Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help getting started checking laptop for malware [Solved]

Started by triedeverything , Apr 12 2023 05:27 AM
help malware spyware

  • This topic is locked This topic is locked

#1
triedeverything
Posted 12 April 2023 - 05:27 AM

triedeverything

    Member

  • Member
  • PipPip
  • 31 posts
Geekstogo help me many years back on my brothers issue. Now I need help checking my laptop & possibly phone for issues.
 
Problem started 4/8/23 gmail was hacked and security questions changed to usb plugin key so pw gmail recovery is useless.
 
I've written the gmail & related YouTube off but would like help checking the laptop & smartphone android for issues. 
 
I've run Norton which found pua.superfluss & says it's now fully resolved. 
 
I know years ago with my brothers issue I was given a step by step on this forum. 
 
I'm now asking for help for myself.
 
Thank you.


Update...
I had to use my phone to get back to this page. When I click back to forums on the laptop I'm now getting this message.....


This page isnt working right nowwww.geekstogo.com redirected you too many times.
To fix this issue, try clearing your cookies.
ERR_TOO_MANY_REDIRECTS

I cleared cookies and restarted laptop but did not correct issue.

Also this shows in the url bar comes up
Not Secure | http (gtg addy)

Also I have Windows 11 on laptop

Edited by triedeverything, 12 April 2023 - 10:07 AM.

  • 0

Advertisements

#2
DR M
Posted 14 April 2023 - 08:10 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,109 posts

Hello.
 
The error you are getting when you try to enter the Forum, unfortunately is due to Forum's settings. Try to use Firefox if you have it installed.
 
In order to check the computer, please do the following:

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

  • 0

#3
triedeverything
Posted 14 April 2023 - 11:58 AM

triedeverything

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Hi, Thanks firefox works perfect on the forum. Here are the logs.....         Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-04-2023
Ran by keure (administrator) on LAPTOP-EUSAIEC4 (HP HP Laptop 17-by3xxx) (14-04-2023 13:51:38)
Running from C:\Users\keure\Downloads\FRST64.exe
Loaded Profiles: keure
Platform: Microsoft Windows 11 Home Version 22H2 22621.1555 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(C:\Program Files\CyberGhost 8\Dashboard.exe ->) (The CefSharp Authors) [File not signed] C:\Program Files\CyberGhost 8\Data\Cef\x64\CefSharp.BrowserSubprocess.exe <4>
(C:\Program Files\WindowsApps\MicrosoftTeams_23062.1103.1944.2725_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\112.0.1722.34\msedgewebview2.exe <6>
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.8900.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\112.0.1722.39\msedgewebview2.exe <6>
(DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d04f01dd16ecf753\x64\NetworkCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d04f01dd16ecf753\x64\BridgeCommunication.exe <3>
(ED346674-0FA1-4272-85CE-3187C9C86E26 -> ) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.2.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(explorer.exe ->) (CyberGhost S.R.L. -> CyberGhost S.R.L.) C:\Program Files\CyberGhost 8\Dashboard.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(services.exe ->) (CyberGhost S.R.L. -> CyberGhost S.R.L.) C:\Program Files\CyberGhost 8\Dashboard.Service.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_f23fc423d26e5d79\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d04f01dd16ecf753\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d04f01dd16ecf753\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d04f01dd16ecf753\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d04f01dd16ecf753\x64\SysInfoCap.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_e3868713e3d137ef\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ba273d0ffb93e225\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_9ea30e7f88626f47\igfxCUIServiceN.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_caa7639078e34732\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_6ce565ec54103c62\IntelCpHDCPSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (NortonLifeLock Inc. -> NortonLifelock Inc.) C:\Program Files\Norton Security\Engine\22.23.3.8\NortonSecurity.exe <2>
(services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.23.3.8\nsWscSvc.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9971779a1c712866\RtkAudUService64.exe <2>
(services.exe ->) (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\IAS\IntelAudioService.exe
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(svchost.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> ) C:\Program Files\WindowsApps\AD2F1837.HPJumpStarts_1.10.1627.0_x64__v10z8vjag6ke6\HP.JumpStarts.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23022.140.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.8900.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9971779a1c712866\RtkAudUService64.exe [1201968 2020-10-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\112.0.1722.39\Installer\setup.exe [4007824 2023-04-12] (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-2121040479-1795906117-1526335761-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe [536152 2022-08-14] (HP Inc. -> HP Inc.)
HKU\S-1-5-21-2121040479-1795906117-1526335761-1001\...\Run: [MicrosoftEdgeAutoLaunch_22A879BC82F7E2804248DED0BC0778BD] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4139936 2023-04-10] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2121040479-1795906117-1526335761-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 8\Dashboard.exe [1387216 2023-04-11] (CyberGhost S.R.L. -> CyberGhost S.R.L.)
HKU\S-1-5-21-2121040479-1795906117-1526335761-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\keure\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2121040479-1795906117-1526335761-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\keure\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2121040479-1795906117-1526335761-1001\...\RunOnce: [Uninstall 23.061.0319.0003] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\keure\AppData\Local\Microsoft\OneDrive\23.061.0319.0003" (No File)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {014FE939-D3E4-474D-AF8A-78626FBD14C4} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.23.3.8\WSCStub.exe [646520 2023-03-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {02131EE8-4856-4F7E-8E87-0B234447ECF0} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [58832 2023-04-07] (HP Inc. -> HP Inc.)
Task: {0624023B-CC8D-4408-A7F3-792F3582F722} - System32\Tasks\Norton AntiVirus Plus\Norton AntiVirus Error Processor => C:\Program Files\Norton Security\Engine\22.23.3.8\SymErr.exe [379024 2023-03-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {0A57F285-075E-43B3-8F67-E1E5A3A234A6} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery Reboot (No File)
Task: {32767B46-350A-43B0-9764-581D137239F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [847392 2023-04-04] (HP Inc. -> HP Inc.)
Task: {41059A9A-BB9A-47CF-803A-696E27464A08} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26409896 2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {4D4EB86F-D698-4BAE-966D-6EC1747D9DC9} - System32\Tasks\HP\Consent Manager Launcher => sc start hptouchpointanalyticsservice
Task: {5D983299-8EEC-4351-93C8-923E0FDB6679} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => C:\WINDOWS\system32\MusNotification.exe Display (No File)
Task: {7628F47C-F9D7-4878-B895-B3488AFA6B7D} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC Reboot (No File)
Task: {7EC8B831-2ADF-4437-AD7B-A1115511349C} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton AntiVirus\Upgrade.exe [2353000 2023-03-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {7FFD35FE-33C9-4928-84D0-51E73E54C18E} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [677280 2023-04-06] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {832A1B1B-B1E4-4002-86D9-3BAD55A1AF69} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => C:\WINDOWS\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {96EB41FF-8FC5-4FA6-A511-F0B1131AE692} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144264 2023-04-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {99E467EA-8600-4BFB-ADF8-E4FC3261D741} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168840 2023-04-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {9A4A40C4-F9F0-4F8B-B933-22C79C3F4EFF} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144264 2023-04-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {A34367E7-D6C2-423C-BD7A-1387337DAD35} - System32\Tasks\Norton AntiVirus Plus\Norton AntiVirus Autofix => C:\Program Files\Norton Security\Engine\22.23.3.8\SymErr.exe [379024 2023-03-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {B75A975C-7CA9-4D90-AC56-968EE3B17A5C} - System32\Tasks\Norton AntiVirus Plus\Norton AntiVirus Error Analyzer => C:\Program Files\Norton Security\Engine\22.23.3.8\SymErr.exe [379024 2023-03-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {B8CD119F-4338-40E3-8303-DAE2E24F54B8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1135128 2023-04-04] (HP Inc. -> HP Inc.)
Task: {BA5AC586-8451-491C-880A-486550D8BBE8} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
Task: {C0D2AB9E-0922-4541-B0D5-644C07E90EF2} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [718752 2023-04-06] (Mozilla Corporation -> Mozilla Foundation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {CF0D5C4E-7D6B-4089-B46B-AD80C23D7030} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26409896 2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {DE3A4F65-08DB-4565-9E59-681FCAC0AD17} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [58832 2023-04-07] (HP Inc. -> HP Inc.)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (No File)
Task: {ED63FFBF-67C0-472F-9889-421D2FC0235F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1135128 2023-04-04] (HP Inc. -> HP Inc.)
Task: {F6C692D1-68E8-4C04-9BE2-D0AF26991D41} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2023-04-04] (HP Inc. -> HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1
Tcpip\..\Interfaces\{b4d83192-fdbf-4677-a616-772fc7508419}: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\keure\AppData\Local\Microsoft\Edge\User Data\Default [2023-04-14]
Edge Extension: (Edge relevant text changes) - C:\Users\keure\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-04-13]

FireFox:
========
FF DefaultProfile: 1bmwf9u2.default
FF ProfilePath: C:\Users\keure\AppData\Roaming\Mozilla\Firefox\Profiles\1bmwf9u2.default [2023-04-14]
FF ProfilePath: C:\Users\keure\AppData\Roaming\Mozilla\Firefox\Profiles\r7yyo929.default-release [2023-04-14]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12634544 2023-04-05] (Microsoft Corporation -> Microsoft Corporation)
R2 CyberGhost8Service; C:\Program Files\CyberGhost 8\Dashboard.Service.exe [69840 2023-04-11] (CyberGhost S.R.L. -> CyberGhost S.R.L.)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d04f01dd16ecf753\x64\AppHelperCap.exe [858064 2023-02-28] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d04f01dd16ecf753\x64\DiagsCap.exe [857032 2023-02-28] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d04f01dd16ecf753\x64\NetworkCap.exe [853920 2023-02-28] (HP Inc. -> HP Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [229328 2023-04-07] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d04f01dd16ecf753\x64\SysInfoCap.exe [857032 2023-02-28] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_f23fc423d26e5d79\x64\TouchpointAnalyticsClientService.exe [493712 2022-12-19] (HP Inc. -> HP Inc.)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.23.3.8\NortonSecurity.exe [344888 2023-03-24] (NortonLifeLock Inc. -> NortonLifelock Inc.)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.23.3.8\nsWscSvc.exe [1059176 2023-03-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\NisSrv.exe [3224328 2023-03-27] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MsMpEng.exe [133544 2023-03-27] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AmUStor; C:\WINDOWS\system32\drivers\AmUStorU.sys [143904 2020-05-12] (Alcorlink Corp. -> )
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.23.3.8\Definitions\BASHDefs\20230413.001\BHDrvx64.sys [1696736 2023-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1617030.008\ccSetx64.sys [198280 2023-03-24] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [527832 2022-09-19] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [159720 2023-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-16] (HP Inc. -> HP Inc.)
R3 iaLPSS2_GPIO2_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_icl.inf_amd64_90beccc7e046abab\iaLPSS2_GPIO2_ICL.sys [132872 2020-04-27] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_icl.inf_amd64_c8c0638291b9b209\iaLPSS2_I2C_ICL.sys [200456 2020-04-27] (Intel Corporation -> Intel Corporation)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.23.3.8\Definitions\IPSDefs\20230413.061\IDSvia64.sys [1527816 2023-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 IntcBTAu; C:\WINDOWS\System32\DriverStore\FileRepository\intcbtau.inf_amd64_0d2e7834c92ff8a0\IntcBTAu.sys [725384 2020-12-17] ((PREPRODUCTION USE ONLY) Smart Sound Technology -> Intel® Corporation)
S3 nsvst_NGC; C:\WINDOWS\System32\drivers\NGCx64\1617030.008\nsvst.sys [57120 2023-03-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R3 rtcx21; C:\WINDOWS\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_516e5c9b75c49dc2\rtcx21x64.sys [539648 2022-05-06] (Microsoft Windows -> Realtek)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1617030.008\SRTSP64.SYS [956048 2023-03-24] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1617030.008\SRTSPX64.SYS [52872 2023-03-24] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1617030.008\SYMEFASI64.SYS [2180248 2023-03-24] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1617030.008\SymELAM.sys [36016 2023-03-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100344 2023-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.23.3.8\SymPlatform\SymEvnt.sys [722400 2022-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1617030.008\Ironx64.SYS [306824 2023-03-24] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1617030.008\symnets.sys [492728 2023-03-24] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49608 2023-03-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [495896 2023-03-27] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99624 2023-03-27] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [40104 2022-06-17] (HP Inc. -> HP)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1617030.008\wpCtrlDrv.sys [1016792 2023-03-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-04-14 13:51 - 2023-04-14 13:52 - 000024473 _____ C:\Users\keure\Downloads\FRST.txt
2023-04-14 13:51 - 2023-04-14 13:51 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2023-04-14 13:50 - 2023-04-14 13:51 - 000000000 ____D C:\FRST
2023-04-14 13:49 - 2023-04-14 13:49 - 002380288 _____ (Farbar) C:\Users\keure\Downloads\FRST64.exe
2023-04-14 13:47 - 2023-04-14 13:47 - 002081792 _____ (Farbar) C:\Users\keure\Downloads\FRST.exe
2023-04-14 13:44 - 2023-04-14 13:51 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-04-14 13:44 - 2023-04-14 13:45 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2023-04-14 13:44 - 2023-04-14 13:44 - 000398800 _____ (Mozilla) C:\Users\keure\Downloads\Firefox Installer.exe
2023-04-14 13:44 - 2023-04-14 13:44 - 000002045 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2023-04-14 13:44 - 2023-04-14 13:44 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-04-14 13:44 - 2023-04-14 13:44 - 000001000 _____ C:\Users\Public\Desktop\Firefox.lnk
2023-04-14 13:44 - 2023-04-14 13:44 - 000000000 ____D C:\Users\keure\AppData\Roaming\Mozilla
2023-04-14 13:44 - 2023-04-14 13:44 - 000000000 ____D C:\Users\keure\AppData\Local\Mozilla
2023-04-14 13:44 - 2023-04-14 13:44 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-04-14 13:44 - 2023-04-14 13:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-04-13 12:09 - 2023-04-13 12:09 - 000000000 ____D C:\Users\keure\AppData\Local\NPE
2023-04-12 06:40 - 2023-04-12 06:40 - 000000000 ___HD C:\$WinREAgent
2023-04-12 06:28 - 2023-04-13 07:01 - 000000000 ____D C:\Users\keure\AppData\LocalLow\Norton
2023-04-11 10:05 - 2023-04-11 10:05 - 000000000 ____D C:\Users\keure\AppData\Local\Norton
2023-04-11 08:54 - 2023-04-11 08:54 - 000000000 ____D C:\Users\keure\AppData\Local\IsolatedStorage
2023-04-11 08:53 - 2023-04-11 08:53 - 000089304 _____ (CyberGhost S.R.L.) C:\Users\keure\Downloads\cgsetup_en_yqeDq7FjcpYG4h48tgMx.exe
2023-04-11 08:53 - 2023-04-11 08:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 8
2023-04-11 08:53 - 2023-04-11 08:53 - 000000000 ____D C:\Program Files\CyberGhost 8
2023-04-11 06:39 - 2023-04-11 06:39 - 000000000 ____D C:\Program Files\Common Files\AV
2023-04-10 20:13 - 2023-04-14 07:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton AntiVirus Plus
2023-04-10 20:11 - 2023-04-10 20:11 - 000003374 _____ C:\WINDOWS\system32\Tasks\Norton WSC Integration
2023-04-10 20:11 - 2023-04-10 20:11 - 000002295 _____ C:\Users\Public\Desktop\Norton Security.lnk
2023-04-10 20:11 - 2023-04-10 20:11 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2023-04-10 20:11 - 2023-04-10 20:11 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2023-04-10 20:11 - 2023-04-10 20:11 - 000000000 ____D C:\Program Files\Norton Security
2023-04-10 20:11 - 2023-04-10 20:11 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared
2023-04-10 20:10 - 2023-04-10 20:10 - 000000000 ____D C:\ProgramData\NortonInstaller
2023-04-10 20:10 - 2023-04-10 20:10 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2023-04-10 20:09 - 2023-04-13 12:09 - 000000000 ____D C:\ProgramData\Norton
2023-04-10 20:09 - 2023-04-10 20:09 - 000000000 ____D C:\Users\Public\Downloads\Norton
2023-04-10 20:08 - 2023-04-10 20:08 - 004061160 _____ (NortonLifeLock Inc.) C:\Users\keure\Downloads\NAVPlusDownloader.exe
2023-04-09 05:13 - 2023-04-09 05:13 - 000000000 ____D C:\Users\keure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2023-04-08 19:50 - 2023-04-08 19:50 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2023-04-08 15:56 - 2023-04-12 18:01 - 000001607 _____ C:\WINDOWS\system32\config\VSMIDK
2023-04-07 12:07 - 2023-04-07 12:07 - 000684984 _____ (Mozilla Foundation) C:\Users\keure\AppData\LocalLow\freebl3.dll
2023-04-07 12:07 - 2023-04-07 12:07 - 000627128 _____ (Mozilla Foundation) C:\Users\keure\AppData\LocalLow\mozglue.dll
2023-04-07 12:07 - 2023-04-07 12:07 - 000254392 _____ (Mozilla Foundation) C:\Users\keure\AppData\LocalLow\softokn3.dll
2023-04-07 12:05 - 2023-04-07 12:05 - 000000000 ____D C:\Users\keure\AppData\Roaming\WinRAR
2023-04-07 12:03 - 2023-04-07 12:03 - 003104896 _____ (Alexander Roshal) C:\Users\keure\Downloads\wrar602.exe
2023-04-07 11:46 - 2023-04-07 11:46 - 032890333 _____ C:\Users\keure\Downloads\Pass_55551_ActivatedSetupC12 (1).rar
2023-03-31 11:11 - 2023-03-31 11:18 - 1105719909 _____ C:\Users\keure\openshot33123.mp4
2023-03-22 16:41 - 2023-03-24 10:31 - 000000000 ____D C:\Users\keure\OneDrive\Documents\BlackVue
2023-03-22 16:41 - 2023-03-22 16:41 - 000000000 ____D C:\Users\keure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlackVue
2023-03-22 16:41 - 2023-03-22 16:41 - 000000000 ____D C:\Users\keure\AppData\Local\Demos
2023-03-22 16:41 - 2023-03-22 16:41 - 000000000 ____D C:\Program Files\BlackVue
2023-03-22 16:41 - 2023-03-22 16:41 - 000000000 ____D C:\Program Files (x86)\dotnet
2023-03-22 16:37 - 2023-03-22 16:38 - 353856180 _____ C:\Users\keure\Downloads\blackvue-cloud-viewer-3.14-windows.zip

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-04-14 13:52 - 2022-05-07 01:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-04-14 13:40 - 2023-01-07 22:34 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2121040479-1795906117-1526335761-1001
2023-04-14 13:40 - 2023-01-07 22:34 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2121040479-1795906117-1526335761-1001
2023-04-14 13:40 - 2021-07-16 10:25 - 000002390 _____ C:\Users\keure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-04-14 13:37 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-04-14 13:37 - 2020-03-13 09:41 - 000000000 ____D C:\Program Files\Microsoft Office
2023-04-14 06:52 - 2022-05-07 01:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-04-14 06:52 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-04-14 06:31 - 2022-03-11 07:09 - 000000000 ____D C:\Users\keure\AppData\Roaming\CyberGhost
2023-04-14 06:31 - 2022-03-11 07:09 - 000000000 ____D C:\Users\keure\AppData\Local\CyberGhost
2023-04-13 07:14 - 2022-05-07 01:22 - 000000000 ____D C:\WINDOWS\INF
2023-04-13 07:11 - 2022-03-13 12:21 - 000000000 ____D C:\Users\keure\OneDrive\Documents\ConvertXToDVD
2023-04-13 07:03 - 2022-03-13 12:08 - 000000000 ____D C:\Users\keure\AppData\Roaming\uTorrent
2023-04-13 07:01 - 2023-01-07 22:32 - 000944980 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-04-13 06:59 - 2023-01-07 22:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-04-13 06:59 - 2022-03-13 12:09 - 000000000 ____D C:\Users\keure\AppData\Local\BitTorrentHelper
2023-04-12 18:01 - 2023-01-07 22:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-04-12 18:01 - 2023-01-07 22:30 - 000498968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-04-12 18:01 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-04-12 18:01 - 2022-05-07 01:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-04-12 18:01 - 2022-05-07 01:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-04-12 18:01 - 2020-09-27 10:50 - 000012288 ___SH C:\DumpStack.log.tmp
2023-04-12 18:01 - 2020-05-31 08:09 - 000000000 ____D C:\Intel
2023-04-12 18:00 - 2022-05-07 01:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-04-12 18:00 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\UUS
2023-04-12 18:00 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-04-12 18:00 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-04-12 18:00 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-04-12 18:00 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-04-12 18:00 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-04-12 18:00 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\Provisioning
2023-04-12 18:00 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-04-12 18:00 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-04-12 08:22 - 2023-01-07 22:34 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2023-04-12 08:22 - 2021-07-19 01:13 - 000000000 __SHD C:\Users\keure\IntelGraphicsProfiles
2023-04-12 06:48 - 2020-12-09 00:08 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-04-12 06:47 - 2022-05-07 01:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-04-12 06:47 - 2020-12-09 00:08 - 156112424 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-04-12 06:45 - 2023-01-07 22:32 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-04-12 06:28 - 2020-09-27 10:53 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-04-12 06:28 - 2020-09-27 10:53 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-04-11 08:56 - 2021-02-11 12:16 - 000000000 ____D C:\Users\keure\AppData\Local\D3DSCache
2023-04-10 20:14 - 2020-11-25 19:03 - 000000000 ____D C:\Users\keure\AppData\Local\Packages
2023-04-10 20:14 - 2020-09-27 10:54 - 000000000 ____D C:\ProgramData\Packages
2023-04-10 20:11 - 2022-05-07 01:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-04-09 05:13 - 2020-11-25 19:21 - 000000000 ____D C:\Users\keure\AppData\Roaming\Zoom
2023-04-07 12:12 - 2023-01-07 22:34 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2023-04-07 12:12 - 2022-05-08 13:57 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2023-04-07 11:38 - 2022-03-13 12:21 - 000099384 _____ C:\Users\keure\AppData\Roaming\inst.exe
2023-04-07 11:38 - 2022-03-13 12:21 - 000082816 _____ (VSO Software) C:\Users\keure\AppData\Roaming\pcouffin.sys
2023-04-07 11:38 - 2022-03-13 12:21 - 000007859 _____ C:\Users\keure\AppData\Roaming\pcouffin.cat
2023-04-07 11:38 - 2022-03-13 12:21 - 000000000 ____D C:\Users\keure\AppData\Roaming\VSO
2023-04-07 11:38 - 2022-03-13 12:21 - 000000000 ____D C:\ProgramData\VSO
2023-04-07 11:25 - 2022-03-13 12:32 - 000000000 ____D C:\Users\keure\OneDrive\Documents\ConvertXtoDVD_Resources
2023-04-07 05:46 - 2023-01-07 22:34 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-04-07 05:46 - 2023-01-07 22:34 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-03-31 11:24 - 2020-12-05 12:41 - 000000000 ____D C:\Users\keure\.openshot_qt
2023-03-31 11:11 - 2023-01-07 22:31 - 000000000 ____D C:\Users\keure
2023-03-31 10:30 - 2020-11-25 19:24 - 000000000 ____D C:\Users\keure\OneDrive\Documents\Zoom
2023-03-27 17:22 - 2020-09-27 10:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-03-24 16:25 - 2023-03-13 11:56 - 000000000 ____D C:\Users\keure\AppData\Roaming\slobs-client
2023-03-22 16:41 - 2020-11-25 19:20 - 000000000 ____D C:\ProgramData\Package Cache
2023-03-16 17:32 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-03-16 17:32 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-03-16 17:32 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-03-16 07:58 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth

==================== Files in the root of some directories ========

2022-03-13 12:21 - 2023-04-07 11:38 - 000099384 _____ () C:\Users\keure\AppData\Roaming\inst.exe
2022-03-13 12:21 - 2023-04-07 11:38 - 000007859 _____ () C:\Users\keure\AppData\Roaming\pcouffin.cat
2022-03-13 12:21 - 2023-04-07 11:38 - 000001167 _____ () C:\Users\keure\AppData\Roaming\pcouffin.inf
2022-03-13 12:21 - 2023-04-07 11:38 - 000000055 _____ () C:\Users\keure\AppData\Roaming\pcouffin.log
2022-03-13 12:21 - 2023-04-07 11:38 - 000082816 _____ (VSO Software) C:\Users\keure\AppData\Roaming\pcouffin.sys

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================                               Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2023
Ran by keure (14-04-2023 13:52:33)
Running from C:\Users\keure\Downloads
Microsoft Windows 11 Home Version 22H2 22621.1555 (X64) (2023-01-08 02:35:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2121040479-1795906117-1526335761-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2121040479-1795906117-1526335761-503 - Limited - Disabled)
Guest (S-1-5-21-2121040479-1795906117-1526335761-501 - Limited - Disabled)
keure (S-1-5-21-2121040479-1795906117-1526335761-1001 - Administrator - Enabled) => C:\Users\keure
WDAGUtilityAccount (S-1-5-21-2121040479-1795906117-1526335761-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton AntiVirus (Disabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
FW: Norton AntiVirus (Disabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

BlackVue 3.14 (HKLM-x32\...\BlackVue) (Version: 3.14 - PittaSoft, Inc.)
CyberGhost 8 (HKLM\...\CyberGhost 8) (Version: 8.3.10.10024 - CyberGhost S.R.L.)
CyberGhost TUN (HKLM\...\{677232D6-72D6-4821-8CB5-47969B15D4DF}) (Version: 1.0 - CyberGhost S.R.L.) Hidden
Microsoft .NET Host - 6.0.12 (x86) (HKLM-x32\...\{08E30184-EB9C-4CF3-83D7-B610F1FC3F0F}) (Version: 48.51.51943 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.12 (x86) (HKLM-x32\...\{DCCDE725-8BF0-4BA7-B25B-93A3DDA80DAC}) (Version: 48.51.51943 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.12 (x86) (HKLM-x32\...\{9214708B-E625-4F9A-AA0B-802B7C1DDB73}) (Version: 48.51.51943 - Microsoft Corporation) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16130.20332 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 112.0.1722.39 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 112.0.1722.39 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2121040479-1795906117-1526335761-1001\...\OneDriveSetup.exe) (Version: 23.066.0326.0005 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{EF9EBC42-6969-45CE-A8D2-B9249B00C838}) (Version: 5.69.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026 (HKLM-x32\...\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}) (Version: 14.0.23026 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026 (HKLM-x32\...\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}) (Version: 14.0.23026 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31938 (HKLM-x32\...\{d92971ab-f030-43c8-8545-c66c818d0e05}) (Version: 14.34.31938.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31938 (HKLM\...\{7DA37AE3-D8AE-49B1-9BDC-23CA0AB9FF22}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31938 (HKLM\...\{0AE39060-F209-4D05-ABC7-54B8F9CFA32E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.12 (x86) (HKLM-x32\...\{68fdb6fb-cca0-4e8e-bf22-7d8f9806c832}) (Version: 6.0.12.31928 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.12 (x86) (HKLM-x32\...\{AC216B9B-DF75-41FE-AF22-0AC2272485D5}) (Version: 48.51.52100 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 112.0 (x64 en-US)) (Version: 112.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 112.0 - Mozilla)
Norton AntiVirus (HKLM-x32\...\NGC) (Version: 22.23.3.8 - NortonLifeLock Inc)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16227.20204 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenShot Video Editor version 2.5.1 (HKLM\...\{4BB0DCDC-BC24-49EC-8937-72956C33A470}_is1) (Version: 2.5.1 - OpenShot Studios, LLC)
Streamlabs Desktop 1.12.5 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version: 1.12.5 - General Workings, Inc.)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-2121040479-1795906117-1526335761-1001\...\ZoomUMX) (Version: 5.13.11 (13434) - Zoom Video Communications, Inc.)

Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-11-25] (Amazon.com)
Booking.com USA: Big savings on hotels in 96,000 destinations worldwide -> C:\Program Files\WindowsApps\PricelinePartnerNetwork.Booking.comUSABigsavingson_2.0.5.0_x64__mgae2k3ys4ra0 [2023-03-16] (Priceline Partner Network)
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2023-03-16] (HP Inc.)
HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.14.225.0_x64__v10z8vjag6ke6 [2023-03-16] (HP Inc.)
HP JumpStarts -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStarts_1.10.1627.0_x64__v10z8vjag6ke6 [2021-07-19] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.2.74.0_x64__v10z8vjag6ke6 [2023-03-29] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_144.1.1068.0_x64__v10z8vjag6ke6 [2023-04-07] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.25.18.0_x64__v10z8vjag6ke6 [2023-04-11] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.2.0_x64__v10z8vjag6ke6 [2022-08-18] (HP Inc.)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2023-03-25] (INTEL CORP)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-07-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-07-16] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2303.28003.0_x64__8wekyb3d8bbwe [2023-04-13] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.39.0_x64__8wekyb3d8bbwe [2023-01-12] (Microsoft Corp.)
ms-resource:System_Item_Title_IntelGraphicsControlPanel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4779.0_x64__8j3eq9eme6ctt [2023-04-13] (INTEL CORP) [Startup Task]
ms-resource:UniversalAppName -> C:\Program Files\WindowsApps\C27EB4BA.DROPBOX_23.4.16.0_x64__xbfy0k16fey96 [2023-04-12] (Dropbox Inc.)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-25] (Netflix, Inc.)
Norton Security -> C:\Program Files\Norton Security\Engine\22.23.3.8 [2023-04-14] (0)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.4.14.0_x64__kx24dqmazqk8j [2023-03-16] (Random Salad Games LLC)
sMedio True DVD for HP -> C:\Program Files\WindowsApps\0E3921EB.sMedioTrueDVDforHP_1.1.156.0_x64__agwrg61xdd7p4 [2023-02-11] (sMedio Inc.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0 [2023-04-14] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_59691a4ee8d947dd\OptaneShellExt.dll [2021-10-12] (Intel Corporation -> )
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.23.3.8\buShell.dll [2023-03-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.23.3.8\buShell.dll [2023-03-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.23.3.8\buShell.dll [2023-03-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.23.3.8\buShell.dll [2023-03-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.23.3.8\buShell.dll [2023-03-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.23.3.8\buShell.dll [2023-03-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.23.3.8\buShell.dll [2023-03-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.23.3.8\NavShExt.dll [2023-03-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.23.3.8\NavShExt.dll [2023-03-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_59691a4ee8d947dd\OptaneShellExt.dll [2021-10-12] (Intel Corporation -> )
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.23.3.8\buShell.dll [2023-03-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.23.3.8\NavShExt.dll [2023-03-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2023-04-11 08:54 - 2023-04-11 08:54 - 001139200 _____ () [File not signed] [File is in use] C:\Program Files\CyberGhost 8\Data\Cef\x64\CefSharp.BrowserSubprocess.Core.dll
2023-04-11 08:54 - 2023-04-11 08:54 - 001782784 _____ () [File not signed] [File is in use] C:\Program Files\CyberGhost 8\Data\Cef\x64\CefSharp.Core.Runtime.dll
2023-04-11 08:54 - 2023-04-11 08:54 - 190309888 _____ () [File not signed] C:\Program Files\CyberGhost 8\Data\Cef\x64\libcef.dll
2023-04-11 08:54 - 2023-04-11 08:54 - 000474624 _____ () [File not signed] C:\Program Files\CyberGhost 8\Data\Cef\x64\libegl.dll
2023-04-11 08:54 - 2023-04-11 08:54 - 007402496 _____ () [File not signed] C:\Program Files\CyberGhost 8\Data\Cef\x64\libglesv2.dll
2023-04-11 08:54 - 2023-04-11 08:54 - 004974080 _____ () [File not signed] C:\Program Files\CyberGhost 8\Data\Cef\x64\vk_swiftshader.dll
2023-04-11 08:54 - 2023-04-11 08:54 - 001418752 _____ (The Chromium Authors) [File not signed] C:\Program Files\CyberGhost 8\Data\Cef\x64\chrome_elf.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKLM -> {17798353-3940-42B8-BBBC-47FA0387024E} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {17798353-3940-42B8-BBBC-47FA0387024E} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2023-04-04] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-03-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2023-04-04] (HP Inc. -> HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-04-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-04-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-04-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-04-14] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 00:49 - 2019-03-19 00:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2121040479-1795906117-1526335761-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C85E7943-E73C-4EBE-92E6-BD6A1517FA04}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0C5162AB-053F-435A-9A27-0F96912E4E86}] => (Allow) C:\Users\keure\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{621CB6C5-B409-47DB-A83F-782500880EE5}] => (Allow) C:\Users\keure\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{731CCCF1-38A2-4AD4-946F-89B2D52D001B}] => (Allow) C:\Users\keure\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{AF1B6674-F1D7-41C8-9F6E-5D7661BED28B}] => (Allow) C:\Program Files\OpenShot Video Editor\openshot-qt.exe (OpenShot Studios, LLC) [File not signed]
FirewallRules: [{E7727357-3300-4519-83C9-E1179151C589}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{BE28E645-51ED-4BCB-B6EC-A4066C4E1161}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{AAA069B8-9405-43CC-BA2F-775F0401CEDC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{CF78A839-6CE7-46CB-AA93-C10D9A55D891}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{67E361F3-BDD8-4B35-9F7A-6FCA24C9D58F}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23062.1103.1944.2725_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> )
FirewallRules: [{9C25CADD-0F25-49F7-8F1D-49674D89E043}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23062.1103.1944.2725_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> )
FirewallRules: [{DD155C96-011D-4FC1-B203-DA9A98069FD7}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\112.0.1722.34\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0F29BD14-7AC0-4F28-9FB2-313327E86252}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\112.0.1722.39\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{99347181-000D-4B4B-9837-51716ECD11E5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{EE86AD35-BE83-4318-981F-934DABE79498}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{776B9B62-3ADC-42BE-AD3C-FECECF5A06B4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{089D6E23-715A-491C-B272-F6F16EA4EFA2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{485C6405-05B4-4810-8352-1162F6CD1C8E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{56878A01-5D77-41A5-8B3A-5A8B72CA8EDD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{4DAB13C1-B237-40D8-9791-C7BE2691F210}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{9891B946-0F67-4C74-9803-2D6DAA854E1B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{ADCFD2F7-D847-4682-BA2A-EEB116F608F0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{A7F74868-899E-47BC-B198-612244AAE6F5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{5BFC9356-1418-4BB6-8867-5A76CB63CB22}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BAB234C1-6436-4AF0-971A-60DEC3260B35}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

==================== Restore Points =========================

12-04-2023 06:40:40 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/13/2023 07:12:48 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=26, authorId=0, vendorId=0, vendorType=0

Error: (04/13/2023 07:12:48 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=0, vendorId=0, vendorType=0

Error: (04/13/2023 07:12:48 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=13, authorId=0, vendorId=0, vendorType=0

Error: (04/13/2023 07:12:48 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=55, authorId=311, vendorId=0, vendorType=0

Error: (04/13/2023 07:12:48 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=50, authorId=311, vendorId=0, vendorType=0

Error: (04/13/2023 07:12:48 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (04/13/2023 07:12:48 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=23, authorId=311, vendorId=0, vendorType=0

Error: (04/13/2023 07:12:48 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=21, authorId=311, vendorId=0, vendorType=0


System errors:
=============
Error: (04/13/2023 07:12:51 AM) (Source: Tcpip) (EventID: 4207) (User: )
Description: The IPv6 TCP/IP interface with index 16 failed to bind to its provider.

Error: (04/13/2023 06:59:32 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-EUSAIEC4)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (04/12/2023 06:01:20 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Delivery Optimization service did not shut down properly after receiving a preshutdown control.

Error: (04/12/2023 06:00:14 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-EUSAIEC4)
Description: The server AD2F1837.HPPrinterControl_144.1.1068.0_x64__v10z8vjag6ke6!AD2F1837.HPPrinterControl.AppX3pygpm0xnrdftm5n1tftckhgsgz4zqvb.mca did not register with DCOM within the required timeout.

Error: (04/12/2023 06:00:14 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} did not register with DCOM within the required timeout.

Error: (04/12/2023 08:23:55 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-EUSAIEC4)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (04/12/2023 06:40:36 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (04/11/2023 09:27:05 AM) (Source: Tcpip) (EventID: 4207) (User: )
Description: The IPv6 TCP/IP interface with index 16 failed to bind to its provider.


Windows Defender:
================
Date: 2023-04-09 18:06:25
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-04-08 18:33:27
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-04-08 05:39:36
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-04-07 12:07:27
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...23&enterprise=0
Name: Trojan:Win32/Wacatac.H!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Users\keure\AppData\Roaming\phR1Mx38.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\keure\AppData\Local\Temp\Rar$EXb10256.8307\setup.exe
Security intelligence Version: AV: 1.387.273.0, AS: 1.387.273.0, NIS: 1.387.273.0
Engine Version: AM: 1.1.20200.4, NIS: 1.1.20200.4

Date: 2023-04-07 12:06:45
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...09&enterprise=0
Name: Trojan:Win32/Recordbreaker.RPZ!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\keure\AppData\Local\Temp\Rar$EXb10256.8307\tgheqwpolnmwezxu.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\WinRAR\WinRAR.exe
Security intelligence Version: AV: 1.387.273.0, AS: 1.387.273.0, NIS: 1.387.273.0
Engine Version: AM: 1.1.20200.4, NIS: 1.1.20200.4

CodeIntegrity:
===============
Date: 2023-04-14 13:44:25
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.23.3.8\symamsi.dll that did not meet the Windows signing level requirements.

Date: 2023-04-14 13:44:05
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.23.3.8\symamsi.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: AMI F.06 05/19/2020
Motherboard: HP 868E
Processor: Intel® Core™ i5-1035G1 CPU @ 1.00GHz
Percentage of memory in use: 81%
Total physical RAM: 7880.73 MB
Available physical RAM: 1426.32 MB
Total Virtual: 9318.74 MB
Available Virtual: 1464.27 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:237.34 GB) (Free:64.9 GB) (Model: SK hynix BC511 HFM256GDJTNI-82A0A) NTFS

\\?\Volume{cfbe90ab-bac9-4af7-a060-0d9cf50b6193}\ () (Fixed) (Total:0.85 GB) (Free:0.04 GB) NTFS
\\?\Volume{d425ebcd-0250-4d4d-9685-4fc54fcc20b9}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 1E1F4777)

Partition: GPT.

==================== End of Addition.txt =======================


  • 0

#4
DR M
Posted 14 April 2023 - 02:34 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,109 posts

Hi, again.

Now you posted the logs...

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
======================
 
Before we start the cleaning procedure:
 
Based on your logs, right now you have not any security program enabled. You said that you used Norton. Is it the free version? Do you have a paid license for it? If it is the free version, my recommendation is to uninstall it and stay with the built-in Windows antivirus, Windows Defender.
 
In case you will uninstall Norton:

  • Download the Revo Uninstaller (Free Download) and save it on your Desktop.
  • Double click on the exe file created on your Desktop to run the installer, and follow the instructions to install the program.
  • Double click the program's icon to open it.
  • Write in the search area, on the top left, the following program:
Norton Antivirus
  • Choose the Uninstall tab from the menu and let the program to create a Restore point.
  • Choose Scan, and then the Advanced mode scan.
  • Select all the Norton items found, Delete and Next.
  • Let the procedure be completed and click on Finish.
  • Restart the computer.
  • Run FRST tool once more and give me fresh logs, Addition and FRST.

 

In case you will stay with Norton,

 

please make sure that it is working fine, and that it gives you real time protection.

 

 

Let me know what you decided to do and we will continue from there.


  • 0

#5
triedeverything
Posted 15 April 2023 - 04:42 AM

triedeverything

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Regarding Norton, it is the paid version direct from Norton. Norton disabled Defender when I downloaded it.  I disabled auto-protect & smart firewall on Norton so it would not interfere with the Farbar download.


  • 0

#6
DR M
Posted 15 April 2023 - 05:13 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,109 posts

Fine.
 
Now please turn Norton on. If we see that it conflicts with FRST or any other tool, we are going to turn it off again.

 
1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-2121040479-1795906117-1526335761-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\keure\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2121040479-1795906117-1526335761-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\keure\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2121040479-1795906117-1526335761-1001\...\RunOnce: [Uninstall 23.061.0319.0003] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\keure\AppData\Local\Microsoft\OneDrive\23.061.0319.0003" (No File)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Task: {0A57F285-075E-43B3-8F67-E1E5A3A234A6} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery Reboot (No File)
Task: {5D983299-8EEC-4351-93C8-923E0FDB6679} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => C:\WINDOWS\system32\MusNotification.exe Display (No File)
Task: {7628F47C-F9D7-4878-B895-B3488AFA6B7D} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC Reboot (No File)
Task: {832A1B1B-B1E4-4002-86D9-3BAD55A1AF69} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => C:\WINDOWS\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

 

2. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

 

3. Run Malwarebytes (scan only)

  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.

