Malware Dell Laptop 20230402

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------

• Download Farbar Recover Scan Tool for 64 bit systems and save it to your Desktop. <<< Important
• If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
• Right click on the icon and select Run as administrator
• Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
• Click Yes to the disclaimer
• Click Scan and allow the program to run
• Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
• 2 Notepad documents should now be open on your desktop.
• Please copy and paste the contents of each report in separate reply windows

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

• FRST.txt
• Addition.txt

 

Greetings.

I am happy to report there is no evidence of malicious software on the system. There is some junk on the system we can clean up and there are also some additional non-malware issues we could follow up on if you'd like. It would be best to streamline your antivirus related programs and there are Windows Update failures indicated in the logs. Let me know what you would like to do, if anything.

Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------

• Right click on the FRST icon and select Run as administrator
• Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
• There is no need to paste the information anywhere, FRST will do it for you

Code:

Start::
CreateRestorePoint:
CloseProcesses:
S3 usb6xxxk; system32\drivers\usb6xxxkl.sys [X] 
Task: {9C56F608-B54D-40EF-9DD2-AFFD2622748D} - System32\Tasks\NIUpdateServiceRetryCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe -c -task (No File) 
Task: {A9DBF607-DC19-453D-9EE9-2FAD428DE1E0} - System32\Tasks\NIUpdateServiceStartupTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe -startupTask (No File) 
Task: {F1B43DC9-15DA-4EE7-9A54-9628F7310183} - System32\Tasks\NIUpdateServiceCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe -c -task (No File) 
CustomCLSID: HKU\S-1-5-21-2828338444-210893263-843575872-1001_Classes\CLSID\{9A872070-0A06-11D1-90B7-00A024CE2744}\localserver32 -> C:\Program Files\National Instruments\LabVIEW 2017\LabVIEW.exe /Automation => No File 
CustomCLSID: HKU\S-1-5-21-2828338444-210893263-843575872-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\ij000\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20107.1\x64\Microsoft.Teams.AddinLoader.dll => No File 
FirewallRules: [{16C15DB2-8B76-4368-857C-E6EA7C80BBAA}] => (Allow) C:\Users\ij000\AppData\Roaming\Zoom\bin\airhost.exe => No File 
Task: {9C56F608-B54D-40EF-9DD2-AFFD2622748D} - System32\Tasks\NIUpdateServiceRetryCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe -c -task (No File) 
Task: {A9DBF607-DC19-453D-9EE9-2FAD428DE1E0} - System32\Tasks\NIUpdateServiceStartupTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe -startupTask (No File) 
Task: {F1B43DC9-15DA-4EE7-9A54-9628F7310183} - System32\Tasks\NIUpdateServiceCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe -c -task (No File) 
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] 
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] 
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] 
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] 
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION 
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION 
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [136] 
2023-04-08 05:58 - 2023-04-08 05:58 - 000000000 _____ C:\WINDOWS\invcol.tmp 
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [136]
Emptytemp: 
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::

• Click Fix
• When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
• Note: The Emptytemp: command will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

• Fixlog
• Follow up on non-malware issues?

 

Very good, let's get to work.

We are going to start the security program removal process and Enable Windows Defender. Once we clean things out you can decide which antivirus program you would like to use, if not Windows Defender.

Please do these things.

===================================================

Uninstalling Programs Using Revo Uninstaller Free Portable

--------------------

• Download Revo Uninstaller Free Portable from and save it to your Desktop
• Right click on the folder and select Extract All..., then click Extract
• Double click on the RevoUninstaller-Portable folder
• Right click on RevoUPort and select Run as administrator
• Click OK on the License Agreement
• From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)

Code:

Autorun Eater
Bitdefender Agent
Bitdefender Total Security
COMODO Firewall
Internet Security Essentials
RogueKiller
Smart Defrag
SpywareBlaster
WebAdvisor by McAfee

• If the program's uninstaller appears work through the steps to remove the program(s)
• Be sure the Advanced option is selected then click Scan
• For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion
• Once done click Finish
• Reboot your computer

===================================================

Farbar Recovery Scan Tool Fix

--------------------

• Right click on the FRST icon and select Run as administrator
• Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
• There is no need to paste the information anywhere, FRST will do it for you

Code:

Start::
cmd: DISM /Online /Cleanup-Image /RestoreHealth
2023-04-02 09:30 - 2023-04-02 09:30 - 000000000 ____D C:\Program Files\HitmanPro
2023-04-02 09:27 - 2023-04-02 09:35 - 000000000 ____D C:\ProgramData\HitmanPro
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
Powershell: Get-MpComputerStatus
End::

• Click Fix
• When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
• Copy/paste the following in the Search: box

Code:

SearchAll: BitDefender;Comodo;RogueKiller;Iobit;SpywareBlaster;McAfee

• Click Search Files button
• When completed click OK and a Search.txt document will open on your desktop
• Please zip and upload the file to GoFile or the file hosting site of your choice and post the download link in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

• Programs uninstall?
• Fixlog
• Download link

 

Thank you for the information.

Please do this.

===================================================

Farbar Recovery Scan Tool - Run Fix Using Attached File

--------------------

• Please download the attached file and save it in the same location as FRST.exe <<< Important
• Right click on FRST and select Run as administrator
• Click Fix and once completed your computer will reboot
• The tool will create a log on the desktop called Fixlog.txt
• Attach the report to your reply
  ===================================================
  
  Things I would like to see in your next reply. :thumbsup2:
  • Fixlog

 

That looks good, lots of remnants removed.

What antivirus program do you prefer to use?

Please do this.

===================================================

Windows Update with CBS Folder

--------------------

• Click Start, type Check for updates and hit Enter
  
• Attempt to install all availabe updates, continually checking for updates until no more are available
  
• If updating is successful stop and let me know
  
• If updating fails provide the KB number and Error Code information in your reply and continue with the following
  
• Hit the Windows Key + E at the same time
  
• Navigate to C:\Windows\Logs
  
• Right click on the CBS folder, select Send to, the click Compressed (zipped) folder
  
• Click Yes to placing the folder on your Desktop
  
• Upload the file to GoFile or the file hosting site of your choice and post the download link in your reply.
  

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

• Which antivirus program
• Windows Update results
• CBS download link, if applicable

 

Thank you for the upload. Let's see if Windows can repair itself. Please do this.

===================================================

Windows Update Troubleshooter

--------------------

• Click Start, type Troubleshooter and hit Enter
  
• Click Additional (or Other) troubleshooters
• Select Windows Update
  
• Report the results
  
• Check Windows Update. If you receive an error message report the error information in your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

• Results?

 

Excellent.

How is your computer performing now?

 

Very good. You got Windows Update fixed in the process.

Do you have any questions or concerns before I post some clean-up instructions?

 

Very good.

Here is our final step and some additional information to consider.

===================================================

KpRm by Kernel-panik

--------------

• Download KpRm and save it to your Desktop (see here if you must use Chrome)
• Note: If the file is detected as malware it is not and it is safe to download. The detection is a false positive.
• Right click on the icon and select Run as administrator
• Click Yes on the Disclaimer
• Place a check mark in Delete Tools, Create Restore Point, and Delete in 7 days
• Click Run
• Click OK on All operations are completed
• KpRm will delete itself from you Desktop and you can either save or remove the report that is generated
• You are free to remove any other tools/reports still remaining

===================================================

All Clean!

--------------

Your computer is now clean. Please consider this going forward.

===================================================

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean.

• Have you Been Hacked? 10 Indicators That Say Yes
• So How did I get infected?
• Pirated Software is All Fun and Games Until Your Data is Stolen
• Do You Need Anti-Ransomware Software for Your PC?
• Why You Should Update All Your Software
• How Safe Are Password Managers?
• Whats the Best Way to Back Up My Computer?

 

Antivirus programs are a personal choice. Though not a recommendation on my part personally I use the native Windows Defender and the paid version of Malwarebytes. Windows Defender takes care of itself via Windows Update and Malwarebytes is able to run alongside Windows Defender without any conflicts.

Personally I don't see the need for an Autorun program but if it doesn't negatively affect the performance of the system I guess there is no harm.

Your computer has an NVMe drive so you should not defrag it.

 

You are most welcome. Should you find you need assistance again in the future,, you are always welcome here.

Gary