4C00-8E6F-73920F42073F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {23A5C104-67C6-46F2-A56E-92D809EDF88D} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [6762544 2012-07-09] (Dell Inc. -> Dell, Inc.)
Task: {26402EE7-8AEC-4B8B-873A-5436C4114B76} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4167080 2018-09-26] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {2F8BF9BF-58D1-4710-95AD-9E97641CD6BC} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {305A155F-C5E6-492B-BA66-F727A1B80C95} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {38293130-3792-46D6-8C05-45AC2C60836A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4B29DC52-C765-4E1F-B06F-E2F85489CB35} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT-KB890830.exe [133326408 2017-12-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {4BA2AB30-011A-492B-BF82-6A8F4EF15412} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4C1CB5E4-059F-4211-8A64-5D6E214CCB1F} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => c:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [257824 2013-03-08] (Intel® Services Manager -> Intel Corporation)
Task: {555CC8DA-CF40-4476-B125-B00CE91CD040} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {62E83378-ADB9-41C0-B3E6-C4770DBD82CA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2016-05-10] (Google Inc -> Google Inc.)
Task: {699D51B8-F9BF-4EF1-B66F-851F861D551D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {7415C419-F73C-4070-83B7-8C1D1B61544B} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1060384 2021-08-20] (Dell Inc -> Dell Inc.)
Task: {781458CE-0C21-4C35-8545-6F6EE7B9F505} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7F09F9AC-5149-4A84-B1EF-A1C674E68371} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {9588A41A-DABE-470E-A95C-8E65CC3F1DAB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2016-05-10] (Google Inc -> Google Inc.)
Task: {95B34C76-E17F-4602-8804-29DEA9BBF53D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972184 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {9C13FAC4-4897-4753-954F-00A277365FF3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972184 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {A18158E8-A929-44BB-ABD6-92E3DD4DCF7E} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {A73D296B-BC0D-4632-899B-DDADEEA2F73A} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => c:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [257824 2013-03-08] (Intel® Services Manager -> Intel Corporation)
Task: {ACF28D57-BA7B-4FB2-AF23-9894B1B028E0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B93AED90-7980-4E53-92E7-ED3704A7D5CE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {CD22E04C-F218-43FB-AF66-F58F067C4A6F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D4201702-8AAC-4FBF-95A1-E6037529C9D8} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {DBC7CDB5-F34B-4E88-BC09-23631BC394F1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [1140624 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {DFF2716A-9978-4791-98AE-2BF5C363692A} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {E17EEE6F-492E-4DD4-BC31-397D715F317A} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {E45627EC-4364-4090-ACA7-4140DFA7A344} - System32\Tasks\GoogleUpdateTaskMachineCore1d7365d9a2ebf11 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2016-05-10] (Google Inc -> Google Inc.)
Task: {F966943E-D2A6-43A7-91E4-3394E4648F16} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FA77E5CF-EF89-4EE4-91CA-81FBABF91106} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{3b952fb4-d066-4581-a0db-ea39b29d30d0}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\krueg_000\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-18]
 
FireFox:
========
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-14] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-14] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN) [File not signed]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default [2021-09-18]
CHR Notifications: Default -> hxxps://meet.google.com; hxxps://padlet.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://www.wvhs204.org/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Floorplanner) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag [2020-05-24]
CHR Extension: (Docs) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-23]
CHR Extension: (Google Drive) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21]
CHR Extension: (Skype Calling) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2020-05-24]
CHR Extension: (YouTube) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-14]
CHR Extension: (Google Search) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-21]
CHR Extension: (InsertLearning) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dehajjkfchegiinhcmoclkfbnmpgcahj [2021-05-09]
CHR Extension: (The QR Code Generator) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2020-05-24]
CHR Extension: (Google Docs Offline) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-07]
CHR Extension: (Video Recorder for WeVideo) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaiglpeefdoagfbbfhjfbmomnfobojia [2020-05-24]
CHR Extension: (Grammarly for Chrome) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-09-18]
CHR Extension: (Pocket Must Reads) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlnnopicjonfamklpcdfnbcomdlopmof [2020-05-24]
CHR Extension: (Screencastify - Screen Video Recorder) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2021-09-18]
CHR Extension: (No Name) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2020-05-24]
CHR Extension: (Save to Pocket) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2020-11-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Pear Deck Power-Up) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\paijmjmfnjcbjlimjeminlepannmimbi [2021-06-05]
CHR Extension: (Gmail) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Profile: C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-09-18]
CHR Profile: C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-08-18]
CHR Extension: (Slides) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-07-23]
CHR Extension: (Docs) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-07-23]
CHR Extension: (Google Drive) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-07-23]
CHR Extension: (YouTube) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-07-23]
CHR Extension: (Sheets) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-07-23]
CHR Extension: (Google Docs Offline) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-23]
CHR Extension: (Gmail) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-07-23]
CHR Extension: (Chrome Media Router) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-08-09]
CHR Profile: C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2 [2021-09-18]
CHR Notifications: Profile 2 -> hxxps://besty-deals.com; hxxps://kokotrokot.com; hxxps://matrix-news.org; hxxps://matrixstar.net; hxxps://www.facebook.com; hxxps://www.webconsultas.com; hxxps://www1.news-back.org
CHR HomePage: Profile 2 -> hxxp://wvhs204.org/
CHR StartupUrls: Profile 2 -> "hxxp://wvhs204.org/","hxxps://espipe.sungardk12saas.com/TAC/Account/LogOn?ReturnUrl=%2fTAC"
CHR Extension: (Slides) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-08-12]
CHR Extension: (QR Code Generator) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\afpbjjgbdimpioenaedcjgkaigggcdpp [2021-08-29]
CHR Extension: (Mobility Print) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\alhngdkjgnedakdlnamimgfihgkmenbh [2021-08-29]
CHR Extension: (Docs) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2021-08-12]
CHR Extension: (Google Drive) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-08-12]
CHR Extension: (Newsela) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bfpeiapdhnegnfcfkdfihabadngjagfj [2021-08-29]
CHR Extension: (YouTube) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-08-12]
CHR Extension: (School Video Recorder for Google Drive) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\boohghjaeankjfihomdfhimfgifblngd [2021-08-29]
CHR Extension: (Gopher Buddy) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cgbbbjmgdpnifijconhamggjehlamcif [2021-08-29]
CHR Extension: (InsertLearning) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dehajjkfchegiinhcmoclkfbnmpgcahj [2021-08-29]
CHR Extension: (Lightspeed User Agent) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eodeiibdcpipgedfgkolnhajjdokejdh [2021-08-29] [UpdateUrl:hxxp://lightspeed-apps.s3.amazonaws.com/chrome/user_agent/ChromeUserAgent.xml] <==== ATTENTION
CHR Extension: (OrbitDoc) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\feepmdlmhplaojabeoecaobfmibooaid [2021-09-18]
CHR Extension: (Sheets) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-08-12]
CHR Extension: (Google Docs Offline) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-08-12]
CHR Extension: (Google Keep - Notes and Lists) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2021-09-18]
CHR Extension: (Video Recorder for WeVideo) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iaiglpeefdoagfbbfhjfbmomnfobojia [2021-08-29]
CHR Extension: (Bomgar Remote Support) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ipfljipbjloahhabacnofonhfbddnajm [2021-08-29]
CHR Extension: (Grammarly for Chrome) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-09-07]
CHR Extension: (Zoom Scheduler) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kgjfgplpablkjnlkjmjdecgdpfankdle [2021-09-01]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2021-09-18]
CHR Extension: (Google Classroom) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mfhehppjhmmnlfbbopchdfldgimhfhfk [2021-08-31]
CHR Extension: (Screencastify - Screen Video Recorder) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2021-09-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-12]
CHR Extension: (Draftback) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nnajoiemfpldioamchanognpjmocgkbg [2021-08-29]
CHR Extension: (WordReference Extension) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ofnmflhedfocnfnoafgcojkllnmdipoj [2021-08-29]
CHR Extension: (Texthelp PDF Reader App) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ohfjebjepnlldifcbcfmopifaebcjehc [2021-08-29]
CHR Extension: (Print Friendly & PDF) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2021-08-29]
CHR Extension: (Video Editor for Chromebook & more: Free app) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2021-08-29]
CHR Extension: (Pear Deck Power-Up) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\paijmjmfnjcbjlimjeminlepannmimbi [2021-08-29]
CHR Extension: (Gmail) - C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-08-12]
CHR Profile: C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\System Profile [2021-09-18]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-03-15] (Intel Wireless Display -> Intel)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3052952 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [426528 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3835424 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [452640 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe [1020584 2021-07-28] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38600 2021-07-20] (Dell Inc -> )
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [161736 2013-04-15] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39968 2021-08-20] (Dell Inc -> Dell Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe [2772856 2021-09-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe [136640 2021-09-12] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AMPPAL; C:\WINDOWS\System32\drivers\AMPPAL.sys [165344 2013-05-21] (Intel Corporation-Mobile Wireless Group -> Windows ® Win 7 DDK provider)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 DBUtilDrv2; C:\WINDOWS\System32\drivers\DBUtilDrv2.sys [24968 2021-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [43400 2021-07-28] (Microsoft Windows Hardware Compatibility Publisher -> Dell Technologies)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-07-27] (Techporch Incorporated -> Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
S3 hswultpep; C:\WINDOWS\System32\drivers\hswultpep.sys [62968 2013-02-08] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
S3 iaLPSS_UART; C:\WINDOWS\System32\drivers\iaLPSS_UART.sys [142840 2013-02-08] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [207256 2013-03-15] (Intel Wireless Display -> Windows ® Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-09-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [433384 2021-09-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86264 2021-09-12] (Microsoft Windows -> Microsoft Corporation)
S3 WPRO_41_2001; C:\WINDOWS\System32\drivers\WPRO_41_2001.sys [34752 2016-06-18] (Intel® Smart Connect software -> )
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-09-17 18:43 - 2021-09-17 18:43 - 000000000 ___HD C:\$WinREAgent
2021-09-15 23:52 - 2021-09-18 13:50 - 000000000 ____D C:\FRST
2021-09-15 19:34 - 2021-09-15 19:34 - 000024968 _____ (Dell) C:\WINDOWS\system32\Drivers\DBUtilDrv2.sys
2021-08-29 17:20 - 2021-08-29 17:20 - 000000000 ____D C:\Users\krueg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-09-18 13:50 - 2021-03-01 01:49 - 000004160 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{203598EA-E27F-4818-8B3B-097F45E5FCFE}
2021-09-18 13:50 - 2014-06-23 20:14 - 000000000 ____D C:\Program Files (x86)\Google
2021-09-18 13:49 - 2020-07-15 07:28 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-09-18 13:47 - 2016-06-04 22:49 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-09-18 13:47 - 2016-06-04 20:44 - 000000000 __SHD C:\Users\krueg_000\IntelGraphicsProfiles
2021-09-17 23:56 - 2021-03-01 01:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-09-17 23:56 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-09-17 18:59 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-09-17 18:45 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-09-17 18:45 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-09-17 18:43 - 2014-07-07 12:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-09-17 18:39 - 2014-07-07 12:12 - 135637312 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-09-15 23:52 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-09-15 19:34 - 2014-07-21 20:50 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-09-12 20:28 - 2020-05-24 12:20 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-09-07 23:45 - 2021-03-01 01:49 - 000003372 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2550471563-1257076527-2971406527-1001
2021-09-07 23:45 - 2021-02-28 15:21 - 000002436 _____ C:\Users\krueg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-09-07 21:27 - 2021-03-01 01:52 - 001776288 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-09-07 21:27 - 2021-02-28 14:50 - 000788518 _____ C:\WINDOWS\system32\perfh00A.dat
2021-09-07 21:27 - 2021-02-28 14:50 - 000155960 _____ C:\WINDOWS\system32\perfc00A.dat
2021-09-07 21:20 - 2021-03-01 01:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-09-07 21:20 - 2021-03-01 01:40 - 000008192 ___SH C:\DumpStack.log.tmp
2021-09-07 21:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-09-07 21:20 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-09-05 21:11 - 2020-09-29 20:34 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-01 23:49 - 2013-11-30 17:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2021-09-01 23:47 - 2021-03-01 01:49 - 000003916 _____ C:\WINDOWS\system32\Tasks\Dell SupportAssistAgent AutoUpdate
2021-08-30 20:47 - 2016-08-10 22:12 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-08-25 18:18 - 2014-06-23 20:02 - 000000000 ____D C:\Program Files\Microsoft Office 15
 
==================== FLock ==============================
 
2013-11-30 18:04 C:\System Recovery
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-09-2021
Ran by krueg_000 (18-09-2021 13:54:28)
Running from C:\Users\krueg_000\OneDrive\Desktop\Anti-virus gear
Windows 10 Home Version 20H2 19042.1165 (X64) (2021-03-01 06:49:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-2550471563-1257076527-2971406527-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2550471563-1257076527-2971406527-503 - Limited - Disabled)
Guest (S-1-5-21-2550471563-1257076527-2971406527-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2550471563-1257076527-2971406527-1003 - Limited - Enabled)
krueg_000 (S-1-5-21-2550471563-1257076527-2971406527-1001 - Administrator - Enabled) => C:\Users\krueg_000
WDAGUtilityAccount (S-1-5-21-2550471563-1257076527-2971406527-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{03A9F528-A754-460F-B2C1-AC125A147114}) (Version: 2.8.5000.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell SupportAssist (HKLM\...\{9EF0AEB0-9AD2-40E6-8667-D7520C508941}) (Version: 3.10.3.3 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{900D0BCD-0B86-4DAA-B639-89BE70449569}) (Version: 5.4.1.14954 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{ec40a028-983b-4213-af2c-77ed6f6fe1d5}) (Version: 5.4.1.14954 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.70 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{944FB5B0-9588-45FD-ABE8-73FC879801ED}) (Version: 4.1.0 - Dell Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 93.0.4577.82 - Google LLC)
Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
Intel Anti-Theft Discovery App (HKLM-x32\...\{707248B9-2D34-4D77-A5C6-2A8A54848E5A}) (Version: 1.1.0.7 - Intel Corporation)
Intel Experience Center - Configuration (HKLM-x32\...\{C73A16B7-AC35-4262-9BAF-DA9B2039A563}) (Version: 1.5.0.0 - Intel) Hidden
Intel® Experience Center Desktop Software (HKLM-x32\...\{e4fefc02-cd6c-45e3-8974-e7357e71da40}) (Version: 1.5.0.0 - Intel)
Intel® Experience Center Driver (HKLM-x32\...\{16660b76-bdc5-47cf-b28d-846120a1ee76}) (Version: 1.0.90.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.2.1489 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4312 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1008 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Smart Connect Technology 4.1 x64 (HKLM\...\{405EF630-AF8C-4A69-9CAF-6D5B8C1C005B}) (Version: 4.1.40.2143 - Intel)
Intel® Update Manager (HKLM-x32\...\{20D9D0D9-1659-4775-992E-5F5650AD9B87}) (Version: 1.6.0.56 - Intel Corporation) Hidden
Intel® WiDi (HKLM\...\{28B4FCD3-1E17-411F-B56A-769DCF9169E0}) (Version: 4.1.14.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 93.0.961.52 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.5371.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\OneDriveSetup.exe) (Version: 21.160.0808.0002 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
NXPProximityInstaller (HKLM-x32\...\NXPProximityInstaller) (Version: 6.3.1.0 - NXP Semiconductors)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5371.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5371.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5371.1000 - Microsoft Corporation) Hidden
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.018 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22391 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\...\ZoomUMX) (Version: 5.5.2 (12494.0204) - Zoom Video Communications, Inc.)
 
Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-05-24] (Amazon.com)
Dell | Getting Started with Windows 8 -> C:\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2 [2014-06-23] (Dell Inc)
Dell Shop -> C:\Program Files\WindowsApps\DellInc.DellShop_2.2.1.0_neutral__htrsf667h5kn2 [2020-05-24] (Dell Inc)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.10.6.0_x64__htrsf667h5kn2 [2021-09-01] (Dell Inc)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_130.1.323.0_x64__v10z8vjag6ke6 [2021-08-18] (HP Inc.)
Intel® Experience Center -> C:\Program Files\WindowsApps\AppUp.IntelExperienceCenter_1.9.1.8_x64__8j3eq9eme6ctt [2014-06-23] (INTEL CORP)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2016-06-06] (AMZN Mobile LLC)
McAfee® Central for Dell -> C:\Program Files\WindowsApps\McAfeeInc.01.McAfeeSecurityAdvisorforDell_5.0.167.1_x64__n49tcsmxt2t2c [2020-05-24] (McAfee Inc)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-05-24] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-05-24] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-02] (Microsoft Studios) [MS Ad]
MSN Recetas -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2016-06-06] (Microsoft Corporation) [MS Ad]
MSN Salud y Bienestar -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2016-06-06] (Microsoft Corporation) [MS Ad]
MSN Viajes -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2016-06-06] (Microsoft Corporation) [MS Ad]
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2016-06-06] (Microsoft Corporation) [MS Ad]
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2020-05-24] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.DLL [2013-04-19] (SoftThinks -> )
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.DLL [2013-04-19] (SoftThinks -> )
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google Inc -> Google)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google Inc -> Google)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-11-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\krueg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - Notes and Lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 2" --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\krueg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Mobility Print.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 2" --app-id=alhngdkjgnedakdlnamimgfihgkmenbh
ShortcutWithArgument: C:\Users\krueg_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\509bffb6bc1cf486\Screencastify - Screen Video Recorder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mmeijimgabbpbgpdklnllpncmdofkcpn
 
==================== Loaded Modules (Whitelisted) =============
 
2021-09-18 13:47 - 2021-09-18 13:47 - 000088064 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\_ctypes.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000128512 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\_elementtree.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000914432 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\_hashlib.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000027648 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\_multiprocessing.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000036864 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\_psutil_windows.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000046080 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\_socket.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 001303552 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\_ssl.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000020480 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\_yappi.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000012800 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\common.time34.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000007168 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\hashobjs_ext.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000127488 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\pyexpat.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000682496 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\pysqlite2._sqlite.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000364544 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\pythoncom27.dll
2021-09-18 13:47 - 2021-09-18 13:47 - 000110080 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\pywintypes27.dll
2021-09-18 13:47 - 2021-09-18 13:47 - 000010240 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\select.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000017920 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\thumbnails_ext.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000686080 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\unicodedata.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000088064 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\usb_ext.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000098816 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\win32api.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000320512 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\win32com.shell.shell.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000011264 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\win32crypt.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000018432 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\win32event.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000119808 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\win32file.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000167936 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\win32gui.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000038912 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\win32inet.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000025600 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\win32pdh.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000024064 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\win32pipe.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000035840 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\win32process.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000017408 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\win32profile.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000108544 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\win32security.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000022528 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\win32ts.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000078848 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\wx._animate.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 001067008 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\wx._controls_.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 001176576 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\wx._core_.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000806400 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\wx._gdi_.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000077312 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\wx._html2.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000733184 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\wx._misc_.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000816128 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\wx._windows_.pyd
2021-09-18 13:47 - 2021-09-18 13:47 - 000123392 ____R () [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\wx._wizard.pyd
2013-11-30 17:31 - 2013-03-01 12:58 - 000130048 _____ (CodePlex Community) [File not signed] [File is in use] C:\Program Files (x86)\Intel\irstrt\Microsoft.Win32.TaskScheduler.dll
2013-05-08 11:48 - 2013-05-08 11:48 - 000286720 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel® Rapid Storage Technology\PsiData.dll
2013-05-08 11:48 - 2013-05-08 11:48 - 000531456 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel® Rapid Storage Technology\ISDI2.dll
2021-09-18 13:47 - 2021-09-18 13:47 - 002459648 ____R (Python Software Foundation) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\python27.dll
2020-12-01 01:14 - 2020-12-01 01:14 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Interop.dll
2021-09-18 13:47 - 2021-09-18 13:47 - 000155136 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\wxbase30u_net_vc90.dll
2021-09-18 13:47 - 2021-09-18 13:47 - 002030592 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\wxbase30u_vc90.dll
2021-09-18 13:47 - 2021-09-18 13:47 - 001251328 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\wxmsw30u_adv_vc90.dll
2021-09-18 13:47 - 2021-09-18 13:47 - 004796928 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\wxmsw30u_core_vc90.dll
2021-09-18 13:47 - 2021-09-18 13:47 - 000601088 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\wxmsw30u_html_vc90.dll
2021-09-18 13:47 - 2021-09-18 13:47 - 000110080 ____R (wxWidgets development team) [File not signed] C:\Users\krueg_000\AppData\Local\Temp\_MEI70882\wxmsw30u_webview_vc90.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2550471563-1257076527-2971406527-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2550471563-1257076527-2971406527-1001 -> {35FC2A43-F5D9-4230-9B23-9CF86E983675} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-12-30] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> c:\Program Files (x86)\Intel\iCLS Client\;c:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\Wallpaper_Murcielago_FINAL_RGB.JPG
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{4D6FF529-65B1-4EEE-A7BC-DE9ADBA57638}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{18E52869-B606-46D8-AC8F-8D128CCFC072}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{0D991AA9-6275-4A28-AA3A-0E18732E7702}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{7EDADB2E-F914-49C1-BDE3-CDFDF10077F6}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe => No File
FirewallRules: [{FA643C4D-640F-4AA2-96C8-DC6F23D7E4B6}] => (Allow) C:\Users\krueg_000\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => No File
FirewallRules: [{7278EF5F-C66E-4F0F-A7A2-9D0003B3C7DC}] => (Allow) LPort=1900
FirewallRules: [{C603BA3C-4F28-40E3-B056-690CEF786715}] => (Allow) LPort=2869
FirewallRules: [{BEAEC7A3-6D51-48F8-A692-647368DFDA34}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A263EB7C-08C3-4228-8069-5890870C37F7}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe => No File
FirewallRules: [{02F2E1B4-B01E-42AB-85C2-8EE63F1E3672}] => (Allow) C:\Users\krueg_000\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{43DBB600-8DE1-4D79-AC18-F345BA54F5B4}] => (Allow) C:\Users\krueg_000\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{71D82733-473E-4850-ABC0-42D43176E905}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{104A7931-80CD-4F3A-A790-42492EE06276}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F153C4CC-A65B-47A3-88FC-866126D07CB7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2774294A-AB11-403D-8813-8B2CF3E080D5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CF51200C-0103-4C68-9903-247A346BEC48}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled (Total:97.59 GB) (Free:55.08 GB) (56%)
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (09/18/2021 01:50:32 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (09/17/2021 06:41:45 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (09/15/2021 07:36:40 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (09/14/2021 10:13:12 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (09/13/2021 07:30:41 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (09/12/2021 08:27:20 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (09/07/2021 09:01:35 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (09/06/2021 11:47:37 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
 
System errors:
=============
Error: (09/18/2021 01:49:37 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (09/17/2021 11:45:34 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (09/17/2021 06:40:50 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (09/15/2021 07:35:47 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (09/14/2021 10:12:01 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (09/13/2021 08:35:03 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (09/13/2021 07:29:46 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (09/12/2021 11:30:56 PM) (Source: DCOM) (EventID: 10010) (User: KRUEGER)
Description: The server {5F7F3F7B-1177-4D4B-B1DB-BC6F671B8F25} did not register with DCOM within the required timeout.
 
 
Windows Defender:
================
Date: 2021-09-17 19:04:21
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-09-14 22:22:51
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-09-13 21:07:53
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-09-05 19:56:52
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-09-01 23:53:56
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-06-30 03:44:19
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.102.0
Previous security intelligence Version: 1.341.1630.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
 
Date: 2021-06-30 03:44:19
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.102.0
Previous security intelligence Version: 1.341.1630.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
 
Date: 2021-06-30 03:44:19
Description: 
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error Code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
 
Date: 2021-06-03 23:55:55
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.341.8.0
Previous security intelligence Version: 1.339.1902.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18200.4
Previous Engine Version: 1.1.18100.6
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
 
Date: 2021-06-03 23:55:55
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.341.8.0
Previous security intelligence Version: 1.339.1902.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18200.4
Previous Engine Version: 1.1.18100.6
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. A03 09/24/2013
Motherboard: Dell Inc. XPS 12-9Q33
Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 87%
Total physical RAM: 4001.53 MB
Available physical RAM: 497.16 MB
Total Virtual: 8865.53 MB
Available Virtual: 3736.63 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:97.59 GB) (Free:55.08 GB) NTFS
 
\\?\Volume{cf742fab-f09f-4736-91bb-4dc39fc37de5}\ (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.19 GB) NTFS
\\?\Volume{eb19c1b7-a563-4d78-9f8c-6cafb7d9bc70}\ () (Fixed) (Total:0.78 GB) (Free:0.32 GB) NTFS
\\?\Volume{04d08801-6d4e-43f3-8e94-29fa605bfd69}\ (PBR Image) (Fixed) (Total:11.75 GB) (Free:0.73 GB) NTFS
\\?\Volume{e0f46268-779d-42c6-8699-0972f1f05635}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 72E5F2E7)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 

 


  • 0

Advertisements

#2
DR M
Posted 18 September 2021 - 01:36 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hi, Krueg651.
 
Although you are not new here, please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
 
=======================================
 
Let's begin.
 
Here are my first comments/instructions regarding your logs:
 
1. Remove an app
 
Click on the Start button and find McAfee® Central for Dell. Right click and choose Uninstall.
 
 
2. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
SystemRestore: on
CreateRestorePoint:
CloseProcesses:
CHR Notifications: Profile 2 -> hxxps://besty-deals.com; hxxps://kokotrokot.com; hxxps://matrix-news.org; hxxps://matrixstar.net; hxxps://www.facebook.com; hxxps://www.webconsultas.com; hxxps://www1.news-back.org
Task: {000D7066-BE6D-4204-BAE6-C3E4B77DA02A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {15ACE092-13D6-45C4-8B34-AF0EB774017C} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {1DA3C42D-A8DE-4436-86D8-84F238EF7E49} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {204DB95F-E364-4C00-8E6F-73920F42073F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2F8BF9BF-58D1-4710-95AD-9E97641CD6BC} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {305A155F-C5E6-492B-BA66-F727A1B80C95} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {38293130-3792-46D6-8C05-45AC2C60836A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4BA2AB30-011A-492B-BF82-6A8F4EF15412} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {555CC8DA-CF40-4476-B125-B00CE91CD040} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {699D51B8-F9BF-4EF1-B66F-851F861D551D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {7F09F9AC-5149-4A84-B1EF-A1C674E68371} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A18158E8-A929-44BB-ABD6-92E3DD4DCF7E} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {B93AED90-7980-4E53-92E7-ED3704A7D5CE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {CD22E04C-F218-43FB-AF66-F58F067C4A6F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E17EEE6F-492E-4DD4-BC31-397D715F317A} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {FA77E5CF-EF89-4EE4-91CA-81FBABF91106} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
SearchScopes: HKU\S-1-5-21-2550471563-1257076527-2971406527-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2550471563-1257076527-2971406527-1001 -> {35FC2A43-F5D9-4230-9B23-9CF86E983675} URL = 
FirewallRules: [{18E52869-B606-46D8-AC8F-8D128CCFC072}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{0D991AA9-6275-4A28-AA3A-0E18732E7702}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{7EDADB2E-F914-49C1-BDE3-CDFDF10077F6}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe => No File
FirewallRules: [{FA643C4D-640F-4AA2-96C8-DC6F23D7E4B6}] => (Allow) C:\Users\krueg_000\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => No File
FirewallRules: [{A263EB7C-08C3-4228-8069-5890870C37F7}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe => No File
FirewallRules: [{43DBB600-8DE1-4D79-AC18-F345BA54F5B4}] => (Allow) C:\Users\krueg_000\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{71D82733-473E-4850-ABC0-42D43176E905}] => (Allow) C:\Program
C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg
EmptyTemp: 
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

3. Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

4. Run Malwarebytes (Scan mode)

  • Open Malwarebytes you have already installed. 
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
    • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
    • Find the report with the most recent date and double click on it.
    • Click on Export and then Copy to Clipboard.
    • Paste its content here, in your next reply 

 

In your next reply please post:

  1. The fixlog.txt
  2. The AdwCleaner[S0*].txt
  3. The Malwarebytes report

 

Note: Here it is almost 11 p.m., so I will be back to you tomorrow before noon (my time).


  • 0

#3
Krueg9651
Posted 18 September 2021 - 02:41 PM

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-09-2021
Ran by krueg_000 (18-09-2021 15:00:23) Run:1
Running from C:\Users\krueg_000\OneDrive\Desktop\Anti-virus gear
Loaded Profiles: krueg_000
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
SystemRestore: on
CreateRestorePoint:
CloseProcesses:
CHR Notifications: Profile 2 -> hxxps://besty-deals.com; hxxps://kokotrokot.com; hxxps://matrix-news.org; hxxps://matrixstar.net; hxxps://www.facebook.com; hxxps://www.webconsultas.com; hxxps://www1.news-back.org
Task: {000D7066-BE6D-4204-BAE6-C3E4B77DA02A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {15ACE092-13D6-45C4-8B34-AF0EB774017C} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {1DA3C42D-A8DE-4436-86D8-84F238EF7E49} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {204DB95F-E364-4C00-8E6F-73920F42073F} -
\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2F8BF9BF-58D1-4710-95AD-9E97641CD6BC} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {305A155F-C5E6-492B-BA66-F727A1B80C95} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {38293130-3792-46D6-8C05-45AC2C60836A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4BA2AB30-011A-492B-BF82-6A8F4EF15412} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {555CC8DA-CF40-4476-B125-B00CE91CD040} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {699D51B8-F9BF-4EF1-B66F-851F861D551D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {7F09F9AC-5149-4A84-B1EF-A1C674E68371} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <====
ATTENTION
Task: {A18158E8-A929-44BB-ABD6-92E3DD4DCF7E} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {B93AED90-7980-4E53-92E7-ED3704A7D5CE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {CD22E04C-F218-43FB-AF66-F58F067C4A6F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E17EEE6F-492E-4DD4-BC31-397D715F317A} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {FA77E5CF-EF89-4EE4-91CA-81FBABF91106} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 =>
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
SearchScopes: HKU\S-1-5-21-2550471563-1257076527-2971406527-1001 -> DefaultScope
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2550471563-1257076527-2971406527-1001 -> {35FC2A43-F5D9-4230-9B23-9CF86E983675} URL = 
FirewallRules: [{18E52869-B606-46D8-AC8F-8D128CCFC072}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{0D991AA9-6275-4A28-AA3A-0E18732E7702}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{7EDADB2E-F914-49C1-BDE3-CDFDF10077F6}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe => No File
FirewallRules: [{FA643C4D-640F-4AA2-96C8-DC6F23D7E4B6}] => (Allow) C:\Users\krueg_000\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => No File
FirewallRules: [{A263EB7C-08C3-4228-8069-5890870C37F7}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe => No File
FirewallRules: [{43DBB600-8DE1-4D79-AC18-F345BA54F5B4}] => (Allow)
C:\Users\krueg_000\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{71D82733-473E-4850-ABC0-42D43176E905}] => (Allow) C:\Program
C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg
EmptyTemp: 
 
*****************
 
SystemRestore: on => completed
Restore point was successfully created.
Processes closed successfully.
"Chrome Notifications" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{000D7066-BE6D-4204-BAE6-C3E4B77DA02A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{000D7066-BE6D-4204-BAE6-C3E4B77DA02A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15ACE092-13D6-45C4-8B34-AF0EB774017C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15ACE092-13D6-45C4-8B34-AF0EB774017C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DA3C42D-A8DE-4436-86D8-84F238EF7E49}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DA3C42D-A8DE-4436-86D8-84F238EF7E49}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Task: {204DB95F-E364-4C00-8E6F-73920F42073F} -" => not found
\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F8BF9BF-58D1-4710-95AD-9E97641CD6BC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F8BF9BF-58D1-4710-95AD-9E97641CD6BC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{305A155F-C5E6-492B-BA66-F727A1B80C95}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{305A155F-C5E6-492B-BA66-F727A1B80C95}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38293130-3792-46D6-8C05-45AC2C60836A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38293130-3792-46D6-8C05-45AC2C60836A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BA2AB30-011A-492B-BF82-6A8F4EF15412}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BA2AB30-011A-492B-BF82-6A8F4EF15412}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{555CC8DA-CF40-4476-B125-B00CE91CD040}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{555CC8DA-CF40-4476-B125-B00CE91CD040}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{699D51B8-F9BF-4EF1-B66F-851F861D551D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{699D51B8-F9BF-4EF1-B66F-851F861D551D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F09F9AC-5149-4A84-B1EF-A1C674E68371}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F09F9AC-5149-4A84-B1EF-A1C674E68371}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
ATTENTION => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A18158E8-A929-44BB-ABD6-92E3DD4DCF7E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A18158E8-A929-44BB-ABD6-92E3DD4DCF7E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B93AED90-7980-4E53-92E7-ED3704A7D5CE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B93AED90-7980-4E53-92E7-ED3704A7D5CE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD22E04C-F218-43FB-AF66-F58F067C4A6F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD22E04C-F218-43FB-AF66-F58F067C4A6F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E17EEE6F-492E-4DD4-BC31-397D715F317A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E17EEE6F-492E-4DD4-BC31-397D715F317A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FA77E5CF-EF89-4EE4-91CA-81FBABF91106}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA77E5CF-EF89-4EE4-91CA-81FBABF91106}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]" => not found
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\[email protected]" => removed successfully
HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10 => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{35FC2A43-F5D9-4230-9B23-9CF86E983675} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{18E52869-B606-46D8-AC8F-8D128CCFC072}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0D991AA9-6275-4A28-AA3A-0E18732E7702}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7EDADB2E-F914-49C1-BDE3-CDFDF10077F6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA643C4D-640F-4AA2-96C8-DC6F23D7E4B6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A263EB7C-08C3-4228-8069-5890870C37F7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{43DBB600-8DE1-4D79-AC18-F345BA54F5B4}" => removed successfully
"C:\Users\krueg_000\AppData\Roaming\Zoom\bin\airhost.exe => No File" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71D82733-473E-4850-ABC0-42D43176E905}" => removed successfully
C:\Users\krueg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 50434631 B
Java, Flash, Steam htmlcache => 19474 B
Windows/system/drivers => 9432153 B
Edge => 1610840 B
Chrome => 2073946691 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 300622 B
krueg_000 => 50289524 B
 
RecycleBin => 1511854 B
EmptyTemp: => 2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 15:04:09 ====
 
# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-09-09.1 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    09-18-2021
# Duration: 00:00:09
# OS:       Windows 10 Home
# Scanned:  31994
# Detected: 31
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cmptch.com
PUP.Optional.Legacy             HKCU\Software\OB
PUP.Optional.Legacy             HKLM\Software\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
PUP.Optional.SearchProtect.AppFlsh HKCU\Software\SearchProtectWS
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
Preinstalled.DellDigitalDelivery   Folder   C:\Program Files (x86)\DELL DIGITAL DELIVERY 
Preinstalled.DellDigitalDelivery   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{03A9F528-A754-460F-B2C1-AC125A147114} 
Preinstalled.DellQuickset   Folder   C:\Program Files\DELL\QUICKSET 
Preinstalled.DellQuickset   Folder   C:\ProgramData\DELL\QUICKSET 
Preinstalled.DellQuickset   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|QuickSet 
Preinstalled.DellQuickset   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Run|QuickSet 
Preinstalled.DellQuickset   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{87CF757E-C1F1-4D22-865C-00C6950B5258} 
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files (x86)\DELL\SUPPORTASSISTAGENT 
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\AUDIT 
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\PLUGIN 
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SUPPORTASSISTAGENT 
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\SUPPORTASSIST 
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT 
Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7415C419-F73C-4070-83B7-8C1D1B61544B}  
Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7415C419-F73C-4070-83B7-8C1D1B61544B}  
Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate 
Preinstalled.DellSupportAssistAgent   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{3ED468C2-2235-4747-90AD-A7A34F0FE70A} 
Preinstalled.DellSupportAssistAgent   Task   C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE 
Preinstalled.DellSupportCenter   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0090A87C-3E0E-43D4-AA71-A71B06563A4A} 
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATE 
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE 
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATE 
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE 
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\UPDATE 
Preinstalled.DellUpdateforWindows10   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD} 
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 9/18/21
Scan Time: 3:30 PM
Log File: 4075a610-18bf-11ec-9fce-5c514f718008.json
 
-Software Information-
Version: 4.4.6.132
Components Version: 1.0.1453
Update Package Version: 1.0.45082
License: Trial
 
-System Information-
OS: Windows 10 (Build 19042.1237)
CPU: x64
File System: NTFS
User: Krueger\krueg_000
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 323215
Threats Detected: 9
Threats Quarantined: 0
Time Elapsed: 6 min, 5 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 4
PUP.Optional.SearchProtect.AppFlsh, HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\SOFTWARE\SearchProtectWS, No Action By User, 1673, 253640, 1.0.45082, , ame, , , 
PUP.Optional.OutBrowse, HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\SOFTWARE\OB, No Action By User, 596, 241463, 1.0.45082, , ame, , , 
PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Update focusbase, No Action By User, 27, 253983, 1.0.45082, , ame, , , 
PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Util focusbase, No Action By User, 27, 253983, 1.0.45082, , ame, , , 
 
Registry Value: 4
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, No Action By User, 1673, -1, 0.0.0, , action, , , 
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, No Action By User, 1673, -1, 0.0.0, , action, , , 
PUP.Optional.OutBrowse, HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\SOFTWARE\OB|MONITYPE2, No Action By User, 596, 241463, 1.0.45082, , ame, , , 
PUP.Optional.OutBrowse, HKU\S-1-5-21-2550471563-1257076527-2971406527-1001\SOFTWARE\OB|MONITYPE3, No Action By User, 596, 241463, 1.0.45082, , ame, , , 
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
PUP.Optional.PushNotifications, C:\USERS\KRUEG_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Preferences, No Action By User, 203, 958716, 1.0.45082, , ame, , F04CFD88FFF14A6ED280DF3928143F75, 1962D67BF00C48DD0F589954A964E7781976D3B8FD7EFAF0A32919087E31C5F4
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)

  • 0

#4
DR M
Posted 19 September 2021 - 02:33 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hi, Krueg9651.
 
Several things were detected. Let's clean.


1. AdwCleaner (Clean mode)

Let me explain to you the log created by AdwCleaner:

The findings in the Registry part of the log, are PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I do not keep programs I don't use/need. But it is your computer, so your decision. 
 
To proceed, please do the following:

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

 

2. Run Malwarebytes (Clean mode)

  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

3. Fresh FRST logs

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

 

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)

 

 

In your next reply, please post:

  1. The AdwCleaner[C0*].txt
  2. The Malwarebytes report
  3. The fresh FRST logs, FRST and Addition.txt (attached)
  4. Feedback: How is the computer running now? 

  • 0

#5
Krueg9651
Posted 19 September 2021 - 01:06 PM

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-09-09.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    09-19-2021
# Duration: 00:00:07
# OS:       Windows 10 Home
# Cleaned:  31
# Awaiting reboot:4
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
No malicious folders cleaned.
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cmptch.com
Deleted       HKCU\Software\OB
Deleted       HKCU\Software\SearchProtectWS
Deleted       HKLM\Software\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Deleted       HKLM\Software\Wow6432Node\\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries cleaned.
 
***** [ Preinstalled Software ] *****
 
Deleted       Preinstalled.DellDigitalDelivery   Folder   C:\Program Files (x86)\DELL DIGITAL DELIVERY
Deleted       Preinstalled.DellDigitalDelivery   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{03A9F528-A754-460F-B2C1-AC125A147114}
Deleted       Preinstalled.DellQuickset   Folder   C:\Program Files\DELL\QUICKSET
Deleted       Preinstalled.DellQuickset   Folder   C:\ProgramData\DELL\QUICKSET
Deleted       Preinstalled.DellQuickset   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|QuickSet
Deleted       Preinstalled.DellQuickset   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Run|QuickSet
Deleted       Preinstalled.DellQuickset   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{87CF757E-C1F1-4D22-865C-00C6950B5258}
Deleted       Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files (x86)\DELL\SUPPORTASSISTAGENT
Deleted       Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\AUDIT
Deleted       Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\SUPPORTASSIST
Deleted       Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT
Deleted       Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7415C419-F73C-4070-83B7-8C1D1B61544B} 
Deleted       Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7415C419-F73C-4070-83B7-8C1D1B61544B} 
Deleted       Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
Deleted       Preinstalled.DellSupportAssistAgent   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}
Deleted       Preinstalled.DellSupportAssistAgent   Task   C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
Deleted       Preinstalled.DellSupportCenter   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0090A87C-3E0E-43D4-AA71-A71B06563A4A}
Deleted       Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATE
Deleted       Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATE
Deleted       Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\UPDATE
Deleted       Preinstalled.DellUpdateforWindows10   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}
Needs Reboot  Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Needs Reboot  Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SUPPORTASSISTAGENT
Needs Reboot  Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE
Needs Reboot  Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
***** Reboot Required to Complete *****
 
 
***** [ Folders ] *****
 
Cleaning failed   C:\Program Files (x86)\DELL\UPDATESERVICE
Cleaning failed   C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Cleaning failed   C:\Program Files\DELL\SUPPORTASSISTAGENT
Cleaning failed   C:\ProgramData\DELL\UPDATESERVICE
 
*************************
 
AdwCleaner[S00].txt - [4744 octets] - [18/09/2021 15:14:50]
AdwCleaner[S01].txt - [4805 octets] - [19/09/2021 13:38:37]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 9/19/21
Scan Time: 1:46 PM
Log File: f65f14d8-1979-11ec-9c24-5c514f718008.json
 
-Software Information-
Version: 4.4.6.132
Components Version: 1.0.1453
Update Package Version: 1.0.45124
License: Trial
 
-System Information-
OS: Windows 10 (Build 19042.1237)
CPU: x64
File System: NTFS
User: Krueger\krueg_000
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 323014
Threats Detected: 3
Threats Quarantined: 3
Time Elapsed: 4 min, 10 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 2
PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Update focusbase, Quarantined, 27, 253983, 1.0.45124, , ame, , , 
PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Util focusbase, Quarantined, 27, 253983, 1.0.45124, , ame, , , 
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
PUP.Optional.PushNotifications, C:\USERS\KRUEG_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Preferences, Replaced, 203, 958716, 1.0.45124, , ame, , F04CFD88FFF14A6ED280DF3928143F75, 1962D67BF00C48DD0F589954A964E7781976D3B8FD7EFAF0A32919087E31C5F4
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 

Attached Files


  • 0

#6
DR M
Posted 19 September 2021 - 01:11 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Are you still getting pop-ups?

 

As for the logs, I'll review them tomorrow. 


  • 0

#7
Krueg9651
Posted 19 September 2021 - 01:26 PM

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts

I am not!!!  :spoton:   And sounds good, thank you!!


  • 0

#8
DR M
Posted 20 September 2021 - 07:55 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hello.
 
Glad to hear that the pop-ups stopped appearing. :)
 
Let's continue:
 
 
1. Uninstall programs

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs in the list:
Dell SupportAssist 
Dell SupportAssist OS Recovery Plugin for Dell Update
  • Select the above programs, one by one, and click Uninstall.
  • Restart the computer.

 

2. Uninstall apps

  • Click on the Start button and find the following apps: 
    Dell | Getting Started with Windows 8 
Dell Shop 
Dell SupportAssist for Home PCs
  • Right click on each one and select uninstall.

 

3. Uninstall Chrome extension
 
If you don't need/use Bomgar Remote Support (Chrome extension), please uninstall it.

  • Open Chrome.
  • At the top right choose More (the three vertical dots) > More Tools > Extensions
  • Find Bomgar Remote Support, and remove it, clicking on Remove.
  • Confirm the action by clicking Remove once again.

 

4. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
Task: {204DB95F-E364-4C00-8E6F-73920F42073F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
S2 DellDigitalDelivery; "c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [X]
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe [1020584 2021-07-28] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39968 2021-08-20] (Dell Inc -> Dell Inc.)
C:\Program Files\Dell\SupportAssistAgent
EmptyTemp: 
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

In your next reply please post:

  • The fixlog.txt
  • If everything regarding uninstalls went fine
  • Any remaining issue/question/concern

  • 0

#9
Krueg9651
Posted 21 September 2021 - 08:16 PM

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts

1.  Here is my Fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-09-2021
Ran by krueg_000 (21-09-2021 21:07:28) Run:2
Running from C:\Users\krueg_000\OneDrive\Desktop\Anti-virus gear
Loaded Profiles: krueg_000
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Task: {204DB95F-E364-4C00-8E6F-73920F42073F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
S2 DellDigitalDelivery; "c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [X]
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe [1020584 2021-07-28] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39968 2021-08-20] (Dell Inc -> Dell Inc.)
C:\Program Files\Dell\SupportAssistAgent
EmptyTemp: 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{204DB95F-E364-4C00-8E6F-73920F42073F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{204DB95F-E364-4C00-8E6F-73920F42073F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
HKLM\System\CurrentControlSet\Services\DellDigitalDelivery => removed successfully
DellDigitalDelivery => service removed successfully
Dell Hardware Support => service not found.
SupportAssistAgent => service not found.
"C:\Program Files\Dell\SupportAssistAgent" => not found
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16893655 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 750369 B
Edge => 0 B
Chrome => 133498891 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7262 B
NetworkService => 18580 B
krueg_000 => 96898169 B
 
RecycleBin => 0 B
EmptyTemp: => 246.8 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 21:08:25 ====
 
2. I was able to uninstall and remove everything BUT Bomgar Remote support.  I have attached what I see from my screen (it won't even let me remove it).  However, I think this has to do with when I'm logged into my work account that is connected to Google because when I log in with my personal Google account, there is no Bomgar option at all in the extensions.  In fact, when I logged onto my actual work computer under my work account, the same extension is on my work computer and it won't let me remove either.
 
Other than that, so far so good!  No problems here or concerns at moment!!!!  Thank you so much so far for everything you have done!!!!!!!!!!!!!!!

Attached Thumbnails

  • no remove option.JPG

  • 0

#10
DR M
Posted 22 September 2021 - 01:31 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hello.

 

Bomgar extension is installed in Google Profile 2. No such an extension in the other Google profiles you have. 

 

Check there and let me know if you can remove it.

 

There is a possibility for the extension to be there as a part of your work's tools.


  • 0

Advertisements

#11
DR M
Posted 25 September 2021 - 05:51 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hi, Krueg9651.

 

Any news here?


  • 0

#12
Krueg9651
Posted 25 September 2021 - 11:17 AM

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
Hello, my apologies for the delayed response. It will not let me remove it and it is definitely a work extension because when i am logged in as Krueger303 (personal account) it does not show up but under my work account (both computers I use) it shows up for both

Edited by Krueg9651, 25 September 2021 - 11:19 AM.

  • 0

#13
DR M
Posted 25 September 2021 - 12:41 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

That's OK.

To ensure that everything is clean, please do the following:

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

  • 0

#14
Krueg9651
Posted 25 September 2021 - 09:09 PM

Krueg9651

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
9/25/2021 22:06:59 PM
Files scanned: 405750
Detected files: 23
Cleaned files: 23
Total scan time 01:22:25
Scan status: Finished
 
 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html.vir Win32/Conduit.SearchProtect.AW potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js.vir JS/Conduit.SearchProtect.E potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js.vir JS/Conduit.SearchProtect.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js.vir JS/Conduit.SearchProtect.I potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html.vir Win32/Conduit.SearchProtect.AZ potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js.vir JS/Conduit.SearchProtect.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html.vir Win32/Conduit.SearchProtect.AZ potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js.vir JS/Conduit.SearchProtect.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html.vir Win32/Conduit.SearchProtect.AR potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js.vir JS/Conduit.SearchProtect.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html.vir Win32/Conduit.SearchProtect.AN potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js.vir JS/Conduit.SearchProtect.D potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\settings.html.vir Win32/Conduit.SearchProtect.AQ potentially unwanted application cleaned by deleting

  • 0

#15
DR M
Posted 26 September 2021 - 01:35 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hello.

 

How is the computer running now?

 

Any remaining issues/questions/concerns?


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP