Computer At Work Is Painfully Slow

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by douglaswlee, May 26, 2023.

  1. douglaswlee

    douglaswlee Private E-2

    I ran through the read me first thread and followed the directions. I do not use this computer often, but yesterday was painfully slow. I am attaching the files here. Thank you for your help!
     

    Attached Files:

    douglaswlee, May 26, 2023
    #1
  2. Oh My!

    Oh My! Malware Expert Staff Member

    Greetings and welcome to the MajorGeeks Malware Forum.

    While I review what you have posted please do this.

    ===================================================

    Farbar Recovery Scan Tool (FRST)

    --------------------
    • Download Farbar Recover Scan Tool for 64 bit systems and save it to your Desktop. <<< Important
    • If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
    • Right click on the icon and select Run as administrator
    • Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
    • Click Yes to the disclaimer
    • Click Scan and allow the program to run
    • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
    • 2 Notepad documents should now be open on your desktop.
    • Please copy and paste the contents of each report in separate reply windows
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

    • FRST.txt
    • Addition.txt
     
    Oh My!, May 27, 2023
    #2
  3. douglaswlee

    douglaswlee Private E-2

    Thanks, I get on top of this soon. I am not getting notices about replies to my posts.
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2023
    Ran by zec10 (31-05-2023 16:24:37)
    Running from C:\Users\zec10\Desktop\Malware Removal Software
    Microsoft Windows 10 Pro Version 21H2 19044.2965 (X64) (2021-07-01 18:41:38)
    Boot Mode: Normal
    ==========================================================
    ==================== Accounts: =============================
    (If an entry is included in the fixlist, it will be removed.)
    Administrator (S-1-5-21-3177478816-162182744-391395500-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3177478816-162182744-391395500-503 - Limited - Disabled)
    Guest (S-1-5-21-3177478816-162182744-391395500-501 - Limited - Enabled)
    WDAGUtilityAccount (S-1-5-21-3177478816-162182744-391395500-504 - Limited - Disabled)
    zec10 (S-1-5-21-3177478816-162182744-391395500-1006 - Administrator - Enabled) => C:\Users\zec10
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ==================== Installed Programs ======================
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809) (Version: - Canon Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 113.0.5672.127 - Google LLC)
    Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
    HiBit Uninstaller version 2.6.25.100 (HKLM-x32\...\{318AF7D1-C350-4F69-8C13-83B88BFF1355}_is1) (Version: 2.6.25.100 - HiBitSoftware)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)
    Malwarebytes version 4.5.29.268 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.29.268 - Malwarebytes)
    Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6448.1 - Waves Audio Ltd.) Hidden
    Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16327.20248 - Microsoft Corporation)
    Microsoft 365 - es-es (HKLM\...\O365HomePremRetail - es-es) (Version: 16.0.16327.20248 - Microsoft Corporation)
    Microsoft 365 - fr-fr (HKLM\...\O365HomePremRetail - fr-fr) (Version: 16.0.16327.20248 - Microsoft Corporation)
    Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 113.0.1774.57 - Microsoft Corporation)
    Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 113.0.1774.57 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3177478816-162182744-391395500-1006\...\OneDriveSetup.exe) (Version: 23.101.0514.0001 - Microsoft Corporation)
    Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation)
    Nitro Reader 5 (HKLM\...\{42BEF461-E91D-4C9E-94A2-790D973CE971}) (Version: 5.5.9.2 - Nitro)
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.16327.20248 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-040C-0000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6086 - Realtek Semiconductor Corp.)
    RogueKiller version 15.10.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.10.0.0 - Adlice Software)
    Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{C270D21B-2327-49B8-85F7-395133A93C75}) (Version: 8.92.0.0 - Microsoft Corporation)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.11 - VideoLAN)
    Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
    Packages:
    =========
    HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_145.3.1086.0_x64__v10z8vjag6ke6 [2023-05-18] (HP Inc.)
    iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_14.1.108.0_x64__nzyj5cx40ttqa [2022-12-14] (Apple Inc.) [Startup Task]
    Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2303.28002.0_x64__8wekyb3d8bbwe [2023-04-12] (Microsoft Corporation) [Startup Task]
    Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-02-04] (Microsoft Corporation)
    Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-03-22] (Microsoft Studios) [MS Ad]
    WindowsAppRuntime.1.1 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.1_1005.616.1651.0_x64__8wekyb3d8bbwe [2022-11-08] (Microsoft Corporation)
    WindowsAppRuntime.1.1 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.1_1005.616.1651.0_x86__8wekyb3d8bbwe [2022-11-08] (Microsoft Corporation)
    ==================== Custom CLSID (Whitelisted): ==============
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    CustomCLSID: HKU\S-1-5-21-3177478816-162182744-391395500-1006_Classes\CLSID\{9CD78CBC-FD21-4FFF-B452-9D792A58B7C4}\localserver32 -> "C:\Users\zec10\Wavesor Software\WaveBrowser\1.2.9.4\notification_helper.exe" => No File
    CustomCLSID: HKU\S-1-5-21-3177478816-162182744-391395500-1006_Classes\CLSID\{C5596523-009B-41A7-AB11-BCA2274BDCDB}\InprocServer32 -> C:\Users\zec10\Wavesor Software\SWUpdater\1.3.115.0\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3177478816-162182744-391395500-1006_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32 -> C:\Users\zec10\Wavesor Software\SWUpdater\1.3.115.0\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3177478816-162182744-391395500-1006_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 -> C:\Users\zec10\Wavesor Software\SWUpdater\1.3.115.0\psuser_64.dll => No File
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-25] (Malwarebytes Inc. -> Malwarebytes)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-25] (Malwarebytes Inc. -> Malwarebytes)
    ==================== Codecs (Whitelisted) ====================
    ==================== Shortcuts & WMI ========================
    ==================== Loaded Modules (Whitelisted) =============
    2020-12-03 10:43 - 2020-12-03 10:43 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll
    2020-12-03 10:43 - 2020-12-03 10:43 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll
    ==================== Alternate Data Streams (Whitelisted) ========
    (If an entry is included in the fixlist, only the ADS will be removed.)
    AlternateDataStreams: C:\MGtools.exe:MBAM.Zone.Identifier [91]
    ==================== Safe Mode (Whitelisted) ==================
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    ==================== Association (Whitelisted) =================
    ==================== Internet Explorer (Whitelisted) ==========
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-01-30] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-01] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-01] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-01] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-01] (Microsoft Corporation -> Microsoft Corporation)
    ==================== Hosts content: =========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2019-12-07 04:14 - 2019-12-07 04:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
    ==================== Other Areas ===========================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-3177478816-162182744-391395500-1006\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
    DNS Servers: 192.168.254.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    ==================== FirewallRules (Whitelisted) ================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    FirewallRules: [{E9D7FA44-E0DD-477C-AAEC-782C58CD4A23}] => (Allow) C:\Users\zec10\AppData\Local\Temp\7zS6B7D\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{4C001174-4628-4397-A5B1-B9398B131F65}] => (Allow) C:\Users\zec10\AppData\Local\Temp\7zS6B7D\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{4869089C-1D4A-4F43-B448-A18E7C4EEA89}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
    FirewallRules: [{CAF611C0-9DA8-4D77-9FDE-B7484B144245}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
    FirewallRules: [{2F96CFE6-0E41-4ED2-95EE-FEE5851DEA30}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
    FirewallRules: [{27C1A778-5D87-4976-BEA3-667F3A9F623F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
    FirewallRules: [{1AF8ADA0-45F8-4D43-AEB0-966561D8D6A8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{9EA9F6A1-BF7B-4592-84D7-A39C7CD4991D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [{23AB601B-302B-4598-88CC-401BA77D42F1}] => (Allow) C:\Users\zec10\AppData\Local\Temp\7zS304D\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
    FirewallRules: [{7BF0B540-B15E-48E4-8AB0-22D31BC4DB92}] => (Allow) C:\Users\zec10\AppData\Local\Temp\7zS304D\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
    FirewallRules: [{391009EC-6EC9-4D69-BEC9-4516D800C838}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
    FirewallRules: [{357D3C88-C217-44FF-8860-5BEADD6C7F0C}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
    FirewallRules: [{C36E6706-9B13-41E9-879E-33D6FF737747}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3206.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{5F1942D8-7E47-4CF3-8B4B-114CBEC059D9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3206.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{59ABDCA0-5A0B-41F6-A10C-1902CB0FD1FD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3206.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{70D7290C-C2BC-4437-963D-C0A4A4FD22A0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3206.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{93F174D6-4177-4971-A2C4-35544F44FFC3}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\113.0.1774.57\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
    ==================== Restore Points =========================
    25-05-2023 08:00:36 Windows Backup
    26-05-2023 08:00:30 Windows Backup
    27-05-2023 08:00:18 Windows Backup
    28-05-2023 08:00:58 Windows Backup
    29-05-2023 08:00:39 Windows Backup
    30-05-2023 08:00:43 Windows Backup
    31-05-2023 08:00:19 Windows Backup
    ==================== Faulty Device Manager Devices ============
    ==================== Event log errors: ========================
    Application errors:
    ==================
    Error: (05/25/2023 02:21:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program mbam.exe version 4.0.0.1570 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
    Process ID: 3d0
    Start Time: 01d98f3d726c35e4
    Termination Time: 4294967295
    Application Path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
    Report Id: a2607323-95d0-4765-acf9-5a46b15e711a
    Faulting package full name:
    Faulting package-relative application ID:
    Hang type: Cross-process
    Error: (05/25/2023 01:39:32 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-H90HAIM)
    Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
    Error: (05/25/2023 12:08:20 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: HPDiagnosticCoreUI.exe, version: 5.0.16.6, time stamp: 0x64351afa
    Faulting module name: HPDiagnosticCore.dll, version: 1.0.16.0, time stamp: 0x64351af5
    Exception code: 0xc0000005
    Fault offset: 0x0007eac4
    Faulting process id: 0x326c
    Faulting application start time: 0x01d98f2a50958ca3
    Faulting application path: C:\Users\zec10\AppData\Local\Temp\7zS304D\HPDiagnosticCoreUI.exe
    Faulting module path: C:\Users\zec10\AppData\Local\Temp\7zS304D\HPDiagnosticCore.dll
    Report Id: a1045ade-25d1-49e8-8922-5f9ace17f461
    Faulting package full name:
    Faulting package-relative application ID:
    Error: (05/23/2023 08:00:05 AM) (Source: Windows Backup) (EventID: 4103) (User: )
    Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
    Error: (05/22/2023 08:00:08 AM) (Source: Windows Backup) (EventID: 4103) (User: )
    Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
    Error: (05/21/2023 08:00:06 AM) (Source: Windows Backup) (EventID: 4103) (User: )
    Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
    Error: (05/20/2023 08:00:09 AM) (Source: Windows Backup) (EventID: 4103) (User: )
    Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
    Error: (05/19/2023 08:00:09 AM) (Source: Windows Backup) (EventID: 4103) (User: )
    Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
    System errors:
    =============
    Error: (05/31/2023 10:28:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9P6PMZTM93LR-Microsoft.6365217CE6EB4.
    Error: (05/31/2023 08:08:32 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
    Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume70'. This volume will be unavailable for filtering until a reboot. The final status was 0xc03a001c.
    Error: (05/31/2023 08:08:32 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
    Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume70'. This volume will be unavailable for filtering until a reboot. The final status was 0xc03a001c.
    Error: (05/30/2023 08:06:41 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
    Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume58'. This volume will be unavailable for filtering until a reboot. The final status was 0xc03a001c.
    Error: (05/30/2023 08:06:41 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
    Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume58'. This volume will be unavailable for filtering until a reboot. The final status was 0xc03a001c.
    Error: (05/29/2023 08:09:09 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
    Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume48'. This volume will be unavailable for filtering until a reboot. The final status was 0xc03a001c.
    Error: (05/29/2023 08:09:09 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
    Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume48'. This volume will be unavailable for filtering until a reboot. The final status was 0xc03a001c.
    Error: (05/28/2023 08:06:32 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
    Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume34'. This volume will be unavailable for filtering until a reboot. The final status was 0xc03a001c.
    Windows Defender:
    ================
    Date: 2023-05-25 10:25:24
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan
    Date: 2023-05-24 10:09:07
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan
    Date: 2023-05-23 10:47:55
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan
    Date: 2023-05-22 11:14:27
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan
    Date: 2023-05-21 11:03:07
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan
    Event[0]:
    Date: 2023-04-24 09:22:49
    Description:
    Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
    Feature: On Access
    Error Code: 0x8007043c
    Error description: This service cannot be started in Safe Mode
    Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    Date: 2023-04-24 08:35:09
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.353.1934.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.18700.4
    Error code: 0x80240438
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    CodeIntegrity:
    ===============
    Date: 2023-05-31 16:29:30
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
    ==================== Memory info ===========================
    BIOS: Dell Inc. A25 05/30/2019
    Motherboard: Dell Inc. 0XCR8D
    Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz
    Percentage of memory in use: 46%
    Total physical RAM: 16292.13 MB
    Available physical RAM: 8783.53 MB
    Total Virtual: 18724.13 MB
    Available Virtual: 9542.42 MB
    ==================== Drives ================================
    Drive c: (Windows) (Fixed) (Total:475.86 GB) (Free:345.65 GB) (Model: KingFast) NTFS
    Drive e: (FreeAgent Drive) (Fixed) (Total:931.51 GB) (Free:353.71 GB) (Model: Seagate FreeAgent USB Device) NTFS
    \\?\Volume{ba499056-0000-0000-0000-100000000000}\ (System) (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
    \\?\Volume{ba499056-0000-0000-0050-310d77000000}\ (Recovery image) (Fixed) (Total:0.73 GB) (Free:0.33 GB) NTFS
    ==================== MBR & Partition Table ====================
    ==========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: BA499056)
    Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=475.9 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=750 MB) - (Type=27)
    ==========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: A9D124E6)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
    ==================== End of Addition.txt =======================
     
    douglaswlee, May 31, 2023
    #3
  4. douglaswlee

    douglaswlee Private E-2

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2023
    Ran by zec10 (administrator) on DESKTOP-H90HAIM (Dell Inc. OptiPlex 9020) (31-05-2023 16:19:14)
    Running from C:\Users\zec10\Desktop\Malware Removal Software\FRST64.exe
    Loaded Profiles: zec10
    Platform: Microsoft Windows 10 Pro Version 21H2 19044.2965 (X64) Language: English (United States)
    Default browser: Chrome
    Boot Mode: Normal
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (C:\Program Files\RogueKiller\RogueKillerSvc.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
    (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <37>
    (explorer.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2303.28002.0_x64__8wekyb3d8bbwe\MicrosoftSecurityApp\MicrosoftSecurityApp.exe
    (explorer.exe ->) (Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe
    (explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.242\GoogleCrashHandler.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.242\GoogleCrashHandler64.exe
    (Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
    (services.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
    (services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
    (services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (services.exe ->) (Nitro Software, Inc. -> Nitro Software, Inc.) C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe
    (svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.BingWeather_4.53.51461.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
    (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    ==================== Registry (Whitelisted) ===================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8538872 2016-01-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [Unattend0000000001{E9EE1D24-6AF6-4631-844B-69F4C8E65E33}] => C:\Windows\system32\devmgmt.msc [145622 2019-12-07] (Microsoft Windows -> )
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1415928 2016-01-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot)
    HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
    HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
    HKLM\...\Print\Monitors\Nitro PDF Port Monitor: C:\Windows\system32\nitrolocalmon10.dll [31904 2016-08-02] (Nitro Software, Inc. -> Nitro Software, Inc.)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\113.0.5672.127\Installer\chrmstp.exe [2023-05-18] (Google LLC -> Google LLC)
    ==================== Scheduled Tasks (Whitelisted) =================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    Task: {1D459D23-AC35-46C3-9A5B-48FEC47520EC} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [58832 2023-05-04] (HP Inc. -> HP Inc.)
    Task: {1F297ACB-A4B8-466C-857F-C6CD123CA655} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [58832 2023-05-04] (HP Inc. -> HP Inc.)
    Task: {41406893-CAB2-47FB-8C40-A0B91ABC7E11} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-01] (Google LLC -> Google LLC)
    Task: {4F75318F-C0F8-4ADC-A567-C89A47B5BCAF} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [123872 2023-05-12] (Microsoft Corporation -> Microsoft Corporation)
    Task: {79558B5E-AD8E-4A5C-83BF-35DB5F1819D5} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [123872 2023-05-12] (Microsoft Corporation -> Microsoft Corporation)
    Task: {8774f8cd-dc7d-4b6e-9143-d8b0ad849f3f} - no filepath
    Task: {B969DE19-1FBC-4A7E-BD67-A97C3732CBCD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-01] (Google LLC -> Google LLC)
    Task: {BB818F9C-F801-4766-9B02-913258B473DE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26513416 2023-05-12] (Microsoft Corporation -> Microsoft Corporation)
    Task: {D50C57F8-6CA8-4D80-A235-951AB97C6A47} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26513416 2023-05-12] (Microsoft Corporation -> Microsoft Corporation)
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
    Tcpip\..\Interfaces\{9eb8b343-6690-4908-9bab-a9899540f011}: [DhcpNameServer] 192.168.254.254
    Edge:
    =======
    Edge DefaultProfile: Default
    Edge Profile: C:\Users\zec10\AppData\Local\Microsoft\Edge\User Data\Default [2023-05-25]
    Edge Notifications: Default -> hxxps://en.softonic.com
    Edge Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\zec10\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmmlpenookphoknnpfilofakghemolmg [2023-05-25]
    Edge Extension: (Search the current site) - C:\Users\zec10\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jliolpcnkmolaaecncdfeofombdekjcp [2021-12-03]
    Edge Extension: (Edge relevant text changes) - C:\Users\zec10\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-04-24]
    Edge Extension: (Print Friendly & PDF) - C:\Users\zec10\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nhiebejbpolmpkikgbijamagibifhjib [2022-08-23]
    FireFox:
    ========
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 5\npnitromozilla.dll [2016-08-02] (Nitro Software, Inc. -> Nitro PDF)
    FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
    Chrome:
    =======
    CHR Profile: C:\Users\zec10\AppData\Local\Google\Chrome\User Data\Default [2023-05-31]
    CHR Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\zec10\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2023-05-30]
    CHR Extension: (Google Docs Offline) - C:\Users\zec10\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-25]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\zec10\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-01]
    ==================== Services (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11749376 2023-05-12] (Microsoft Corporation -> Microsoft Corporation)
    R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [229328 2023-05-04] (HP Inc. -> HP Inc.)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9255384 2023-05-25] (Malwarebytes Inc. -> Malwarebytes)
    R2 NitroReaderDriverReadSpool5; C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe [327328 2016-08-02] (Nitro Software, Inc. -> Nitro Software, Inc.)
    R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [15413680 2023-05-24] (ADLICE -> )
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [336256 2023-05-10] (Microsoft Windows Publisher -> Microsoft Corporation)
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\NisSrv.exe [3216064 2023-05-03] (Microsoft Windows Publisher -> Microsoft Corporation)
    S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MsMpEng.exe [133544 2023-05-03] (Microsoft Windows Publisher -> Microsoft Corporation)
    ===================== Drivers (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
    S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
    S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2020-11-18] (Microsoft Corporation) [File not signed]
    S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2023-05-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
    R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2023-05-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
    S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-05-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [199640 2023-05-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
    R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77752 2023-05-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-05-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
    R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181984 2023-05-25] (Malwarebytes Inc. -> Malwarebytes)
    U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [41920 2023-05-25] (ADLICE (Julien ASCOET) -> )
    S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49616 2023-05-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [498944 2023-05-03] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99608 2023-05-03] (Microsoft Windows -> Microsoft Corporation)
    ==================== NetSvcs (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    ==================== One month (created) (Whitelisted) =========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2023-05-31 16:17 - 2023-05-31 16:21 - 000000000 ____D C:\FRST
    2023-05-26 12:12 - 2023-05-26 12:12 - 000000000 ___HD C:\$WinREAgent
    2023-05-26 07:31 - 2023-05-26 07:31 - 000252227 _____ C:\Users\zec10\Desktop\MGlogs.zip
    2023-05-26 07:05 - 2023-05-26 07:31 - 000252227 _____ C:\MGlogs.zip
    2023-05-26 07:04 - 2023-05-26 07:31 - 000000000 ____D C:\MGtools
    2023-05-25 16:27 - 2023-05-26 07:02 - 000000000 ____D C:\ProgramData\HitmanPro
    2023-05-25 15:33 - 2023-05-25 15:41 - 000041920 _____ C:\Windows\system32\Drivers\truesight.sys
    2023-05-25 15:32 - 2023-05-25 15:46 - 000000000 ____D C:\ProgramData\RogueKiller
    2023-05-25 15:32 - 2023-05-25 15:41 - 000000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2023-05-25 15:32 - 2023-05-25 15:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2023-05-25 15:32 - 2023-05-25 15:41 - 000000000 ____D C:\Program Files\RogueKiller
    2023-05-25 14:29 - 2023-05-25 14:29 - 000181984 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
    2023-05-25 14:16 - 2023-05-30 17:27 - 000000000 ____D C:\Users\zec10\AppData\Local\Malwarebytes
    2023-05-25 14:16 - 2023-05-25 14:16 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
    2023-05-25 14:16 - 2023-05-25 14:16 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2023-05-25 14:16 - 2023-05-25 14:16 - 000000000 ____D C:\Users\zec10\AppData\Local\mbam
    2023-05-25 14:14 - 2023-05-25 14:14 - 000000000 ____D C:\ProgramData\Malwarebytes
    2023-05-25 14:14 - 2023-05-25 14:14 - 000000000 ____D C:\Program Files\Malwarebytes
    2023-05-25 13:52 - 2023-05-26 07:04 - 001993530 _____ C:\MGtools.exe
    2023-05-25 13:28 - 2023-05-25 13:30 - 000000000 ____D C:\AdwCleaner
    2023-05-25 13:27 - 2023-05-31 16:19 - 000000000 ____D C:\Users\zec10\Desktop\Malware Removal Software
    2023-05-25 12:35 - 2023-05-25 12:35 - 000001475 _____ C:\Users\zec10\Downloads\HPPSdr - Shortcut.lnk
    2023-05-25 11:56 - 2023-05-25 12:31 - 011973976 _____ C:\Users\zec10\Desktop\HPPSdr.exe
    2023-05-25 10:57 - 2023-05-25 10:57 - 000014952 _____ C:\Users\zec10\Documents\ZEC PricebookLabels.xlsx
    2023-05-24 08:29 - 2023-05-24 08:29 - 000000000 ____D C:\ProgramData\PLUG
    ==================== One month (modified) ==================
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2023-05-31 16:13 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2023-05-31 16:12 - 2020-11-19 02:43 - 000000000 ____D C:\Windows\system32\SleepStudy
    2023-05-31 15:32 - 2021-07-01 12:23 - 000000000 ____D C:\Program Files (x86)\Google
    2023-05-31 10:32 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
    2023-05-31 10:32 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\AppReadiness
    2023-05-27 17:27 - 2021-07-01 12:03 - 000000000 ___RD C:\Users\zec10\OneDrive
    2023-05-27 17:26 - 2021-07-01 12:01 - 000000000 __SHD C:\Users\zec10\IntelGraphicsProfiles
    2023-05-27 17:26 - 2021-05-18 18:55 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2023-05-27 00:00 - 2020-11-19 02:46 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2023-05-27 00:00 - 2020-11-19 02:46 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
    2023-05-26 15:56 - 2023-04-29 09:35 - 000002386 _____ C:\Users\zec10\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2023-05-26 15:56 - 2021-12-11 08:59 - 000003584 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3177478816-162182744-391395500-1006
    2023-05-26 15:56 - 2021-07-01 12:03 - 000003376 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3177478816-162182744-391395500-1006
    2023-05-26 13:04 - 2021-11-22 12:15 - 000000000 ____D C:\Users\zec10\AppData\Roaming\Nitro
    2023-05-26 12:24 - 2019-12-07 04:03 - 000000000 ____D C:\Windows\CbsTemp
    2023-05-25 14:34 - 2020-11-19 02:54 - 000840854 _____ C:\Windows\system32\PerfStringBackup.INI
    2023-05-25 14:34 - 2019-12-07 04:13 - 000000000 ____D C:\Windows\INF
    2023-05-25 14:29 - 2020-11-19 02:43 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2023-05-25 14:28 - 2020-11-30 17:56 - 000008192 ___SH C:\DumpStack.log.tmp
    2023-05-25 14:27 - 2019-12-07 04:03 - 000786432 _____ C:\Windows\system32\config\BBI
    2023-05-25 14:16 - 2019-12-07 04:14 - 000000000 ___HD C:\Windows\ELAMBKUP
    2023-05-25 14:11 - 2022-01-12 09:04 - 000000000 ____D C:\Users\zec10\AppData\Local\NitroSpoolDir
    2023-05-25 13:53 - 2021-07-01 11:59 - 000000000 ____D C:\Users\zec10
    2023-05-25 12:40 - 2021-10-19 08:54 - 000001717 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
    2023-05-25 12:09 - 2023-01-18 23:10 - 000000000 ____D C:\Users\zec10\AppData\Local\CrashDumps
    2023-05-24 04:29 - 2022-02-15 21:05 - 000000000 ____D C:\Program Files\RUXIM
    2023-05-18 19:34 - 2021-07-01 12:25 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2023-05-18 19:34 - 2021-07-01 12:25 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2023-05-18 14:27 - 2021-07-01 12:23 - 000003714 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
    2023-05-18 14:27 - 2021-07-01 12:23 - 000003590 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
    2023-05-17 12:36 - 2021-07-06 13:40 - 000000000 ____D C:\Users\zec10\AppData\Local\ElevatedDiagnostics
    2023-05-17 12:22 - 2022-03-23 23:01 - 000000000 ____D C:\Windows\system32\Tasks\HP
    2023-05-17 12:22 - 2021-07-01 14:03 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
    2023-05-13 03:53 - 2020-11-19 02:46 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
    2023-05-13 03:53 - 2020-11-19 02:46 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
    2023-05-12 18:55 - 2020-12-03 10:40 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2023-05-10 22:37 - 2021-07-01 19:24 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
    2023-05-10 01:27 - 2020-11-19 02:43 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT
    2023-05-10 01:24 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
    2023-05-10 01:24 - 2019-12-07 04:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
    2023-05-10 01:24 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SystemResources
    2023-05-10 01:24 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
    2023-05-10 01:24 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\oobe
    2023-05-10 01:24 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\ShellExperiences
    2023-05-10 01:24 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\bcastdvr
    2023-05-10 00:54 - 2020-11-19 02:45 - 003015168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
    2023-05-10 00:19 - 2021-01-29 19:01 - 000000000 ____D C:\Windows\system32\MRT
    2023-05-10 00:13 - 2021-01-29 19:01 - 159583304 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2023-05-03 09:57 - 2020-11-19 02:43 - 000000000 ____D C:\Windows\system32\Drivers\wd
    ==================== SigCheck ============================
    (There is no automatic fix for files that do not pass verification.)
    ==================== End of FRST.txt ========================
     
    douglaswlee, May 31, 2023
    #4
  5. Oh My!

    Oh My! Malware Expert Staff Member

    Greetings.

    You can skip quoting my previous post.

    I ran into the same issue. The notifications were being flagged as spam.

    This does not appear to be malware related. Can you describe in detail what "slow" means?

    Please do this.

    ===================================================

    Farbar Recovery Scan Tool Fix

    --------------------
    • Right click on the FRST icon and select Run as administrator
    • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
    • There is no need to paste the information anywhere, FRST will do it for you
    Code:
    Start::
CreateRestorePoint:
CloseProcesses:
Edge Notifications: Default -> hxxps://en.softonic.com
HKLM\...\Run: [Unattend0000000001{E9EE1D24-6AF6-4631-844B-69F4C8E65E33}] => C:\Windows\system32\devmgmt.msc [145622 2019-12-07] (Microsoft Windows -> )
Task: {8774f8cd-dc7d-4b6e-9143-d8b0ad849f3f} - no filepath
CustomCLSID: HKU\S-1-5-21-3177478816-162182744-391395500-1006_Classes\CLSID\{9CD78CBC-FD21-4FFF-B452-9D792A58B7C4}\localserver32 -> "C:\Users\zec10\Wavesor Software\WaveBrowser\1.2.9.4\notification_helper.exe" => No File
CustomCLSID: HKU\S-1-5-21-3177478816-162182744-391395500-1006_Classes\CLSID\{C5596523-009B-41A7-AB11-BCA2274BDCDB}\InprocServer32 -> C:\Users\zec10\Wavesor Software\SWUpdater\1.3.115.0\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3177478816-162182744-391395500-1006_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32 -> C:\Users\zec10\Wavesor Software\SWUpdater\1.3.115.0\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3177478816-162182744-391395500-1006_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 -> C:\Users\zec10\Wavesor Software\SWUpdater\1.3.115.0\psuser_64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /RestoreHealth
Emptytemp:
End::
    • Click Fix
    • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
    • Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
    • Note: The Emptytemp: command will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
    • What is meant by slow
    • Fixlog
     
    Oh My!, May 31, 2023
    #5
  6. douglaswlee

    douglaswlee Private E-2

    I clicked fix and a message popped up no fixlist found. I did not see one on my desktop either. What I mean by slow is when something is clicked on the computer it takes anywhere from 3-10 minutes before it responds. Now I do not use the computer that often, but occasionally have to for various reasons. I would find it very frustrating. Do you think it may just be getting old and need replacing?
     
    douglaswlee, Jun 1, 2023
    #6
  7. Oh My!

    Oh My! Malware Expert Staff Member

    It is a little too early to conclude the computer needs to be replaced. I try to make sure spending money is really necessary before I suggest that.

    Make sure you highlight and copy all the information starting from Start:: all the way to End::. If it does not include all of that the Fix won't work.
     
    Oh My!, Jun 1, 2023
    #7
  8. douglaswlee

    douglaswlee Private E-2

    Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2023
    Ran by zec10 (01-06-2023 10:48:56) Run:1
    Running from C:\Users\zec10\Desktop\Malware Removal Software
    Loaded Profiles: zec10
    Boot Mode: Normal
    ==============================================
    fixlist content:
    *****************
    Start::
    CreateRestorePoint:
    CloseProcesses:
    Edge Notifications: Default -> hxxps://en.softonic.com
    HKLM\...\Run: [Unattend0000000001{E9EE1D24-6AF6-4631-844B-69F4C8E65E33}] => C:\Windows\system32\devmgmt.msc [145622 2019-12-07] (Microsoft Windows -> )
    Task: {8774f8cd-dc7d-4b6e-9143-d8b0ad849f3f} - no filepath
    CustomCLSID: HKU\S-1-5-21-3177478816-162182744-391395500-1006_Classes\CLSID\{9CD78CBC-FD21-4FFF-B452-9D792A58B7C4}\localserver32 -> "C:\Users\zec10\Wavesor Software\WaveBrowser\1.2.9.4\notification_helper.exe" => No File
    CustomCLSID: HKU\S-1-5-21-3177478816-162182744-391395500-1006_Classes\CLSID\{C5596523-009B-41A7-AB11-BCA2274BDCDB}\InprocServer32 -> C:\Users\zec10\Wavesor Software\SWUpdater\1.3.115.0\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3177478816-162182744-391395500-1006_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A}\InprocServer32 -> C:\Users\zec10\Wavesor Software\SWUpdater\1.3.115.0\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3177478816-162182744-391395500-1006_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE}\InprocServer32 -> C:\Users\zec10\Wavesor Software\SWUpdater\1.3.115.0\psuser_64.dll => No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    cmd: netsh winsock reset catalog
    cmd: netsh int ip reset resetlog.txt
    cmd: netsh advfirewall reset
    cmd: netsh advfirewall set allprofiles state ON
    cmd: bitsadmin /reset /allusers
    cmd: ipconfig /flushdns
    Removeproxy:
    hosts:
    cmd: sfc /scannow
    cmd: DISM /Online /Cleanup-Image /RestoreHealth
    Emptytemp:
    End::
    *****************
    Restore point was successfully created.
    Processes closed successfully.
    "Edge Notifications" => removed successfully
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Unattend0000000001{E9EE1D24-6AF6-4631-844B-69F4C8E65E33}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8774f8cd-dc7d-4b6e-9143-d8b0ad849f3f}" => removed successfully
    HKU\S-1-5-21-3177478816-162182744-391395500-1006_Classes\CLSID\{9CD78CBC-FD21-4FFF-B452-9D792A58B7C4} => removed successfully
    HKU\S-1-5-21-3177478816-162182744-391395500-1006_Classes\CLSID\{C5596523-009B-41A7-AB11-BCA2274BDCDB} => removed successfully
    HKU\S-1-5-21-3177478816-162182744-391395500-1006_Classes\CLSID\{F6994161-37C3-47C9-BE83-C84C33A1CF2A} => removed successfully
    HKU\S-1-5-21-3177478816-162182744-391395500-1006_Classes\CLSID\{F87D77DF-DEF2-4294-9F4B-A92E5A6725DE} => removed successfully
    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
    ========= netsh winsock reset catalog =========
    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.
    ========= End of CMD: =========
    ========= netsh int ip reset resetlog.txt =========
    Resetting Compartment Forwarding, OK!
    Resetting Compartment, OK!
    Resetting Control Protocol, OK!
    Resetting Echo Sequence Request, OK!
    Resetting Global, OK!
    Resetting Interface, OK!
    Resetting Anycast Address, OK!
    Resetting Multicast Address, OK!
    Resetting Unicast Address, OK!
    Resetting Neighbor, OK!
    Resetting Path, OK!
    Resetting Potential, OK!
    Resetting Prefix Policy, OK!
    Resetting Proxy Neighbor, OK!
    Resetting Route, OK!
    Resetting Site Prefix, OK!
    Resetting Subinterface, OK!
    Resetting Wakeup Pattern, OK!
    Resetting Resolve Neighbor, OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , failed.
    Access is denied.
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Restart the computer to complete this action.
    ========= End of CMD: =========
    ========= netsh advfirewall reset =========
    Ok.
    ========= End of CMD: =========
    ========= netsh advfirewall set allprofiles state ON =========
    Ok.
    ========= End of CMD: =========
    ========= bitsadmin /reset /allusers =========
    BITSADMIN version 3.0
    BITS administration utility.
    (C) Copyright Microsoft Corp.
    0 out of 0 jobs canceled.
    ========= End of CMD: =========
    ========= ipconfig /flushdns =========
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    ========= End of CMD: =========
    ========= RemoveProxy: =========
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
    "HKU\S-1-5-21-3177478816-162182744-391395500-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
    "HKU\S-1-5-21-3177478816-162182744-391395500-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
    ========= End of RemoveProxy: =========
    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.
    ========= sfc /scannow =========
    Beginning system scan. This process will take some time.
    Beginning verification phase of system scan.
    Verification 0% complete.
    Verification 1% complete.
    Verification 1% complete.
    Verification 2% complete.
    Verification 2% complete.
    Verification 3% complete.
    Verification 4% complete.
    Verification 4% complete.
    Verification 5% complete.
    Verification 5% complete.
    Verification 6% complete.
    Verification 7% complete.
    Verification 7% complete.
    Verification 8% complete.
    Verification 8% complete.
    Verification 9% complete.
    Verification 10% complete.
    Verification 10% complete.
    Verification 11% complete.
    Verification 11% complete.
    Verification 12% complete.
    Verification 13% complete.
    Verification 13% complete.
    Verification 14% complete.
    Verification 14% complete.
    Verification 15% complete.
    Verification 16% complete.
    Verification 16% complete.
    Verification 17% complete.
    Verification 17% complete.
    Verification 18% complete.
    Verification 19% complete.
    Verification 19% complete.
    Verification 20% complete.
    Verification 20% complete.
    Verification 21% complete.
    Verification 22% complete.
    Verification 22% complete.
    Verification 23% complete.
    Verification 23% complete.
    Verification 24% complete.
    Verification 25% complete.
    Verification 25% complete.
    Verification 26% complete.
    Verification 26% complete.
    Verification 27% complete.
    Verification 28% complete.
    Verification 28% complete.
    Verification 29% complete.
    Verification 29% complete.
    Verification 30% complete.
    Verification 31% complete.
    Verification 31% complete.
    Verification 32% complete.
    Verification 32% complete.
    Verification 33% complete.
    Verification 34% complete.
    Verification 34% complete.
    Verification 35% complete.
    Verification 35% complete.
    Verification 36% complete.
    Verification 37% complete.
    Verification 37% complete.
    Verification 38% complete.
    Verification 38% complete.
    Verification 39% complete.
    Verification 40% complete.
    Verification 40% complete.
    Verification 41% complete.
    Verification 41% complete.
    Verification 42% complete.
    Verification 43% complete.
    Verification 43% complete.
    Verification 44% complete.
    Verification 44% complete.
    Verification 45% complete.
    Verification 46% complete.
    Verification 46% complete.
    Verification 47% complete.
    Verification 47% complete.
    Verification 48% complete.
    Verification 49% complete.
    Verification 49% complete.
    Verification 50% complete.
    Verification 50% complete.
    Verification 51% complete.
    Verification 52% complete.
    Verification 52% complete.
    Verification 53% complete.
    Verification 53% complete.
    Verification 54% complete.
    Verification 55% complete.
    Verification 55% complete.
    Verification 56% complete.
    Verification 56% complete.
    Verification 57% complete.
    Verification 58% complete.
    Verification 58% complete.
    Verification 59% complete.
    Verification 59% complete.
    Verification 60% complete.
    Verification 61% complete.
    Verification 61% complete.
    Verification 62% complete.
    Verification 62% complete.
    Verification 63% complete.
    Verification 64% complete.
    Verification 64% complete.
    Verification 65% complete.
    Verification 65% complete.
    Verification 66% complete.
    Verification 67% complete.
    Verification 67% complete.
    Verification 68% complete.
    Verification 68% complete.
    Verification 69% complete.
    Verification 70% complete.
    Verification 70% complete.
    Verification 71% complete.
    Verification 71% complete.
    Verification 72% complete.
    Verification 73% complete.
    Verification 73% complete.
    Verification 74% complete.
    Verification 74% complete.
    Verification 75% complete.
    Verification 76% complete.
    Verification 76% complete.
    Verification 77% complete.
    Verification 77% complete.
    Verification 78% complete.
    Verification 79% complete.
    Verification 79% complete.
    Verification 80% complete.
    Verification 80% complete.
    Verification 81% complete.
    Verification 82% complete.
    Verification 82% complete.
    Verification 83% complete.
    Verification 83% complete.
    Verification 84% complete.
    Verification 85% complete.
    Verification 85% complete.
    Verification 86% complete.
    Verification 86% complete.
    Verification 87% complete.
    Verification 88% complete.
    Verification 88% complete.
    Verification 89% complete.
    Verification 89% complete.
    Verification 90% complete.
    Verification 91% complete.
    Verification 91% complete.
    Verification 92% complete.
    Verification 92% complete.
    Verification 93% complete.
    Verification 94% complete.
    Verification 94% complete.
    Verification 95% complete.
    Verification 95% complete.
    Verification 96% complete.
    Verification 97% complete.
    Verification 97% complete.
    Verification 98% complete.
    Verification 98% complete.
    Verification 99% complete.
    Verification 100% complete.
    Windows Resource Protection found corrupt files and successfully repaired them.
    For online repairs, details are included in the CBS log file located at
    windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
    repairs, details are included in the log file provided by the /OFFLOGFILE flag.
    ========= End of CMD: =========
    ========= DISM /Online /Cleanup-Image /RestoreHealth =========
    Deployment Image Servicing and Management tool
    Version: 10.0.19041.844
    Image Version: 10.0.19044.2965
    [== 3.8% ]
    [== 4.2% ]
    [== 5.1% ]
    [=== 5.9% ]
    [=== 6.3% ]
    [=== 6.7% ]
    [=== 6.7% ]
    [=== 6.8% ]
    [=== 6.8% ]
    [==== 7.1% ]
    [==== 8.1% ]
    [===== 8.8% ]
    [===== 9.7% ]
    [===== 9.7% ]
    [===== 9.8% ]
    [===== 9.8% ]
    [===== 9.9% ]
    [===== 9.9% ]
    [===== 9.9% ]
    [====== 10.9% ]
    [====== 11.8% ]
    [======= 12.2% ]
    [======= 12.9% ]
    [======== 13.9% ]
    [======== 14.9% ]
    [======== 15.3% ]
    [========= 15.5% ]
    [========= 15.9% ]
    [========= 16.1% ]
    [========= 16.3% ]
    [========= 16.5% ]
    [========= 16.5% ]
    [========= 16.7% ]
    [========= 16.8% ]
    [========= 16.9% ]
    [========= 17.0% ]
    [========= 17.1% ]
    [========= 17.1% ]
    [========== 17.5% ]
    [========== 18.2% ]
    [========== 18.3% ]
    [========== 18.3% ]
    [========== 18.9% ]
    [========== 18.9% ]
    [=========== 19.5% ]
    [=========== 20.0% ]
    [============ 21.0% ]
    [============ 22.0% ]
    [============= 22.9% ]
    [============= 23.9% ]
    [============== 24.9% ]
    [=============== 25.9% ]
    [=============== 26.9% ]
    [================ 27.8% ]
    [================ 28.3% ]
    [================ 29.1% ]
    [================= 29.5% ]
    [================= 29.6% ]
    [================= 29.7% ]
    [================= 30.7% ]
    [================== 31.7% ]
    [================== 32.7% ]
    [=================== 33.7% ]
    [=================== 34.4% ]
    [==================== 35.2% ]
    [==================== 35.4% ]
    [==================== 35.6% ]
    [==================== 36.0% ]
    [===================== 36.5% ]
    [===================== 36.7% ]
    [===================== 37.0% ]
    [===================== 37.1% ]
    [===================== 37.1% ]
    [===================== 37.1% ]
    [===================== 37.1% ]
    [===================== 37.6% ]
    [====================== 38.5% ]
    [====================== 38.5% ]
    [====================== 38.6% ]
    [====================== 38.6% ]
    [====================== 39.0% ]
    [====================== 39.1% ]
    [====================== 39.2% ]
    [====================== 39.2% ]
    [====================== 39.2% ]
    [====================== 39.2% ]
    [====================== 39.3% ]
    [======================= 39.8% ]
    [======================= 40.3% ]
    [======================= 40.9% ]
    [======================== 41.4% ]
    [======================== 42.3% ]
    [======================== 42.9% ]
    [======================== 43.1% ]
    [========================= 43.5% ]
    [========================= 44.0% ]
    [========================= 44.1% ]
    [========================= 44.2% ]
    [========================= 44.5% ]
    [========================= 44.8% ]
    [========================== 45.0% ]
    [========================== 45.2% ]
    [========================== 45.4% ]
    [========================== 45.6% ]
    [========================== 45.7% ]
    [========================== 45.7% ]
    [========================== 45.8% ]
    [========================== 46.0% ]
    [========================== 46.3% ]
    [========================== 46.3% ]
    [===========================47.1% ]
    [===========================47.5% ]
    [===========================47.5% ]
    [===========================47.5% ]
    [===========================47.5% ]
    [===========================47.5% ]
    [===========================47.6% ]
    [===========================47.9% ]
    [===========================48.5% ]
    [===========================49.4% ]
    [===========================50.4% ]
    [===========================50.7% ]
    [===========================50.7% ]
    [===========================51.7% ]
    [===========================52.7% ]
    [===========================53.7% ]
    [===========================54.6% ]
    [===========================55.0% ]
    [===========================55.2% ]
    [===========================55.2% ]
    [===========================55.2% ]
    [===========================55.3% ]
    [===========================55.4% ]
    [===========================55.4% ]
    [===========================55.4% ]
    [===========================55.5% ]
    [===========================55.5% ]
    [===========================55.6% ]
    [===========================55.7% ]
    [===========================55.8% ]
    [===========================55.9% ]
    [===========================56.0% ]
    [===========================56.0% ]
    [===========================56.1% ]
    [===========================56.1% ]
    [===========================56.1% ]
    [===========================56.2% ]
    [===========================56.2% ]
    [===========================56.2% ]
    [===========================56.2% ]
    [===========================56.3% ]
    [===========================56.3% ]
    [===========================56.3% ]
    [===========================56.4% ]
    [===========================56.4% ]
    [===========================56.4% ]
    [===========================56.5% ]
    [===========================56.5% ]
    [===========================56.5% ]
    [===========================56.6% ]
    [===========================56.6% ]
    [===========================56.7% ]
    [===========================56.8% ]
    [===========================56.8% ]
    [===========================56.8% ]
    [===========================57.1%= ]
    [===========================57.3%= ]
    [===========================57.4%= ]
    [===========================57.4%= ]
    [===========================57.6%= ]
    [===========================57.6%= ]
    [===========================57.7%= ]
    [===========================57.7%= ]
    [===========================58.0%= ]
    [===========================58.0%= ]
    [===========================58.0%= ]
    [===========================58.7%== ]
    [===========================59.7%== ]
    [===========================62.3%==== ]
    [===========================84.9%================= ]
    [===========================92.5%===================== ]
    [==========================100.0%==========================]
    The restore operation completed successfully.
    The operation completed successfully.
    ========= End of CMD: =========
    =========== EmptyTemp: ==========
    FlushDNS => completed
    BITS transfer queue => 1572864 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 488581677 B
    Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
    Windows/system/drivers => 15741612 B
    Edge => 0 B
    Chrome => 810753735 B
    Firefox => 0 B
    Opera => 0 B
    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 123366 B
    NetworkService => 638940 B
    zec10 => 368236326 B
    RecycleBin => 929473451 B
    EmptyTemp: => 2.4 GB temporary data Removed.
    ================================
    The system needed a reboot.
    ==== End of Fixlog 11:42:42 ====
     
    douglaswlee, Jun 1, 2023
    #8
  9. Oh My!

    Oh My! Malware Expert Staff Member

    Nice work.

    Do you notice any difference in computer performance?
     
    Oh My!, Jun 1, 2023
    #9
  10. douglaswlee

    douglaswlee Private E-2

    Yes, the computer is much more responsive. Thank you! Is there anything else I need to do? BTW I like your footer, I am a follower of Jesus.
     
    douglaswlee, Jun 1, 2023
    #10
  11. Oh My!

    Oh My! Malware Expert Staff Member

    Thank you, my brother.

    The main reason why I desire to provide a free gift here (and at BleepingComputer as well) is so that I may have the opportunity to quietly speak of the ultimate free gift I have already received.

    I would like to do just a bit more if you don't mind.

    ===================================================

    ESET Online Scanner

    --------------------

    Note: You can expect this process to take a long time, up to several hours or more.

    • Download ESET Free Online Scanner and save it to your Desktop
    • Right click on esetonlinescanner_enu.exe and select Run as administrator
    • NOTE: If the program immediately crashes rename esetonlinescanner_enu.exe to ESET.exe and attempt it again
    • Click Computer Scan
    • Click Full scan
    • Select Enable ESET to detect and quarantine potentially unwanted applications
    • Click Start scan
    • Once completed click Save scan log and save it to your Desktop as ESETScan.txt
    • Click Continue then finally click Close
    • Copy and paste the ESETScan.txt file contents in your reply
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
    • ESET report
     
    Oh My!, Jun 1, 2023
    #11
  12. douglaswlee

    douglaswlee Private E-2

    6/2/2023 7:19:10 AM
    Files scanned: 462974
    Detected files: 3
    Cleaned files: 3
    Total scan time 01:46:26
    Scan status: Finished
    C:\MGtools\mgtproc.exe Win32/PrcView potentially unsafe application cleaned by deleting
    C:\Users\zec10\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000060 a variant of Generik.EYRBKTT trojan cleaned by deleting
    C:\MGtools.exe a variant of Generik.EYRBKTT trojan cleaned by deleting
     
    douglaswlee, Jun 2, 2023
    #12
  13. Oh My!

    Oh My! Malware Expert Staff Member

    That looks good. It only detected the MGtools entries and that is a false positive detection. Since we are finishing things up there is no harm in the deletions.

    Are there any remaining questions or concerns you might have before I post some tool/log clean up instructions and other information for you to consider going forward?
     
    Oh My!, Jun 2, 2023
    #13
  14. douglaswlee

    douglaswlee Private E-2

    I cannot think of anything else. Thanks for your help!
     
    douglaswlee, Jun 2, 2023
    #14
  15. Oh My!

    Oh My! Malware Expert Staff Member

    You are quite welcome.

    Here is our final step and some additional information to consider.

    ===================================================

    KpRm by Kernel-panik

    --------------
    • Download KpRm and save it to your Desktop (see here if you must use Chrome)
    • Note: If the file is detected as malware it is not and it is safe to download. The detection is a false positive.
    • Right click on the icon and select Run as administrator
    • Click Yes on the Disclaimer
    • Place a check mark in Delete Tools, Create Restore Point, and Delete in 7 days
    • Click Run
    • Click OK on All operations are completed
    • KpRm will delete itself from you Desktop and you can either save or remove the report that is generated
    • You are free to remove any other tools/reports still remaining
    ===================================================

    All Clean!

    --------------

    Your computer is now clean. Please consider this going forward.

    ===================================================

    Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean.

     
    Oh My!, Jun 2, 2023
    #15

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds