Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware Issue [Closed]

Started by Beloved9178 , Aug 17 2023 08:56 AM

Slow computer popups keyboard changing external not recognized

This topic is locked

#1
Beloved9178

Posted 17 August 2023 - 08:56 AM

Member

Member
15 posts

my computer has become inundated with popups constantly

I get popups telling me someone is hacking my bank account and other files or accounts constantly

the usb drive I've been using isn't being recognized by the computer

the usb drive I use for a lot of work is not recognized as being plugged in and therefore i can't access any files on it anymore

the keyboard randomly changes the keys while I'm typing

while typing the keyboard changes a letter or function of a key to something else randomly and makes it where typing stuff is extremely difficult

my computer is running extremely slow

my computer used to be fairly fast and is only a year and a half old and now it hardly runs its so slow

I ran the FRST tool kit and this is the reports is gave me

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2023 01

Ran by Cassandra Rabius (17-08-2023 09:47:43)

Running from C:\Users\Cassandra Rabius\OneDrive\Desktop

Microsoft Windows 11 Home Version 21H2 22000.2057 (X64) (2021-12-30 07:54:07)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-974111299-3066080161-2476872172-500 - Administrator - Disabled)

Cassandra Rabius (S-1-5-21-974111299-3066080161-2476872172-1001 - Administrator - Enabled) => C:\Users\Cassandra Rabius

DefaultAccount (S-1-5-21-974111299-3066080161-2476872172-503 - Limited - Disabled)

Guest (S-1-5-21-974111299-3066080161-2476872172-501 - Limited - Disabled)

WDAGUtilityAccount (S-1-5-21-974111299-3066080161-2476872172-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-FF00-7760-BC15014EA700}) (Version: 23.003.20269 - Adobe)

Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601047}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 115.0.5790.173 - Google LLC)

Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16626.20170 - Microsoft Corporation)

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 115.0.1901.203 - Microsoft Corporation)

Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.203 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-974111299-3066080161-2476872172-1001\...\OneDriveSetup.exe) (Version: 23.153.0724.0003 - Microsoft Corporation)

Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.16626.20170 - Microsoft Corporation)

Microsoft Update Health Tools (HKLM\...\{D98EA283-A784-4037-BD51-739D87BFF693}) (Version: 4.73.0.0 - Microsoft Corporation)

Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16626.20170 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16626.20170 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14026.20302 - Microsoft Corporation) Hidden

WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 17.66 - NCH Software)

Zoom (HKU\S-1-5-21-974111299-3066080161-2476872172-1001\...\ZoomUMX) (Version: 5.12.2 (9281) - Zoom Video Communications, Inc.)

Packages:

=========

Audiotonic – Audacity rebuilt for Windows 10 -> C:\Program Files\WindowsApps\BluskySoftwareInc.17062EE08491F_2.2.4.0_x86__61yk12x6sxn40 [2022-07-12] (Blusky Software Inc.)

AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-07-21] (Microsoft Corporation)

Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2022-02-19] (Canon Inc.)

Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-11] (Microsoft Corporation)

Dropbox Lite -> C:\Program Files\WindowsApps\C27EB4BA.DROPBOX_23.4.19.0_x64__xbfy0k16fey96 [2023-06-11] (Dropbox Inc.)

Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2023-07-18] (HP Inc.)

HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.35.264.0_x64__v10z8vjag6ke6 [2023-07-21] (HP Inc.)

HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.2.74.0_x64__v10z8vjag6ke6 [2023-04-13] (HP Inc.)

HP QuickDrop -> C:\Program Files\WindowsApps\AD2F1837.HPQuickDrop_2.5.10921.0_x64__v10z8vjag6ke6 [2022-07-20] (HP Inc.)

HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_148.2.1069.0_x64__v10z8vjag6ke6 [2023-08-11] (HP Inc.)

HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.28.34.0_x64__v10z8vjag6ke6 [2023-08-09] (HP Inc.)

HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.20.0_x64__v10z8vjag6ke6 [2023-06-13] (HP Inc.)

Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5180.0_x64__8j3eq9eme6ctt [2023-08-11] (INTEL CORP) [Startup Task]

McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy [2021-12-31] (McAfee LLC.)

Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2307.24002.0_x64__8wekyb3d8bbwe [2023-08-09] (Microsoft Corporation) [Startup Task]

Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10510.531.0_x64__8wekyb3d8bbwe [2023-06-11] (Microsoft Corporation)

Minecraft Education -> C:\Program Files\WindowsApps\Microsoft.MinecraftEducationEdition_1.20.1200.0_x64__8wekyb3d8bbwe [2023-08-11] (Microsoft Studios)

myHP -> C:\Program Files\WindowsApps\AD2F1837.myHP_25.52330.450.0_x64__v10z8vjag6ke6 [2023-08-13] (HP Inc.) [Startup Task]

OpenCL™ and OpenGL® Compatibility Pack -> C:\Program Files\WindowsApps\Microsoft.D3DMappingLayers_1.2302.1.0_x64__8wekyb3d8bbwe [2023-02-12] (Microsoft Corporation)

Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2022-03-29] (Adobe Systems Incorporated)

Scanner - Quick and Easy Document Scanning -> C:\Program Files\WindowsApps\9390SimonKnuth.ScannerforWindows10_3.2.5.0_x64__69n05hp4v3s90 [2023-07-20] (Simon Knuth)

Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.4.14.0_x64__kx24dqmazqk8j [2023-07-20] (Random Salad Games LLC)

Zoom Rooms -> C:\Program Files\WindowsApps\ZoomVideoCommunicationsIn.ZoomRooms_5.2.322.0_x86__r9fg4ykbbcwvc [2023-07-21] (Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-974111299-3066080161-2476872172-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)

CustomCLSID: HKU\S-1-5-21-974111299-3066080161-2476872172-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-10-08 04:24 - 2021-10-08 04:24 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll

2021-10-08 04:24 - 2021-10-08 04:24 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKLM -> {80AD2E13-CB3C-4C37-BA97-B0750ABBD19D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> {80AD2E13-CB3C-4C37-BA97-B0750ABBD19D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2023-07-25] (HP Inc. -> HP Inc.)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2023-07-25] (HP Inc. -> HP Inc.)

Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-06-05 07:08 - 2021-06-05 07:08 - 000000824 _____ C:\windows\system32\drivers\etc\hosts

2021-12-29 20:10 - 2021-12-29 20:15 - 000000435 _____ C:\windows\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-974111299-3066080161-2476872172-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg

DNS Servers: 66.94.188.223 - 66.94.188.222

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2E06D2BD-C24E-40E0-BFF2-AF625232D4CD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{5FAA2E39-01FF-4628-A02C-39D7A49E2ACE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.MinecraftEducationEdition_1.20.1200.0_x64__8wekyb3d8bbwe\Minecraft.Windows.exe (Microsoft Corporation -> )

FirewallRules: [{CE9B183B-408A-4C54-8E1D-5A1E205D6481}] => (Allow) C:\Program Files\WindowsApps\Microsoft.MinecraftEducationEdition_1.20.1200.0_x64__8wekyb3d8bbwe\Minecraft.Windows.exe (Microsoft Corporation -> )

FirewallRules: [{920E2990-7E19-4959-AA2D-096CFA000645}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{5A7A6BE7-BB10-41AD-B5C7-674DDCB38056}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23195.1513.2309.6740_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{284AAD16-7CFD-4FA7-8391-C50B0C6C909C}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23195.1513.2309.6740_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{E34D2BE7-DBCD-406A-A2E1-B81679EC1C52}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:57.41 GB) (Free:5.76 GB) (10%)

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:

==================

Error: (08/16/2023 02:14:15 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: ScreenClippingHost.exe, version: 421.22500.8500.0, time stamp: 0x641e1e03

Faulting module name: ucrtbase.dll, version: 10.0.22000.1, time stamp: 0x00e78ce9

Exception code: 0xc0000409

Fault offset: 0x000000000007c648

Faulting process id: 0x27ac

Faulting application start time: 0x01d9d075d81d4976

Faulting application path: C:\windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\ScreenClippingHost.exe

Faulting module path: C:\windows\System32\ucrtbase.dll

Report Id: ce83269c-8e86-433b-aad8-38b7c20a1a4f

Faulting package full name: MicrosoftWindows.Client.CBS_1000.22001.1000.0_x64__cw5n1h2txyewy

Faulting package-relative application ID: ScreenClipping

Error: (08/14/2023 07:46:11 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program explorer.exe version 10.0.22000.2003 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 18fc

Start Time: 01d9cde3a2f0c606

Termination Time: 60000

Application Path: C:\Windows\explorer.exe

Report Id: b9c89d21-563b-4b98-b5c3-e27307230a6f

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (08/13/2023 10:58:13 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn't complete defragmentation on Court-Custody BU Drive (D:) because: The dirty bit is set on this volume. (0x89000015)

Error: (08/13/2023 10:58:13 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn't complete defragmentation on (E:) because: Volumes cannot be optimized due to file system type not supported. (0x8900002F)

Error: (08/12/2023 12:37:18 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn't complete defragmentation on (E:) because: Volumes cannot be optimized due to file system type not supported. (0x8900002F)

Error: (08/06/2023 07:31:53 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: AcrobatNotificationClient.exe, version: 0.0.0.0, time stamp: 0x5b98af46

Faulting module name: combase.dll, version: 10.0.22000.1641, time stamp: 0xecc1b5c4

Exception code: 0xc000027b

Fault offset: 0x00211901

Faulting process id: 0x2278

Faulting application start time: 0x01d9c534d7dc0cf3

Faulting application path: C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe

Faulting module path: C:\windows\System32\combase.dll

Report Id: 8ae001a7-090f-48c0-b1ea-df7379558df3

Faulting package full name: ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r

Faulting package-relative application ID: App

Error: (07/27/2023 10:38:13 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: AcrobatNotificationClient.exe, version: 0.0.0.0, time stamp: 0x5b98af46

Faulting module name: combase.dll, version: 10.0.22000.1641, time stamp: 0xecc1b5c4

Exception code: 0xc000027b

Fault offset: 0x00211901

Faulting process id: 0x4cc

Faulting application start time: 0x01d9b9fa370185e9

Faulting application path: C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe

Faulting module path: C:\windows\System32\combase.dll

Report Id: 39204404-315a-4337-a19e-25d44dd12643

Faulting package full name: ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r

Faulting package-relative application ID: App

Error: (07/26/2023 09:40:19 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program LockApp.exe version 10.0.22000.1165 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 438

Start Time: 01d9b9fb96b01cdd

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe

Report Id: 61cd035f-fbda-4cc6-a0e6-60767355111f

Faulting package full name: Microsoft.LockApp_10.0.22000.1_neutral__cw5n1h2txyewy

Faulting package-relative application ID: WindowsDefaultLockScreen

Hang type: Navigation

System errors:

=============

Error: (08/17/2023 09:28:14 AM) (Source: Server) (EventID: 2505) (User: )

Description: The server could not bind to the transport \Device\NetBT_Tcpip_{DA06C8F6-9B90-48C8-896C-3B29E6FBCF4B} because another computer on the network has the same name. The server could not start.

Error: (08/17/2023 05:09:36 AM) (Source: DCOM) (EventID: 10010) (User: Casey)

Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (08/17/2023 05:09:35 AM) (Source: DCOM) (EventID: 10010) (User: Casey)

Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (08/17/2023 05:09:01 AM) (Source: Server) (EventID: 2505) (User: )

Error: (08/17/2023 05:06:51 AM) (Source: Server) (EventID: 2505) (User: )

Error: (08/16/2023 09:30:10 PM) (Source: Server) (EventID: 2505) (User: )

Error: (08/16/2023 06:38:56 PM) (Source: Server) (EventID: 2505) (User: )

Error: (08/16/2023 06:18:19 PM) (Source: Server) (EventID: 2505) (User: )

Windows Defender:

================

Date: 2023-08-16 14:33:57

Description:

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2023-08-14 05:31:46

Description:

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2023-08-13 07:40:29

Description:

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2023-08-10 07:06:51

Description:

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2023-07-02 09:31:48

Description:

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Event[0]

Date: 2023-06-17 12:49:03

Description:

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version:

Previous security intelligence Version: 1.391.1738.0

Update Source: Microsoft Update Server

Security intelligence Type: AntiVirus

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.23050.3

Error code: 0x80240438

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2023-06-16 14:39:09

Description:

Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.

Feature: On Access

Error Code: 0x80004005

Error description: Unspecified error

Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

Date: 2023-05-20 08:42:20

Description:

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version:

Previous security intelligence Version: 1.389.1706.0

Update Source: Microsoft Update Server

Security intelligence Type: AntiVirus

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.20300.3

Error code: 0x80070102

Error description: The wait operation timed out.

Date: 2023-05-20 08:42:20

Description:

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version:

Previous security intelligence Version: 1.389.1706.0

Update Source: Microsoft Update Server

Security intelligence Type: AntiVirus

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.20300.3

Error code: 0x80070102

Error description: The wait operation timed out.

Date: 2023-04-24 12:19:10

Description:

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version:

Previous security intelligence Version: 1.387.2093.0

Update Source: Microsoft Update Server

Security intelligence Type: AntiVirus

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.20200.4

Error code: 0x80070102

Error description: The wait operation timed out.

CodeIntegrity:

===============

Date: 2023-08-16 14:32:49

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-08-10 06:43:49

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-07-18 23:24:16

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-07-05 17:08:34

Description:

Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\fcon.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: AMI F.25 03/09/2022

Motherboard: HP 864D

Processor: Intel® Celeron® N4020 CPU @ 1.10GHz

Percentage of memory in use: 83%

Total physical RAM: 3912.01 MB

Available physical RAM: 653.49 MB

Total Virtual: 7824.02 MB

Available Virtual: 3294.34 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:57.41 GB) (Free:5.75 GB) (Model: Samsung CUTB42) NTFS

\\?\Volume{2bcd8da3-dec5-4505-8248-f1d12d81e5dc}\ (Windows RE tools) (Fixed) (Total:0.56 GB) (Free:0.06 GB) NTFS

\\?\Volume{38c9bfc5-4f11-4aac-9dfe-5945a6f7cc77}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================

Disk: 0 (Protective MBR) (Size: 58.2 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

#2
DR M

Posted 17 August 2023 - 12:57 PM

The Grecian Geek

Malware Removal
4,126 posts

Hello.

Welcome to GTG Forums.

FRST tool created 2 logs when you ran it. You posted only the Addition.txt. Please, also post the FRST.txt as well.

#3
Beloved9178

Posted 17 August 2023 - 01:34 PM

Member

Topic Starter
Member
15 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-08-2023 01

Ran by Cassandra Rabius (administrator) on CASEY (HP HP Laptop 14-dq0xxx) (17-08-2023 09:43:43)

Running from C:\Users\Cassandra Rabius\OneDrive\Desktop\FRST64.exe

Loaded Profiles: Cassandra Rabius

Platform: Microsoft Windows 11 Home Version 21H2 22000.2057 (X64) Language: English (United States)

Default browser: Edge

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.13900.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\msedgewebview2.exe <6>

(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe <2>

(DriverStore\FileRepository\cui_dch.inf_amd64_ba355e1f8cdccc52\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_ba355e1f8cdccc52\igfxEM.exe

(DriverStore\FileRepository\hpanalyticscomp.inf_amd64_5368297359c68ea4\x64\TouchpointAnalyticsClientService.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_5368297359c68ea4\x64\TouchpointGpuInfo.exe

(DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1b947ae46142bb62\x64\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1b947ae46142bb62\x64\BridgeCommunication.exe

(ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.20.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe

(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <12>

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler64.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\115.0.1901.203\identity_helper.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8>

(SECOMN64.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Sound Research, Corp.) C:\Windows\System32\SECOCL64.exe

(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_5368297359c68ea4\x64\TouchpointAnalyticsClientService.exe

(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1b947ae46142bb62\x64\AppHelperCap.exe

(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1b947ae46142bb62\x64\DiagsCap.exe

(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1b947ae46142bb62\x64\NetworkCap.exe

(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1b947ae46142bb62\x64\SysInfoCap.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_ba355e1f8cdccc52\igfxCUIService.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_2ca0a47853f51398\esif_uf.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a84f31b20764b965\OneApp.IGCC.WinService.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_fa6c5f4c225d2eae\IntelCpHDCPSvc.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_fa6c5f4c225d2eae\IntelCpHeciSvc.exe

(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe

(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MsMpEng.exe

(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\NisSrv.exe

(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe

(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9d48faf1e1edea3c\RtkAudUService64.exe <2>

(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe

(sihost.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> ) C:\Program Files\WindowsApps\AD2F1837.myHP_25.52330.450.0_x64__v10z8vjag6ke6\win32\DesktopExtension.exe

(svchost.exe ->) (Adobe Systems Incorporated -> ) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe

(svchost.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> ) C:\Program Files\WindowsApps\AD2F1837.myHP_25.52330.450.0_x64__v10z8vjag6ke6\HP.myHP.exe

(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe

(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21534.0_x64__8wekyb3d8bbwe\HxTsr.exe

(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Cassandra Rabius\AppData\Local\Microsoft\OneDrive\23.153.0724.0003\FileCoAuth.exe

(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.13900.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe

(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9d48faf1e1edea3c\RtkAudUService64.exe [3454904 2022-04-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)

HKU\S-1-5-21-974111299-3066080161-2476872172-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe [536624 2023-05-12] (HP Inc. -> HP Inc.)

HKU\S-1-5-21-974111299-3066080161-2476872172-1001\...\Run: [MicrosoftEdgeAutoLaunch_E0387654E8B6AB07DC2B4CA56C9F8317] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4088272 2023-08-10] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-974111299-3066080161-2476872172-1001\...\MountPoints2: {5bc80133-75e1-11ec-ad9d-346f249588e6} - "E:\windows\AutoRun.exe"

HKU\S-1-5-21-974111299-3066080161-2476872172-1001\...\MountPoints2: {d87899a2-6622-11ed-adbd-346f249588e6} - "D:\LaunchU3.exe" -a

HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\115.0.5790.173\Installer\chrmstp.exe [2023-08-16] (Google LLC -> Google LLC)

HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {E562DD07-11F0-4B79-A381-FBEB02743B60} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152 2023-04-03] (Adobe Inc. -> Adobe Inc.)

Task: {4149D30B-7F02-4BF0-BB09-6C5EE9EB3832} - System32\Tasks\GoogleUpdateTaskMachineCore{AC1BE0AE-B37D-48F3-ABEE-C5CAC42665FC} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-19] (Google LLC -> Google LLC)

Task: {C12960B7-16B1-4E8C-8B17-17D7C069E705} - System32\Tasks\GoogleUpdateTaskMachineUA{1A1CE60F-82D7-4D22-94D2-03261D5833DB} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-19] (Google LLC -> Google LLC)

Task: {1C64B289-08C5-40D2-B348-CA9AAB0DE1B4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [702512 2023-07-25] (HP Inc. -> HP Inc.)

Task: {F287E84A-3517-476F-B7F7-814500ADFE64} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2023-07-25] (HP Inc. -> HP Inc.)

Task: {671B345C-F4B4-4F34-8EE7-18EADFEDC921} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1145896 2023-07-25] (HP Inc. -> HP Inc.)

Task: {7B813705-24A3-4516-9578-822EC50ABCB2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1145896 2023-07-25] (HP Inc. -> HP Inc.)

Task: {A752C918-8A29-49DC-8539-FE6C9B3F4B5F} - System32\Tasks\Hewlett-Packard\HP Web Products Detection => C:\Program Files (x86)\HP\HP Support Framework\Modules\HPWPD.exe [310824 2023-07-25] (HP Inc. -> HP Inc.)

Task: {BC04497A-1BE7-41EB-90A4-B1F269082798} - System32\Tasks\Hewlett-Packard\HPDeviceCheck => C:\Program Files (x86)\HP\HP Support Framework\Modules\HPDeviceCheck\HPDeviceCheck.exe [316456 2023-07-25] (HP Inc. -> )

Task: {EB141A5C-CE31-439F-98DB-C3876A5F88DE} - System32\Tasks\HP\Consent Manager Launcher => C:\windows\system32\sc.exe [94208 2021-06-05] (Microsoft Windows -> Microsoft Corporation) -> start hptouchpointanalyticsservice

Task: {91F0682F-A00D-4799-88F8-5A43985DDAB9} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26656848 2023-08-04] (Microsoft Corporation -> Microsoft Corporation)

Task: {A8FB6984-989C-4B94-8F12-BEB045907BB1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26656848 2023-08-04] (Microsoft Corporation -> Microsoft Corporation)

Task: {3B891E40-94D0-4DED-89CD-84670A2F703D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158872 2023-08-11] (Microsoft Corporation -> Microsoft Corporation)

Task: {77683ADC-B480-440D-9A94-0B02781C6121} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158872 2023-08-11] (Microsoft Corporation -> Microsoft Corporation)

Task: {5360D318-56FA-482F-B3FE-3349A56AAC31} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-08-02] (Microsoft Corporation -> Microsoft Corporation)

Task: {82D4722F-6778-4A59-8A89-18781E55CE2D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-11] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {D4607F68-0320-4CB9-8179-75C943FDDDFA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-11] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {5EB34C91-9C04-4642-BE4C-871DB410E581} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-11] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {79CF1AEC-1EA0-4BEA-9412-CCC83732F19A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-11] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 66.94.188.223 66.94.188.222 66.94.188.224

Tcpip\..\Interfaces\{da06c8f6-9b90-48c8-896c-3b29e6fbcf4b}: [DhcpNameServer] 66.94.188.223 66.94.188.222 66.94.188.224

Edge:

=======

Edge DefaultProfile: Default

Edge Profile: C:\Users\Cassandra Rabius\AppData\Local\Microsoft\Edge\User Data\Default [2023-08-17]

Edge Notifications: Default -> hxxps://meet.google.com; hxxps://thoalinthal.co.in

Edge Extension: (Edge relevant text changes) - C:\Users\Cassandra Rabius\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-08-08]

FireFox:

========

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-08-01] (Adobe Inc. -> Adobe Systems Inc.)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-08-02] (Microsoft Corporation -> Microsoft Corporation)

Chrome:

=======

CHR DefaultProfile: Default

CHR Profile: C:\Users\Cassandra Rabius\AppData\Local\Google\Chrome\User Data\Default [2023-08-17]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Cassandra Rabius\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-02-19]

CHR Profile: C:\Users\Cassandra Rabius\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-05-12]

CHR Profile: C:\Users\Cassandra Rabius\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-08-06]

CHR Extension: (Google Docs Offline) - C:\Users\Cassandra Rabius\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-04-09]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Cassandra Rabius\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-02-21]

CHR Profile: C:\Users\Cassandra Rabius\AppData\Local\Google\Chrome\User Data\System Profile [2023-05-27]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11878368 2023-08-04] (Microsoft Corporation -> Microsoft Corporation)

R2 HPAppHelperCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1b947ae46142bb62\x64\AppHelperCap.exe [888216 2023-06-22] (HP Inc. -> HP Inc.)

R2 HPDiagsCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1b947ae46142bb62\x64\DiagsCap.exe [887192 2023-06-22] (HP Inc. -> HP Inc.)

R2 HPNetworkCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1b947ae46142bb62\x64\NetworkCap.exe [883088 2023-06-22] (HP Inc. -> HP Inc.)

R2 HPSysInfoCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1b947ae46142bb62\x64\SysInfoCap.exe [887696 2023-06-22] (HP Inc. -> HP Inc.)

R2 HpTouchpointAnalyticsService; C:\windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_5368297359c68ea4\x64\TouchpointAnalyticsClientService.exe [497792 2023-06-15] (HP Inc. -> HP Inc.)

S3 mcafeeintegrationservice; C:\windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_00b9115bff2bd36c\mcafeeintegrationservice.exe [3992560 2020-10-28] (McAfee, LLC -> McAfee)

R2 SECOMNService; C:\windows\System32\SECOMN64.exe [743400 2022-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Sound Research, Corp.)

R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\NisSrv.exe [3104488 2023-08-11] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MsMpEng.exe [133576 2023-08-11] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AmUStor; C:\windows\system32\drivers\AmUStorU.sys [135296 2020-12-01] (Alcorlink Corp. -> )

S3 AppleLowerFilter; C:\windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)

S3 BthA2dp; C:\windows\System32\drivers\BthA2dp.sys [507904 2021-11-18] (Microsoft Corporation) [File not signed]

S3 BthHFEnum; C:\windows\System32\drivers\bthhfenum.sys [180224 2021-06-05] (Microsoft Corporation) [File not signed]

S3 BTHMODEM; C:\windows\System32\drivers\bthmodem.sys [98304 2021-06-05] (Microsoft Corporation) [File not signed]

S3 dg_ssudbus; C:\windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)

S3 GSCAuxDriver; C:\windows\System32\DriverStore\FileRepository\gscauxdriver.inf_amd64_47dea9773e9dfab7\GSCAuxDriverx64.sys [78904 2021-07-13] (Intel Corporation -> Intel Corporation)

S3 GSCx64; C:\windows\System32\DriverStore\FileRepository\gscheci.inf_amd64_1027aa064fe1f3f7\TeeDriverGSCW8x64.sys [258112 2021-07-13] (Intel Corporation -> Intel Corporation)

R3 HPCustomCapDriver; C:\windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-16] (HP Inc. -> HP Inc.)

R3 McAfeeIntegrationDriver; C:\windows\System32\drivers\McAfeeIntegrationDriver.sys [49680 2020-10-28] (McAfee, LLC -> McAfee)

S3 rtux64w10; C:\windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_a39ece60dbc76c55\rtux64w10.sys [683520 2021-06-05] (Microsoft Windows -> Realtek Corporation)

S3 ssudmdm; C:\windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)

S0 WdBoot; C:\windows\System32\drivers\wd\WdBoot.sys [55704 2023-08-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [103656 2021-06-05] (Microsoft Windows -> Microsoft Corporation)

R0 WdFilter; C:\windows\System32\drivers\wd\WdFilter.sys [572656 2023-08-11] (Microsoft Windows -> Microsoft Corporation)

R3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [104688 2023-08-11] (Microsoft Windows -> Microsoft Corporation)

R3 WirelessButtonDriver64; C:\windows\System32\drivers\WirelessButtonDriver64.sys [40104 2022-06-17] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-08-17 09:42 - 2023-08-17 09:44 - 000000000 ____D C:\FRST

2023-08-17 09:34 - 2023-08-17 09:34 - 000000000 ___HD C:\$WinREAgent

2023-08-11 16:11 - 2023-08-14 19:24 - 000000000 ____D C:\windows\system32\Tasks\NCH Software

2023-08-11 16:11 - 2023-08-11 16:12 - 000000000 ____D C:\Users\Cassandra Rabius\AppData\Roaming\NCH Software

2023-08-11 16:11 - 2023-08-11 16:11 - 002844328 _____ (NCH Software) C:\Users\Cassandra Rabius\Downloads\WavePadAudioEditingSoftware.exe

2023-08-11 16:11 - 2023-08-11 16:11 - 000002112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk

2023-08-11 16:11 - 2023-08-11 16:11 - 000001348 _____ C:\Users\Public\Desktop\NCH Suite.lnk

2023-08-11 16:11 - 2023-08-11 16:11 - 000001332 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk

2023-08-11 16:11 - 2023-08-11 16:11 - 000001320 _____ C:\Users\Public\Desktop\WavePad Sound Editor.lnk

2023-08-11 16:11 - 2023-08-11 16:11 - 000000000 ____D C:\Users\Cassandra Rabius\NCH Software Suite

2023-08-11 16:11 - 2023-08-11 16:11 - 000000000 ____D C:\ProgramData\NCH Software

2023-08-11 16:11 - 2023-08-11 16:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite

2023-08-11 16:11 - 2023-08-11 16:11 - 000000000 ____D C:\Program Files (x86)\NCH Software

2023-08-11 16:10 - 2023-08-11 16:10 - 002844328 _____ (NCH Software) C:\Users\Cassandra Rabius\Downloads\wpsetup.exe

2023-07-21 08:04 - 2023-07-21 08:04 - 000000000 ____D C:\Users\Cassandra Rabius\OneDrive\Documents\New folder

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-08-17 09:44 - 2021-06-05 07:10 - 000000000 ____D C:\windows\SystemTemp

2023-08-17 09:44 - 2021-06-05 07:01 - 000000000 ____D C:\windows\CbsTemp

2023-08-17 09:32 - 2022-05-07 01:53 - 000000000 ___HD C:\$WINDOWS.~BT

2023-08-17 09:31 - 2021-06-25 13:15 - 000854410 _____ C:\windows\system32\PerfStringBackup.INI

2023-08-17 09:31 - 2021-06-05 07:09 - 000000000 ____D C:\windows\INF

2023-08-17 09:29 - 2022-02-19 21:23 - 000000000 ____D C:\Program Files (x86)\Google

2023-08-17 09:29 - 2021-12-29 19:15 - 000000000 ___RD C:\Users\Cassandra Rabius\OneDrive

2023-08-17 09:28 - 2021-12-29 19:12 - 000000000 __SHD C:\Users\Cassandra Rabius\IntelGraphicsProfiles

2023-08-17 05:07 - 2021-06-05 07:10 - 000000000 ___HD C:\Program Files\WindowsApps

2023-08-17 05:07 - 2021-06-05 07:10 - 000000000 ____D C:\windows\AppReadiness

2023-08-16 21:44 - 2021-06-05 07:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2023-08-16 21:43 - 2021-11-18 17:16 - 000000000 ____D C:\Intel

2023-08-16 21:43 - 2021-06-25 13:10 - 000012288 ___SH C:\DumpStack.log.tmp

2023-08-16 21:43 - 2021-06-25 13:10 - 000000006 ____H C:\windows\Tasks\SA.DAT

2023-08-16 21:43 - 2021-06-05 07:10 - 000000000 ____D C:\windows\ServiceState

2023-08-16 21:42 - 2021-12-29 19:19 - 000000000 ____D C:\Users\Cassandra Rabius\AppData\Roaming\Microsoft\Word

2023-08-16 21:42 - 2021-06-05 07:01 - 000786432 _____ C:\windows\system32\config\BBI

2023-08-16 19:57 - 2021-06-25 13:10 - 000000000 ____D C:\windows\system32\SleepStudy

2023-08-16 19:49 - 2021-12-29 19:08 - 000000000 ____D C:\Users\Cassandra Rabius\AppData\Local\Packages

2023-08-16 16:12 - 2021-12-30 21:02 - 000000000 ____D C:\Users\Cassandra Rabius\AppData\Roaming\Microsoft\Excel

2023-08-16 15:58 - 2022-02-19 21:25 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2023-08-16 15:58 - 2022-02-19 21:25 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2023-08-16 00:57 - 2021-12-29 19:19 - 000000000 ____D C:\Users\Cassandra Rabius\AppData\Roaming\Microsoft\Office

2023-08-15 20:02 - 2021-12-29 19:12 - 000000000 ____D C:\Users\Cassandra Rabius\AppData\Local\D3DSCache

2023-08-15 18:47 - 2021-06-25 14:03 - 000000000 ____D C:\windows\Panther

2023-08-14 18:22 - 2021-06-05 07:10 - 000000000 ____D C:\windows\LiveKernelReports

2023-08-13 07:43 - 2021-10-08 04:21 - 000000000 ____D C:\Program Files (x86)\HP

2023-08-13 07:42 - 2021-10-08 04:23 - 000000000 ____D C:\Program Files\Microsoft Office

2023-08-11 22:03 - 2021-12-29 19:15 - 000003588 _____ C:\windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-974111299-3066080161-2476872172-1001

2023-08-11 22:03 - 2021-12-29 19:15 - 000003380 _____ C:\windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-974111299-3066080161-2476872172-1001

2023-08-11 22:03 - 2021-12-29 19:15 - 000002419 _____ C:\Users\Cassandra Rabius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2023-08-11 17:57 - 2021-06-25 13:10 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2023-08-11 17:57 - 2021-06-25 13:10 - 000002285 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk

2023-08-11 16:11 - 2021-12-29 19:08 - 000000000 ____D C:\Users\Cassandra Rabius

2023-08-11 08:43 - 2021-12-31 23:53 - 000000000 ____D C:\windows\system32\MRT

2023-08-11 08:27 - 2021-12-31 23:53 - 175983240 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe

2023-08-11 08:03 - 2021-06-25 13:10 - 000000000 ____D C:\windows\system32\Drivers\wd

2023-08-10 06:51 - 2022-03-29 08:27 - 000004562 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task

2023-08-10 06:50 - 2022-10-19 20:35 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk

2023-08-10 06:50 - 2022-10-19 20:35 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk

2023-08-02 07:55 - 2022-02-19 21:23 - 000003790 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA{1A1CE60F-82D7-4D22-94D2-03261D5833DB}

2023-08-02 07:55 - 2022-02-19 21:23 - 000003666 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineCore{AC1BE0AE-B37D-48F3-ABEE-C5CAC42665FC}

2023-07-27 10:38 - 2021-12-29 21:16 - 000918960 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

#4
DR M

Posted 18 August 2023 - 04:14 AM

The Grecian Geek

Malware Removal
4,126 posts

Hello.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

=====================

I reviewed your logs, and I didn't notice any sign of an active infection. It needs some maintenance, and we will make some checks to confirm that.

1. Uninstall McAfee® Personal Security

Go to Settings (press the Windows logo key on the keyboard + letter i)
Apps > Installed apps
Find McAfee® Personal Security, click on the 3 dots beside it and select Uninstall
Follow prompts to uninstall the app
Restart the computer

2. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-974111299-3066080161-2476872172-1001\...\MountPoints2: {5bc80133-75e1-11ec-ad9d-346f249588e6} - "E:\windows\AutoRun.exe" 
S3 mcafeeintegrationservice; C:\windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_00b9115bff2bd36c\mcafeeintegrationservice.exe [3992560 2020-10-28] (McAfee, LLC -> McAfee)
R3 McAfeeIntegrationDriver; C:\windows\System32\drivers\McAfeeIntegrationDriver.sys [49680 2020-10-28] (McAfee, LLC -> McAfee)
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
C:\windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_00b9115bff2bd36c\mcafeeintegrationservice.exe 
C:\windows\System32\drivers\McAfeeIntegrationDriver.sys 
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::

Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
Press the Fix button once and wait.
FRST will process fixlist.txt
When finished, it will produce a log fixlog.txt on your Desktop.
Post the log in your next reply.

3. Eset Online Scan

Download ESET Online Scanner and save it to your desktop.

Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
When the tool opens, click Get Started.
Read and accept the license agreement.
At the Welcome to ESET Online Scanner window, click Get Started.
Select whether you would like to send anonymous data to ESET.
Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
Click on the Full Scan option.
Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
ESET will now begin scanning your computer. This may take some time.
When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

In your next reply please post:

If you successfully uninstalled McAfee
The fixlog.txt
The eset.txt

#5
Beloved9178

Posted 18 August 2023 - 09:51 AM

Member

Topic Starter
Member
15 posts

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-08-2023 01

Ran by Cassandra Rabius (18-08-2023 07:22:35) Run:1

Running from C:\Users\Cassandra Rabius\OneDrive\Desktop

Loaded Profiles: Cassandra Rabius

Boot Mode: Normal

==============================================

fixlist content:

*****************

Start::

SystemRestore: On

CreateRestorePoint:

CloseProcesses:

HKU\S-1-5-21-974111299-3066080161-2476872172-1001\...\MountPoints2: {5bc80133-75e1-11ec-ad9d-346f249588e6} - "E:\windows\AutoRun.exe"

R3 McAfeeIntegrationDriver; C:\windows\System32\drivers\McAfeeIntegrationDriver.sys [49680 2020-10-28] (McAfee, LLC -> McAfee)

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

C:\windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_00b9115bff2bd36c\mcafeeintegrationservice.exe

C:\windows\System32\drivers\McAfeeIntegrationDriver.sys

CMD: DISM /Online /Cleanup-Image /RestoreHealth

CMD: SFC /scannow

EmptyTemp:

End::

*****************

SystemRestore: On => Error -> 5.57 GB

Error: (0) Failed to create a restore point.

Processes closed successfully.

HKU\S-1-5-21-974111299-3066080161-2476872172-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5bc80133-75e1-11ec-ad9d-346f249588e6} => removed successfully

HKLM\System\CurrentControlSet\Services\mcafeeintegrationservice => removed successfully

mcafeeintegrationservice => service removed successfully

McAfeeIntegrationDriver => Unable to stop service.

"HKLM\System\CurrentControlSet\Services\McAfeeIntegrationDriver" => removed successfully

McAfeeIntegrationDriver => service removed successfully

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully

C:\windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_00b9115bff2bd36c\mcafeeintegrationservice.exe => moved successfully

C:\windows\System32\drivers\McAfeeIntegrationDriver.sys => moved successfully

========= DISM /Online /Cleanup-Image /RestoreHealth =========

Deployment Image Servicing and Management tool

Version: 10.0.22000.653

Image Version: 10.0.22000.2057

[== 3.8% ]

[== 3.9% ]

[== 4.7% ]

[== 4.8% ]

[== 5.1% ]

[=== 5.4% ]

[=== 5.8% ]

[=== 6.3% ]

[==== 7.3% ]

[==== 8.3% ]

[==== 8.4% ]

[===== 8.9% ]

[===== 9.9% ]

[====== 10.9% ]

[====== 11.8% ]

[======= 12.8% ]

[======= 13.4% ]

[======== 14.0% ]

[======== 14.8% ]

[========= 15.5% ]

[========= 15.9% ]

[========= 16.5% ]

[========= 16.7% ]

[========= 17.1% ]

[========== 17.4% ]

[========== 17.7% ]

[========== 17.8% ]

[========== 17.9% ]

[========== 18.0% ]

[========== 18.5% ]

[=========== 19.2% ]

[=========== 20.2% ]

[============ 21.1% ]

[============ 22.0% ]

[============= 22.6% ]

[============= 23.6% ]

[============== 24.2% ]

[============== 24.4% ]

[============== 24.5% ]

[============== 24.7% ]

[============== 25.7% ]

[=============== 26.6% ]

[================ 27.6% ]

[================ 28.6% ]

[================= 29.4% ]

[================= 29.6% ]

[================= 29.8% ]

[================= 30.2% ]

[================= 30.6% ]

[================== 31.2% ]

[================== 31.5% ]

[================== 31.8% ]

[================== 32.2% ]

[================== 32.3% ]

[=================== 32.9% ]

[=================== 33.4% ]

[=================== 33.9% ]

[==================== 34.6% ]

[==================== 34.8% ]

[==================== 35.0% ]

[==================== 35.2% ]

[==================== 35.4% ]

[==================== 35.6% ]

[==================== 35.7% ]

[==================== 35.8% ]

[==================== 36.0% ]

[===================== 36.2% ]

[===================== 36.3% ]

[===================== 36.6% ]

[===================== 36.7% ]

[===================== 36.8% ]

[===================== 36.9% ]

[===================== 37.1% ]

[===================== 37.4% ]

[===================== 37.6% ]

[===================== 37.7% ]

[====================== 38.1% ]

[====================== 38.5% ]

[====================== 38.9% ]

[====================== 39.3% ]

[====================== 39.5% ]

[======================= 40.5% ]

[======================= 40.7% ]

[======================= 40.9% ]

[======================= 41.1% ]

[======================= 41.2% ]

[======================= 41.3% ]

[======================= 41.4% ]

[======================== 41.4% ]

[======================== 41.7% ]

[======================== 41.8% ]

[======================== 41.9% ]

[======================== 42.5% ]

[======================== 42.7% ]

[======================== 43.0% ]

[========================= 43.3% ]

[========================= 43.5% ]

[========================= 43.8% ]

[========================= 44.4% ]

[========================== 44.9% ]

[========================== 45.1% ]

[========================== 45.4% ]

[========================== 45.9% ]

[===========================46.6% ]

[===========================46.9% ]

[===========================47.2% ]

[===========================47.5% ]

[===========================47.6% ]

[===========================48.6% ]

[===========================49.6% ]

[===========================50.6% ]

[===========================51.5% ]

[===========================52.2% ]

[===========================52.8% ]

[===========================52.9% ]

[===========================53.0% ]

[===========================53.1% ]

[===========================53.2% ]

[===========================53.3% ]

[===========================53.4% ]

[===========================53.5% ]

[===========================53.6% ]

[===========================53.7% ]

[===========================53.8% ]

[===========================53.9% ]

[===========================54.0% ]

[===========================54.1% ]

[===========================54.2% ]

[===========================54.3% ]

[===========================54.4% ]

[===========================54.6% ]

[===========================54.7% ]

[===========================55.2% ]

[===========================55.3% ]

[===========================55.7% ]

[===========================56.0% ]

[===========================57.0%= ]

[===========================58.0%= ]

[===========================58.9%== ]

[===========================59.9%== ]

[===========================62.3%==== ]

[===========================84.9%================= ]

[===========================88.7%=================== ]

[===========================92.5%===================== ]

[==========================100.0%==========================]

The restore operation completed successfully.

The operation completed successfully.

========= End of CMD: =========

========= SFC /scannow =========

Beginning system scan. This process will take some time.

There is a system repair pending which requires reboot to complete. Restart

Windows and run sfc again.

========= End of CMD: =========

=========== EmptyTemp: ==========

FlushDNS => completed

BITS transfer queue => 1310720 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 79037433 B

Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 12240 B

Windows/system/drivers => 14555730 B

Edge => 0 B

Chrome => 742767115 B

Firefox => 0 B

Opera => 0 B

Temp, IE cache, history, cookies, recent:

Default => 0 B

ProgramData => 0 B

Public => 0 B

systemprofile => 0 B

systemprofile32 => 0 B

LocalService => 2026 B

NetworkService => 10292506 B

Cassandra Rabius => 407512473 B

RecycleBin => 0 B

EmptyTemp: => 1.2 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 07:30:44 ====

There were no viruses or infections found by the eset program so no log is available.

#6
DR M

Posted 18 August 2023 - 09:58 AM

The Grecian Geek

Malware Removal
4,126 posts

Thanks.

Have you uninstalled McAfee?

If yes, restart the computer and then do the following:

Click on the Start button and in the search box, type Command Prompt
When you see Command Prompt on the list, right-click on it and select Run as administrator
Enter the command below and press on Enter;

sfc /scannow

Let the scan finish. It will take some time.

You will normally get one of the following results:

Windows Resource Protection did not find any integrity violations
Windows Resource Protection found corrupt files and successfully repaired them
Windows Resource Protection found corrupt files but was unable to fix some of them
Windows Resource Protection could not perform the requested operation

Please post the result you got (a screenshot).

#7
Beloved9178

Posted 18 August 2023 - 10:24 AM

Member

Topic Starter
Member
15 posts

Yes I uninstalled McAfee from the program manager when you asked me to.

This is the report from the scan.

Windows Resource Protection did not find any integrity violations.

#8
DR M

Posted 18 August 2023 - 10:26 AM

The Grecian Geek

Malware Removal
4,126 posts

Good.

Another check:

Check disk

Click on the Start button and in the search box, type Command Prompt.
When you see Command Prompt on the list, right-click on it and select Run as administrator.
Enter the command below and press on Enter and wait for it to finish (~15 minutes).
```
   chkdsk C: /r
```
You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer. Choose Yes, and then restart the computer, allowing disk check to run at startup.
The process will take some time, depending on the disk condition.
Download ListChkdskResult by SleepyDude and save it on your Desktop.
Double click on the created icon.
A notepad file will open. Copy its content and paste it in your next reply.

#9
Beloved9178

Posted 18 August 2023 - 10:57 AM

Member

Topic Starter
Member
15 posts

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 8/18/2023 11:57:00 AM >------

Category: 0

Computer Name: Casey

Event Code: 1001

Record Number: 53557

Source Name: Microsoft-Windows-Wininit

Time Written: 08-18-2023 @ 16:53:51

Event Type: Information

User:

Message:

Checking file system on C:

The type of the file system is NTFS.

Volume label is Windows.

A disk check has been scheduled.

Windows will now check the disk.

Stage 1: Examining basic file system structure ...

589568 file records processed.

File verification completed.

Phase duration (File record verification): 15.56 seconds.

26002 large file records processed.

Phase duration (Orphan file record recovery): 15.35 milliseconds.

0 bad file records processed.

Phase duration (Bad file record checking): 1.53 milliseconds.

Stage 2: Examining file name linkage ...

48414 reparse records processed.

801706 index entries processed.

Index verification completed.

Phase duration (Index verification): 32.53 seconds.

0 unindexed files scanned.

Phase duration (Orphan reconnection): 1.68 seconds.

0 unindexed files recovered to lost and found.

Phase duration (Orphan recovery to lost and found): 3.49 seconds.

48414 reparse records processed.

Phase duration (Reparse point and Object ID verification): 205.50 milliseconds.

Stage 3: Examining security descriptors ...

Cleaning up 361 unused index entries from index $SII of file 0x9.

Cleaning up 361 unused index entries from index $SDH of file 0x9.

Cleaning up 361 unused security descriptors.

Security descriptor verification completed.

Phase duration (Security descriptor verification): 105.45 milliseconds.

106070 data files processed.

Phase duration (Data attribute verification): 1.77 milliseconds.

CHKDSK is verifying Usn Journal...

37839376 USN bytes processed.

Usn Journal verification completed.

Phase duration (USN journal verification): 418.32 milliseconds.

Stage 4: Looking for bad clusters in user file data ...

589552 files processed.

File data verification completed.

Phase duration (User file recovery): 11.41 minutes.

Stage 5: Looking for bad, free clusters ...

2540560 free clusters processed.

Free space verification is complete.

Phase duration (Free space recovery): 1.94 seconds.

Windows has scanned the file system and found no problems.

No further action is required.

60195839 KB total disk space.

49101364 KB in 279738 files.

234124 KB in 106071 indexes.

0 KB in bad sectors.

698111 KB in use by the system.

56624 KB occupied by the log file.

10162240 KB available on disk.

4096 bytes in each allocation unit.

15048959 total allocation units on disk.

2540560 allocation units available on disk.

Total duration: 12.35 minutes (741209 ms).

Internal Info:

00 ff 08 00 0d e3 05 00 c0 22 0a 00 00 00 00 00 ........."......

99 00 00 00 85 bc 00 00 00 00 00 00 00 00 00 00 ................

-----------------------------------------------------------------------

Category: 0

Computer Name: Casey

Event Code: 26226

Record Number: 46584

Source Name: Chkdsk

Time Written: 06-11-2023 @ 14:18:38

Event Type: Information

User:

Message: Chkdsk was executed in scan mode on a volume snapshot.

Checking file system on \Device\HarddiskVolume6

Volume label is Court-Custody BU Drive.

Stage 1: Examining basic file system structure ...

66816 file records processed.

File verification completed.

Phase duration (File record verification): 17.10 seconds.

125 large file records processed.

Phase duration (Orphan file record recovery): 48.05 milliseconds.

0 bad file records processed.

Phase duration (Bad file record checking): 0.03 milliseconds.

Stage 2: Examining file name linkage ...

Found an unneeded link ($OBJECT_ID: {45cbc25e-18bf-11eb-8c2b645a046ac9d6}

) in index "$O" of directory "\$Extend\$ObjId <0x1,0x19>"

... queued for offline repair.

6266 reparse records processed.

71204 index entries processed.

Index verification completed.

Phase duration (Index verification): 1.06 minutes.

Phase duration (Orphan reconnection): 123.41 milliseconds.

Found lost file "\Dad, Bonnie, Jan & Amanda - Estranged & Opposing family members of Cassandra\David Rabius, Sr & Bonnie Vasbinder\Narrative of David Rabius, Sr..docx <0x2,0x10129>"; requesting reconnection to index "$O" of directory "\$Extend\$ObjId <0x1,0x19>"

... queued for offline repair.

Phase duration (Orphan recovery to lost and found): 76.81 milliseconds.

6266 reparse records processed.

Phase duration (Reparse point and Object ID verification): 1.16 seconds.

Stage 3: Examining security descriptors ...

Found corrupt security descriptor entry at offset 0x3c60 in \$Secure <0,0x9>:$SDS

... queued for offline repair.

Found corrupt security descriptor entry at offset 0x3d40 in \$Secure <0,0x9>:$SDS

... queued for offline repair.

Found corrupt security descriptor entry at offset 0x3e00 in \$Secure <0,0x9>:$SDS

... queued for offline repair.

Found corrupt security descriptor entry at offset 0x3e80 in \$Secure <0,0x9>:$SDS

... queued for offline repair.

Found corrupt security descriptor entry at offset 0 in \$Secure <0,0x9>:$SDS

... queued for offline repair.

Security ID 0x150 is non-existent and unused

... queued for offline repair.

Security ID 0x151 is non-existent and unused

... queued for offline repair.

Security descriptor verification completed.

Phase duration (Security descriptor verification): 535.83 milliseconds.

2194 data files processed.

Phase duration (Data attribute verification): 713.00 milliseconds.

Windows has found problems that must be fixed offline.

Please run "chkdsk /spotfix" to fix the issues.

976727039 KB total disk space.

655594968 KB in 64259 files.

32704 KB in 2196 indexes.

162595 KB in use by the system.

65536 KB occupied by the log file.

320936772 KB available on disk.

4096 bytes in each allocation unit.

244181759 total allocation units on disk.

80234193 allocation units available on disk.

Total duration: 1.39 minutes (83494 ms).

----------------------------------------------------------------------

Stage 1: Examining basic file system structure ...

Stage 2: Examining file name linkage ...

Multiple object id index entries in file 0x19

point to the same file 0x9dd1.

Deleting an index entry from index $O of file 19.

The object id in file 0x10129 does not appear in the object

id index in file 0x19.

Inserting an index entry into index $O of file 19.

Stage 3: Examining security descriptors ...

The security Id 0x150 of security descriptor entry at offset 0x3e00

is a duplicate.

The security Id 0x151 of security descriptor entry at offset 0x3e80

is a duplicate.

Repairing an index entry with id 150 in index $SII of file 9.

Repairing an index entry with id 151 in index $SII of file 9.

Inserting an index entry with Id 150 into index $SDH of file 9.

Inserting an index entry with Id 151 into index $SDH of file 9.

Repairing the security file record segment.

Deleting an index entry with Id 150 from index $SDH of file 9.

Deleting an index entry with Id 151 from index $SDH of file 9.

-----------------------------------------------------------------------

Category: 0

Computer Name: Casey

Event Code: 1001

Record Number: 45805

Source Name: Microsoft-Windows-Wininit

Time Written: 05-08-2023 @ 01:12:16

Event Type: Information

User:

Message:

Checking file system on C:

The type of the file system is NTFS.

Volume label is Windows.

One of your disks needs to be checked for consistency. You

may cancel the disk check, but it is strongly recommended

that you continue.

Windows will now check the disk.

Stage 1: Examining basic file system structure ...

589568 file records processed.

File verification completed.

Phase duration (File record verification): 15.09 seconds.

24223 large file records processed.

Phase duration (Orphan file record recovery): 14.64 milliseconds.

0 bad file records processed.

Phase duration (Bad file record checking): 1.55 milliseconds.

Stage 2: Examining file name linkage ...

48006 reparse records processed.

783648 index entries processed.

Index verification completed.

Phase duration (Index verification): 36.84 seconds.

0 unindexed files scanned.

Phase duration (Orphan reconnection): 1.40 seconds.

0 unindexed files recovered to lost and found.

Phase duration (Orphan recovery to lost and found): 8.44 seconds.

48006 reparse records processed.

Phase duration (Reparse point and Object ID verification): 202.95 milliseconds.

Stage 3: Examining security descriptors ...

Cleaning up 2126 unused index entries from index $SII of file 0x9.

Cleaning up 2126 unused index entries from index $SDH of file 0x9.

Cleaning up 2126 unused security descriptors.

Security descriptor verification completed.

Phase duration (Security descriptor verification): 109.17 milliseconds.

97041 data files processed.

Phase duration (Data attribute verification): 1.76 milliseconds.

CHKDSK is verifying Usn Journal...

34028608 USN bytes processed.

Usn Journal verification completed.

Phase duration (USN journal verification): 422.98 milliseconds.

Windows has scanned the file system and found no problems.

No further action is required.

60195839 KB total disk space.

49015700 KB in 265216 files.

218612 KB in 97042 indexes.

0 KB in bad sectors.

693319 KB in use by the system.

56624 KB occupied by the log file.

10268208 KB available on disk.

4096 bytes in each allocation unit.

15048959 total allocation units on disk.

2567052 allocation units available on disk.

Total duration: 1.04 minutes (62666 ms).

Internal Info:

00 ff 08 00 10 87 05 00 a5 87 09 00 00 00 00 00 ................

88 00 00 00 fe ba 00 00 00 00 00 00 00 00 00 00 ................

-----------------------------------------------------------------------

#10
DR M

Posted 18 August 2023 - 11:01 AM

The Grecian Geek

Malware Removal
4,126 posts

No problem with the disk either.

Now, I would like you to give me feedback. What issues are you experiencing right now? Are you dealing with the issues you posted in your initial post?

In addition, please give me fresh FRST logs, Addition and FRST.

#11
Beloved9178

Posted 18 August 2023 - 11:22 AM

Member

Topic Starter
Member
15 posts

It's still having issues with being slow but the keyboard and popup issues have ceased.

The USB disk still is not working properly but I guess that could be a hardware issue but not sure.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-08-2023 01

Ran by Cassandra Rabius (administrator) on CASEY (HP HP Laptop 14-dq0xxx) (18-08-2023 12:11:59)

Running from C:\Users\Cassandra Rabius\OneDrive\Desktop\FRST64.exe

Loaded Profiles: Cassandra Rabius

Platform: Microsoft Windows 11 Home Version 21H2 22000.2295 (X64) Language: English (United States)

Default browser: Edge

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.31.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe

(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <9>

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler64.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\115.0.1901.203\identity_helper.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <6>