    If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
    • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
    • Find the report with the most recent date and double click on it.
    • Click on Export and then Copy to Clipboard.
    • Paste its content here, in your next reply.

 

 

In your next reply please post:

  • The fixlog.txt
  • The AdwCleaner[S0*].txt
  • The Malwarebytes report

  • 0

#7
triedeverything
Posted 15 April 2023 - 08:37 AM

triedeverything

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

I copied the code , clicked the fix button, did not get a fixlist.txt

the following box came up...

 

fix completed "fixlog.text" is saved in the same directory frst is located

The computer needs a restart. Please close all open windows. Note that

you will not get any notification from the tool after restart.

Click ok to restart.

 

After restart I was able to find the fixlog.text.......

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-04-2023
Ran by keure (15-04-2023 10:19:45) Run:1
Running from C:\Users\keure\Downloads
Loaded Profiles: keure
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-2121040479-1795906117-1526335761-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\keure\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2121040479-1795906117-1526335761-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\keure\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2121040479-1795906117-1526335761-1001\...\RunOnce: [Uninstall 23.061.0319.0003] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\keure\AppData\Local\Microsoft\OneDrive\23.061.0319.0003" (No File)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Task: {0A57F285-075E-43B3-8F67-E1E5A3A234A6} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery Reboot (No File)
Task: {5D983299-8EEC-4351-93C8-923E0FDB6679} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => C:\WINDOWS\system32\MusNotification.exe Display (No File)
Task: {7628F47C-F9D7-4878-B895-B3488AFA6B7D} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC Reboot (No File)
Task: {832A1B1B-B1E4-4002-86D9-3BAD55A1AF69} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => C:\WINDOWS\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
EmptyTemp:
End::
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
"HKU\S-1-5-21-2121040479-1795906117-1526335761-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Update Binary" => removed successfully
"HKU\S-1-5-21-2121040479-1795906117-1526335761-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Standalone Update Binary" => removed successfully
"HKU\S-1-5-21-2121040479-1795906117-1526335761-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 23.061.0319.0003" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{C885AA15-1764-4293-B82A-0586ADD46B35} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A57F285-075E-43B3-8F67-E1E5A3A234A6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A57F285-075E-43B3-8F67-E1E5A3A234A6}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D983299-8EEC-4351-93C8-923E0FDB6679}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D983299-8EEC-4351-93C8-923E0FDB6679}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7628F47C-F9D7-4878-B895-B3488AFA6B7D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7628F47C-F9D7-4878-B895-B3488AFA6B7D}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{832A1B1B-B1E4-4002-86D9-3BAD55A1AF69}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{832A1B1B-B1E4-4002-86D9-3BAD55A1AF69}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
HKLM\System\CurrentControlSet\Services\WinSetupMon => removed successfully
WinSetupMon => service removed successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 83158016 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 51065416 B
Edge => 1717258 B
Firefox => 148576775 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 2782275 B
systemprofile32 => 2782789 B
LocalService => 2801553 B
NetworkService => 2914647 B
keure => 208934062 B

RecycleBin => 0 B
EmptyTemp: => 482.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:20:06 ====

 

 

 

 

going back now to run adwcleaner....


  • 0

#8
triedeverything
Posted 15 April 2023 - 08:45 AM

triedeverything

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

ADW cleaner....

 

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    04-15-2023
# Duration: 00:00:05
# OS:       Windows 11 (Build 22621.1555)
# Scanned:  32090
# Detected: 12


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.HPCleanFLC   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher
Preinstalled.HPRegistrationService   Folder   C:\ProgramData\HP\HP REGISTRATION SERVICE
Preinstalled.HPSupportAssistant   Folder   C:\HP\SUPPORT
Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant   Folder   C:\Users\keure\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPTouchpointAnalyticsClient   Folder   C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT
Preinstalled.HPTouchpointAnalyticsClient   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 

 

malwarebytes report next.....

 

 

 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/15/23
Scan Time: 10:54 AM
Log File: 7750bc40-db9d-11ed-b1ea-bce92fcbf508.json

-Software Information-
Version: 4.5.26.259
Components Version: 1.0.1976
Update Package Version: 1.0.68051
License: Trial

-System Information-
OS: Windows 11 (Build 22621.1555)
CPU: x64
File System: NTFS
User: LAPTOP-EUSAIEC4\keure

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 278826
Threats Detected: 7
Threats Quarantined: 0
Time Elapsed: 3 min, 4 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 7
PUP.Optional.BundleInstaller, C:\USERS\KEURE\APPDATA\ROAMING\UTORRENT\UPDATES\3.5.5_46514.EXE, No Action By User, 118, 1095642, 1.0.68051, , ame, , CDAE52391B92667C9FA26BE90862DC24, 081198C6B5236260AEE9B1183F96EE765E3581724D90B1C5E4484EB1755E773C
PUP.Optional.BundleInstaller, C:\USERS\KEURE\APPDATA\ROAMING\UTORRENT\UPDATES\3.6.0_46682.EXE, No Action By User, 118, 1124933, 1.0.68051, , ame, , 21EA44D3A8D7CBCC07477A5C0D8795C8, 0CCF662DB06716FD3BA76CCC9178AB9AA613F41426EC69D69DDFCECC761E1A7E
PUP.Optional.BundleInstaller, C:\USERS\KEURE\APPDATA\ROAMING\UTORRENT\UPDATES\3.6.0_46590.EXE, No Action By User, 118, 1116198, 1.0.68051, , ame, , 4B4149C544EA79ACCC7CB55015FCC0FA, 761BE1C00F156CAA8D04DB5BD0E2F7B3F12FD0B4B9F29BD4E0AF13125F2E4646
PUP.Optional.BundleInstaller, C:\USERS\KEURE\APPDATA\ROAMING\UTORRENT\UPDATES\3.6.0_46738.EXE, No Action By User, 118, 1131981, 1.0.68051, , ame, , FD42379761A5DDA477083EBFB172286B, 9A27F17D859D7F60A26030C7A0EF3698FFA0FF5FF4230963E52AB79A6A4DACDF
PUP.Optional.ChinAd, C:\USERS\KEURE\APPDATA\ROAMING\UTORRENT\UPDATES\3.6.0_46674.EXE, No Action By User, 384, 1123315, 1.0.68051, , ame, , 6AB2DCB825A2EEF0023C2B606DA11E2E, 346B206A7FCB7F1E7D04E57DE8F5214218E04BC800A1114071619B508811BC7F
PUP.Optional.BundleInstaller, C:\USERS\KEURE\APPDATA\ROAMING\UTORRENT\UPDATES\UTORRENT.EXE, No Action By User, 118, 1131981, 1.0.68051, , ame, , 06E979A3D3CFF6F4C441E76E7C370A39, 7948F9F2DF50A551F377186FE22E955C2E4A6CC58BE51C46EC874C9318278AC2
PUP.Optional.BundleInstaller, C:\USERS\KEURE\APPDATA\ROAMING\UTORRENT\UPDATES\3.6.0_46672.EXE, No Action By User, 118, 1121241, 1.0.68051, , ame, , 437ED8763AE1A4D9FA62F3643927CCC6, 94D24CAD6B8E158DF73247376A420291E2D954CE387E4A6665670A4E8E586EE3

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)


Edited by triedeverything, 15 April 2023 - 09:09 AM.

  • 0

#9
triedeverything
Posted 15 April 2023 - 09:13 AM

triedeverything

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Malware bytes report is above.

New reply wouldn't allow me to paste the report. So edited the above to include it.

 

 

=======================================================================================================

 

This is Malware report for post below (don;t know why paste option isn't available for new post)

 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/15/23
Scan Time: 12:39 PM
Log File: 0b77a722-dbac-11ed-9880-bce92fcbf508.json

-Software Information-
Version: 4.5.26.259
Components Version: 1.0.1976
Update Package Version: 1.0.68051
License: Trial

-System Information-
OS: Windows 11 (Build 22621.1555)
CPU: x64
File System: NTFS
User: LAPTOP-EUSAIEC4\keure

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 278889
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 1 min, 16 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
PUP.Optional.BundleInstaller, C:\USERS\KEURE\APPDATA\ROAMING\UTORRENT\UPDATES\3.5.5_46514.EXE, Quarantined, 118, 1095642, 1.0.68051, , ame, , CDAE52391B92667C9FA26BE90862DC24, 081198C6B5236260AEE9B1183F96EE765E3581724D90B1C5E4484EB1755E773C
PUP.Optional.BundleInstaller, C:\USERS\KEURE\APPDATA\ROAMING\UTORRENT\UPDATES\UTORRENT.EXE, Quarantined, 118, 1131981, 1.0.68051, , ame, , 06E979A3D3CFF6F4C441E76E7C370A39, 7948F9F2DF50A551F377186FE22E955C2E4A6CC58BE51C46EC874C9318278AC2

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

 

computer is running great.

Only question I have, should I uninstall the programs you had me download or leave as be?

 

Appreciate all your help!!!


Edited by triedeverything, 15 April 2023 - 10:56 AM.

  • 0

#10
DR M
Posted 15 April 2023 - 09:46 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,109 posts

OK, let's do some more cleaning. First, make sure to move all the tools, including FRST, on to your Desktop.


1. AdwCleaner (Clean mode)

This tool detected only Preinstalled Software which is software that was apparently installed when the device was new, which you may or may not use. Personally, I do not keep anything I don't use/need. But it's your computer, so your decision.

In case you want to remove the preinstalled software:

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

NOTE: The tool is getting updates very often, so my instructions above may be slightly different from what they should be.

 

2. Run Malwarebytes (Clean mode)

  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is unchecked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

 

In your next reply, please post:

  • What did you decide about preinstalled software. If you remove it, I would like to see the AdwCleaner[C0*].txt
  • The Malwarebytes report
  • Feedback: how is the computer running? Any remaining issue/question/concern?

  • 0

Advertisements

#11
triedeverything
Posted 15 April 2023 - 10:44 AM

triedeverything

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

The preinstalled software I left unchanged as I don't perceive ant threats with that.

 

Following is the newest Malware report...

 

 

not giving me the paste option again?

 

 

posting the report in my previous post above your last post.


Edited by triedeverything, 15 April 2023 - 10:57 AM.

  • 0

#12
DR M
Posted 15 April 2023 - 11:17 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,109 posts

I wonder why there is a problem with the paste option.

 

Well, how is the computer running? Any remaining issue/question/concern?


  • 0

#13
triedeverything
Posted 15 April 2023 - 01:20 PM

triedeverything

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Computer is running great, really appreciate all the time & help from you.

 

Only question is do I uninstall the programs you had me download or is is fine to leave them installed?


  • 0

#14
DR M
Posted 15 April 2023 - 01:26 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,109 posts

Great to hear that everything is fine. :thumbsup:

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

  • 0

#15
triedeverything
Posted 15 April 2023 - 02:42 PM

triedeverything

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

 

Great to hear that everything is fine. :thumbsup:

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

 

 

Norton blocked what it called a threat (SONAR.suspLaunch!g250) when clicking run but still produced the log...

 

 

kprm log....

 

 

# Run at 4/15/2023 4:33:58 PM
# KpRm (Kernel-panik) version 2.12.0
# Website https://kernel-panik.me/tool/kprm/
# Run by keure from C:\Users\keure\Downloads
# Computer Name: LAPTOP-EUSAIEC4
# OS: Unsupported OS X64 (22621) (10.0.22621.0)
# Number of passes: 1

- Checked options -

    ~ Registry Backup
    ~ Delete Tools
    ~ Restore System Settings
    ~ UAC Restore
    ~ Delete Restore Points
    ~ Create Restore Point
    ~ Delete Quarantines

- Create Registry Backup -

   ~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
   ~ [OK] Hive C:\Users\keure\NTUSER.dat backed up

     [OK] Registry Backup: C:\KPRM\backup\2023-04-15-16-33-58

- Delete Tools -


  ## AdwCleaner
     [OK] C:\Users\keure\Downloads\AdwCleaner.exe deleted
     [OK] C:\AdwCleaner deleted

  ## FRST
     [OK] C:\Users\keure\Downloads\Addition.txt deleted
     [OK] C:\Users\keure\Downloads\Fixlog.txt deleted
     [OK] C:\Users\keure\Downloads\FRST.exe deleted
     [OK] C:\Users\keure\Downloads\FRST.txt deleted
     [OK] C:\Users\keure\Downloads\FRST64.exe deleted
     [OK] C:\FRST deleted

- Restore System Settings -

     [OK] Reset WinSock
     [OK] FLUSHDNS
     [OK] Hide Hidden file.
     [OK] Show Extensions for known file types
     [OK] Hide protected operating system files

- Restore UAC -

     [OK] Set EnableLUA with default (1) value
     [OK] Set ConsentPromptBehaviorAdmin with default (5) value
     [OK] Set ConsentPromptBehaviorUser with default (3) value
     [OK] Set EnableInstallerDetection with default (0) value
     [OK] Set EnableSecureUIAPaths with default (1) value
     [OK] Set EnableUIADesktopToggle with default (0) value
     [OK] Set EnableVirtualization with default (1) value
     [OK] Set FilterAdministratorToken with default (0) value
     [OK] Set PromptOnSecureDesktop with default (1) value
     [OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

   ~ [OK] RP named Restore Point Created by FRST created at 04/15/2023 14:19:46 deleted
     [OK] All system restore points have been successfully deleted

- Create Restore Point -

     [OK] System Restore Point created

- Display System Restore Point -

   ~ [I] RP named KpRm created at 04/15/2023 20:34:15

-- KPRM finished in 33.33s --


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: help, malware, spyware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP