[scewter]

Did that as well. Not there either.

 

The only thing in that folder are the scan logs I created (FRST and Addition) before starting this thread.

[Advertisements]

You downloaded FRST, but have you run the fixlist as instructed here: http://www.geekstogo...a/#entry2663379 ?

[DR M]

You downloaded FRST, but have you run the fixlist as instructed here: http://www.geekstogo...a/#entry2663379 ?

[scewter]

Ok...

 

as I read the instructions - copied below. Pretty sure I did all of this, and in the Safe Mode. It indicated it created a log of the Fix, and that I would find it after the computer restarted, only I cannot find it now.

 

Should I try it again?

 

• Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere."
• Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your Desktop.

[DR M]

Yes, please. Try once more. 

 

If it fails, I will give new a new set of instructions. 

[scewter]

Still in the Safe Mode?

[DR M]

Still in the Safe Mode?

 

You said that the tool couldn't run in normal mode. That's why we are trying to run it in Safe mode. 

[scewter]

The tool didn't run in either mode, and as you figured out looking at the icon on the desktop, was probably due to a corrupt download.

 

I downloaded a second time when you pointed this out, the desktop displayed the appropriate looking icon and then it appeared to work - except for the fixlog.txt thing.

 

Me thinks it will work in the normal mode now that I have an uncorrupted version of FRST.

 

Your call.

[DR M]

Please run the fix in Safe mode and let me know the result. 

[scewter]

Done, in the Safe Mode. Results were the same as last time.

 

Here's a screen shot of the results after the scan. I must be doing something wrong?

 

 

Btw, here's the Fixlog.txt I mentioned earlier - caution: pretty sure this is not the results from this last attempt as I look at the date/time and the boot mode. Only included here for your info. Have no idea where this came from - possibly the corrupted version of FRST?

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-01-2022

Ran by scodo (04-02-2022 05:56:05) Run:2

Running from C:\Users\scodo\OneDrive\Desktop

Loaded Profiles: scodo

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

CreateRestorePoint:

CloseProcesses:

AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}

ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2021-03-25] (IObit Information Technology -> IObit)

ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2021-03-25] (IObit Information Technology -> IObit)

ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2021-03-25] (IObit Information Technology -> IObit)

SearchScopes: HKU\S-1-5-21-2087068202-1813543609-1746243882-1002 -> DefaultScope {207C416D-9F08-4EA0-A815-7DD0E992EC54} URL = 

SearchScopes: HKU\S-1-5-21-2087068202-1813543609-1746243882-1002 -> {207C416D-9F08-4EA0-A815-7DD0E992EC54} URL = 

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch (No File)

HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\...\Policies\Explorer: [NolowDiskSpaceChecks] 1

HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\...\MountPoints2: {61fccc5d-8a59-11eb-b98b-004e01b3ca92} - "E:\LaunchU3.exe" -a

Task: {360AD7A3-F7D9-41B2-BF90-0B00E98B76F8} - System32\Tasks\SU_AutoUpdate => C:\Program Files (x86)\IObit\Software Updater\SoftwareUpdater.exe [4518936 2021-04-25] (IObit CO., LTD -> IObit)

Task: {6914382D-E063-4398-8E0F-AB6E70342128} - System32\Tasks\ASC_SkipUac_scodo => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe /SkipUac (No File)

Task: {803AED5A-A644-489F-A6BB-459D4BBCEAC4} - System32\Tasks\ASC_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe /Task (No File)

Task: {CFA0FF18-A828-4765-B758-C0A45CE11706} - System32\Tasks\Software Updater Scheduler => C:\Program Files (x86)\IObit\Software Updater\SUInit.exe [1794584 2021-04-14] (IObit CO., LTD -> IObit) <==== ATTENTION

Task: {EFB1CC11-9B04-4E02-B5B2-801BD3743A0C} - System32\Tasks\Software Updater SkipUAC(scodo) => C:\Program Files (x86)\IObit\Software Updater\SoftwareUpdater.exe [4518936 2021-04-25] (IObit CO., LTD -> IObit) <==== ATTENTION

Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]

Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]

Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]

Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]

CHR Notifications: Default -> hxxps://bestfaustcaptcha.top; hxxps://robynbauder.securefilepro.com

CHR HomePage: Default -> hxxps://192.168.1.1/login?redirect=%2F

C:\Program Files (x86)\IObit\Advanced SystemCare

C:\Program Files (x86)\IObit\Software Updater

DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2

EmptyTemp: 

 

*****************

 

Restore point was successfully created.

Processes closed successfully.

AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC} => Error: No automatic fix found for this entry.

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Advanced SystemCare => not found

HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Advanced SystemCare => not found

HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Advanced SystemCare => not found

"HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => not found

HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{207C416D-9F08-4EA0-A815-7DD0E992EC54} => not found

"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Logitech Download Assistant" => not found

"HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NolowDiskSpaceChecks" => not found

HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61fccc5d-8a59-11eb-b98b-004e01b3ca92} => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{360AD7A3-F7D9-41B2-BF90-0B00E98B76F8}" => not found

"C:\WINDOWS\System32\Tasks\SU_AutoUpdate" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SU_AutoUpdate" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6914382D-E063-4398-8E0F-AB6E70342128}" => not found

"C:\WINDOWS\System32\Tasks\ASC_SkipUac_scodo" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC_SkipUac_scodo" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{803AED5A-A644-489F-A6BB-459D4BBCEAC4}" => not found

"C:\WINDOWS\System32\Tasks\ASC_PerformanceMonitor" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC_PerformanceMonitor" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFA0FF18-A828-4765-B758-C0A45CE11706}" => not found

"C:\WINDOWS\System32\Tasks\Software Updater Scheduler" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater Scheduler" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFB1CC11-9B04-4E02-B5B2-801BD3743A0C}" => not found

"C:\WINDOWS\System32\Tasks\Software Updater SkipUAC(scodo)" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater SkipUAC(scodo)" => not found

HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => not found

HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => not found

HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => not found

HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => not found

"Chrome Notifications:" => not found

"Chrome HomePage" => removed successfully

"C:\Program Files (x86)\IObit\Advanced SystemCare" => not found

"C:\Program Files (x86)\IObit\Software Updater" => not found

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => removed successfully

 

=========== EmptyTemp: ==========

 

BITS transfer queue => 786432 B

 

[DR M]

Whatever has happened, the fix ran twice, that's why the Not found indications. 

 

You can now move to the next steps (4 and 5) here: http://www.geekstogo...a/#entry2663379

 

Do the above in normal mode. 

[scewter]

Ok.

 

I'll get back to this tonite or early tomorrow as I've got errands to run.

 

Glad we were able to get past that step.

 

thnx for your patience.

[DR M]

Thanks for letting me know. I will be here.

[scewter]

AdwCleaner scan results:

 

# -------------------------------

# Malwarebytes AdwCleaner 8.3.1.0

# -------------------------------

# Build:    11-18-2021

# Database: 2022-02-03.4 (Cloud)

# Support:  https://www.malwarebytes.com/support

#

# -------------------------------

# Mode: Scan

# -------------------------------

# Start:    02-05-2022

# Duration: 00:00:04

# OS:       Windows 10 Home

# Scanned:  32014

# Detected: 26

 

 

***** [ Services ] *****

 

No malicious services found.

 

***** [ Folders ] *****

 

PUP.Optional.AdvancedSystemCare C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare

 

***** [ Files ] *****

 

No malicious files found.

 

***** [ DLL ] *****

 

No malicious DLLs found.

 

***** [ WMI ] *****

 

No malicious WMI found.

 

***** [ Shortcuts ] *****

 

No malicious shortcuts found.

 

***** [ Tasks ] *****

 

No malicious tasks found.

 

***** [ Registry ] *****

 

PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare

PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare

PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}

PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}

PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IOBIT\ASC

PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\Advanced SystemCare

PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\RealTimeProtector

PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}

PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}

PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com

PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com

 

***** [ Chromium (and derivatives) ] *****

 

No malicious Chromium entries found.

 

***** [ Chromium URLs ] *****

 

No malicious Chromium URLs found.

 

***** [ Firefox (and derivatives) ] *****

 

No malicious Firefox entries found.

 

***** [ Firefox URLs ] *****

 

No malicious Firefox URLs found.

 

***** [ Hosts File Entries ] *****

 

No malicious hosts file entries found.

 

***** [ Preinstalled Software ] *****

 

Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\AGENT 

Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\AUDIT 

Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\PLUGIN 

Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SUPPORTASSISTAGENT 

Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SAREMEDIATION\AGENT 

Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SAREMEDIATION\PLUGIN 

Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT 

Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68BC6866-95BE-4BB8-AED8-281F9617FDA1}  

Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68BC6866-95BE-4BB8-AED8-281F9617FDA1}  

Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate 

Preinstalled.DellSupportAssistAgent   Task   C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE 

Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE 

Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files\DELL\UPDATE 

Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE 

 

 

 

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

[DR M]

Very good, Scewter.

 

Let's see Malwarebytes' report as well.

 

When I have both the reports, I will give you instructions to clean the detected items. 

[scewter]

Been working on the Malwarebytes scan - but run into some difficulty. The directions you posted do not follow what I have installed. Here're couple of screen shots that better explain what I'm referring to.