Jump to content

Recommended Posts

It's been a while since I've had to do a malware removal and alot has changed it seems. At any rate my children use this laptop alot for school work and such. One of them must have clicked on the wrong ad on the wrong site. The system runs slow and the occasional window will pop up with some busty gal asking if you want to find out more about her in so many words. So I know there's something dug in somewhere. Any assistance would be greatly appreciated.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2021
Ran by jacqu (administrator) on LAPTOP-JCH3CN0C (LENOVO 81DE) (12-01-2021 09:35:39)
Running from C:\Users\jacqu\Desktop
Loaded Profiles: jacqu
Platform: Windows 10 Home Version 1909 18363.1256 (X64) Language: English (United States)
Default browser: "C:\Users\jacqu\AppData\Local\WebNavigatorBrowser\Application\webnavigatorbrowser.exe" "--strtl=roc" -- "%1"
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Better Cloud Solutions LTD -> Better Cloud Solutions) C:\Users\jacqu\AppData\Local\WebNavigatorBrowser\Application\webnavigatorbrowser.exe <7>
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_31a8dbbf39dcdc3b\jhi_service.exe
(Intel(R) pGFX 2020 -> ) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_26b207b939eae50e\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_e67d3946e6cd0335\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_e67d3946e6cd0335\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_17ae7c318f577e25\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_17ae7c318f577e25\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_120314e52c04567c\RstMwService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.4.16.0\Lenovo.Vantage.AddinHost.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.4.16.0\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(LENOVO INC) C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.1.19.0_x64__5grkq8ppsgwt4\VFS\ProgramFilesX64\Lenovo\LenovoUtility\utility.exe
(McAfee, LLC -> McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\jacqu\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMA.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMAService.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18391120 2019-10-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2019-10-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2019-10-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKU\S-1-5-21-1969282097-1763057123-3184183591-1001\...\Run: [GoogleChromeAutoLaunch_01CAF383E2489904DA8DDC6FD206E68F] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-1969282097-1763057123-3184183591-1001\...\Run: [WebNavigatorBrowser_28CB1FD293AE6F26E0389AA6BAE8ACFB] => C:\Users\jacqu\AppData\Local\WebNavigatorBrowser\Application\webnavigatorbrowser.exe [1976728 2020-08-19] (Better Cloud Solutions LTD -> Better Cloud Solutions)
HKU\S-1-5-21-1969282097-1763057123-3184183591-1001\...\Run: [94D4712F5B8BB982A105F77CCBE43D171E8E4222._service_run] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=service /prefetch:8
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2500 series: C:\WINDOWS\system32\CNMLMBX.DLL [391168 2013-03-24] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-11] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {060CB11A-0563-48EB-A17C-E56EE96A27EC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-17] (Google LLC -> Google LLC)
Task: {125C33F5-B41E-4E37-A1E0-D36FF3A74D1B} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [62280 2020-09-24] (Lenovo -> Lenovo Group Ltd.)
Task: {172E585D-934C-47BA-BBAB-415591E333A5} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [144312 2020-09-15] (Lenovo -> Lenovo Group Ltd.)
Task: {25CE3D0F-62FB-4F51-8917-EDAEB1863803} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f453936f-ad89-47a3-8d46-0a85d8f3ba74 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81744 2020-09-24] (Lenovo -> Lenovo Group Ltd.)
Task: {2F30CB7A-CFBD-4EF7-8F32-2C87114C077C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {37CA1B8F-3964-46E1-9314-6BA8CE090ADD} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.4.16.0\ScheduleEventAction.exe [24408 2020-11-05] (Lenovo -> Lenovo Group Ltd.)
Task: {49F9AD16-7C99-434F-B690-25DA7051E1CF} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2019-10-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {7535E6EA-B26C-47ED-8551-C7B012C86E0A} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2019-10-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {84A61698-D7CC-436C-B1B7-D7EE97C2D8A7} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {8AEFE5ED-44A3-4AC3-92E7-576EC32A6CBA} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {B2FC0920-E802-4926-9948-63581EADCDB7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B7305C15-04C9-4A6C-B967-4B529590B90A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\34114772-00e8-4671-bf27-fac40d2578c5 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81744 2020-09-24] (Lenovo -> Lenovo Group Ltd.)
Task: {C29E3754-9FAB-4E23-8754-BA508CBF1D35} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {CDEA043F-DEE5-4E82-AE15-0886000397D6} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5100b5a0-6aa1-401b-be65-50f66e6697e4 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81744 2020-09-24] (Lenovo -> Lenovo Group Ltd.)
Task: {D91E1B8F-765B-41D1-962D-0001C42EEA6A} - System32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2019-10-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {DF62CA97-C62D-45BD-ABDD-5F79D9313B46} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F10635F4-92BC-4AAB-B2AB-FE1F7DC7FB00} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe lenovo-utility://
Task: {F2D06356-CFC5-446B-8E8D-980AE3068048} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-17] (Google LLC -> Google LLC)
Task: {FA60FD16-D54F-40AB-9750-C8672DA70978} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FCC44F41-431A-454F-81F7-9C7A0DE422B3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\388a70ee-7683-4dc4-93f9-1b84b5396aa4 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81744 2020-09-24] (Lenovo -> Lenovo Group Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{77087483-245d-4a18-89ee-6adb914fba3c}: [DhcpNameServer] 209.18.47.63 209.18.47.61
Tcpip\..\Interfaces\{cdb74037-d7c8-4d07-b35d-abf7a463e51e}: [DhcpNameServer] 192.168.1.1

Edge: 
======
DownloadDir: C:\Users\jacqu\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\jacqu\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-12]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (No Name) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2019-12-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default [2021-01-11]
CHR Notifications: Default -> hxxps://pushwelcome.com
CHR Extension: (Slides) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-17]
CHR Extension: (Docs) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-17]
CHR Extension: (Google Drive) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-17]
CHR Extension: (Sheets) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-17]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-01-01]
CHR Extension: (Google Docs Offline) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-17]
CHR Extension: (Gmail) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-15]
CHR Profile: C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-04-21]
CHR Profile: C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2 [2021-01-10]
CHR DefaultSearchURL: Profile 2 -> chrome-extension://ogdlpmhglpejoiomcodnpjnfgcpmgale/assets/favicon.ico
CHR Extension: (Slides) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-20]
CHR Extension: (Relay) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\adkcpkpghahmbopkjchobieckeoaoeem [2021-01-08] [UpdateUrl:hxxps://lsrelay-extensions-production.s3.amazonaws.com/chrome-filter/6d1314a021a4f3e7b0a27aa37cc4ccbb1484a5e92dc878e5cb3eb239249e6ee9/ChromeFilter.xml] <==== ATTENTION
CHR Extension: (Mobility Print) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\alhngdkjgnedakdlnamimgfihgkmenbh [2020-12-08]
CHR Extension: (Docs) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-20]
CHR Extension: (Google Drive) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-08]
CHR Extension: (YouTube) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-20]
CHR Extension: (Pear Deck) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dnloadmamaeibnaadmfdfelflmmnbajd [2020-12-08]
CHR Extension: (Kami Extension - PDF and Document Annotation) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ecnphlgnajanjnkcmbpancdjoidceilk [2021-01-08]
CHR Extension: (Sheets) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-20]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-01-08]
CHR Extension: (Learning Ally Audiobooks) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gdicnpbaekbefjanokchpfhnaphfnphl [2020-12-08]
CHR Extension: (Google Docs Offline) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-01-08]
CHR Extension: (Camera) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hfhhnacclhffhdffklopdkcgdhifgngh [2021-01-08]
CHR Extension: (Zoom) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hmbjbjdpkobdjplfobhljndfdfdipjhg [2021-01-08]
CHR Extension: (Music Player for Google Drive) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hnfeekfpnjbdmelcapngdgkjnhgijjkh [2020-04-20]
CHR Extension: (Read&Write for Google Chrome™) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\inoeonmfapjbbkmdafoankkfajkcphgd [2021-01-08]
CHR Extension: (Google Forms) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2020-04-20]
CHR Extension: (Hide YouTube Comments) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kehdmnjmaakacofbgmjgjapbbibhafoh [2020-12-08]
CHR Extension: (Zoom Scheduler) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kgjfgplpablkjnlkjmjdecgdpfankdle [2021-01-08]
CHR Extension: (Classroom) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kkbmdgjggcdajckdlbngdjonpchpaiea [2021-01-08] [UpdateUrl:hxxps://lsrelay-extensions-production.s3.amazonaws.com/classroom/6d1314a021a4f3e7b0a27aa37cc4ccbb1484a5e92dc878e5cb3eb239249e6ee9/Classroom.xml] <==== ATTENTION
CHR Extension: (SketchUp for Schools) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lfhlekccjamfkfmjgnpbdjpecanfbjkl [2020-12-09]
CHR Extension: (Kaizena Web App) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lhiccpgcnopcjjdobhoddnplkebplfaj [2020-12-08]
CHR Extension: (.) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mcffcgcjgfomgdmebokppdjbloohicib [2020-12-08]
CHR Extension: (Google Classroom) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mfhehppjhmmnlfbbopchdfldgimhfhfk [2020-04-20]
CHR Extension: (Edulastic) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mmmfookngjpgdahmnbbamplmbhleljio [2020-12-08]
CHR Extension: (Office) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2020-12-08]
CHR Extension: (Running dinosaur Game) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nihmppmidbbbkfademfpjmhhogegjbjd [2021-01-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-20]
CHR Extension: (Custom Cursor for Chrome™) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ogdlpmhglpejoiomcodnpjnfgcpmgale [2020-12-08]
CHR Extension: (Gmail) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-08]
CHR Extension: (Chrome Media Router) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-08]
CHR Extension: (Snapverter) - C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\plebojnaihkfjkkpgaemcjpnkmcpleih [2020-04-20]
CHR Profile: C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\System Profile [2020-09-02]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-21] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
R2 Epson PMAService A; C:\Program Files (x86)\Epson Software\PMA_A\PMAService.exe [113144 2017-03-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2017-10-05] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81744 2020-09-24] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.4.16.0\LenovoVantageService.exe [29520 2020-11-05] (Lenovo -> Lenovo Group Ltd.)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [913208 2019-12-12] (McAfee, LLC -> McAfee, Inc.)
S3 McSecDashboardService; C:\Program Files\McAfeeDashboard\McSecDashboardService.exe [1270536 2019-02-26] (McAfee, Inc. -> McAfee, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-12 09:28 - 2021-01-12 09:31 - 000029428 _____ C:\Users\jacqu\Desktop\Addition.txt
2021-01-12 09:25 - 2021-01-12 09:37 - 000023423 _____ C:\Users\jacqu\Desktop\FRST.txt
2021-01-12 09:24 - 2021-01-12 09:36 - 000000000 ____D C:\FRST
2021-01-12 09:17 - 2021-01-12 09:18 - 002281472 _____ (Farbar) C:\Users\jacqu\Desktop\FRST64 (1).exe
2021-01-11 21:16 - 2021-01-11 21:18 - 000000000 ____D C:\Users\jacqu\Desktop\PDF's from desktop
2021-01-06 08:17 - 2021-01-06 08:17 - 000001938 _____ C:\Users\jacqu\Desktop\Zoom.lnk
2020-12-14 16:55 - 2020-12-14 16:55 - 002045952 _____ C:\WINDOWS\system32\rdpnano.dll
2020-12-14 16:55 - 2020-12-14 16:55 - 000171008 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2020-12-14 16:55 - 2020-12-14 16:55 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2020-12-14 16:55 - 2020-12-14 16:55 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2020-12-14 16:55 - 2020-12-14 16:55 - 000000357 _____ C:\WINDOWS\system32\DrtmAuth14.bin
2020-12-14 16:55 - 2020-12-14 16:55 - 000000357 _____ C:\WINDOWS\system32\DrtmAuth13.bin
2020-12-14 16:55 - 2020-12-14 16:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-12-14 16:55 - 2020-12-14 16:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-12-14 16:55 - 2020-12-14 16:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-12-14 16:55 - 2020-12-14 16:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-12-14 16:55 - 2020-12-14 16:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-12-14 16:55 - 2020-12-14 16:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-12-14 16:55 - 2020-12-14 16:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-12-14 16:55 - 2020-12-14 16:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-12-14 16:55 - 2020-12-14 16:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin
2020-12-14 16:55 - 2020-12-14 16:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin
2020-12-14 16:55 - 2020-12-14 16:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin
2020-12-14 16:55 - 2020-12-14 16:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin
2020-12-14 16:55 - 2020-12-14 16:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-12-14 16:55 - 2020-12-14 16:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-12-14 16:55 - 2020-12-14 16:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-12-14 16:55 - 2020-12-14 16:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-12-14 16:54 - 2020-12-14 16:54 - 001756600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-12-14 16:54 - 2020-12-14 16:54 - 001366144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-12-14 16:54 - 2020-12-14 16:54 - 000059392 _____ C:\WINDOWS\system32\runexehelper.exe
2020-12-14 16:54 - 2020-12-14 16:54 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-12 09:27 - 2019-03-18 23:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-12 09:10 - 2020-09-02 17:38 - 000004168 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{6BA46D59-0D1B-465E-9ADD-2B18BF8E42F6}
2021-01-12 00:32 - 2020-09-02 17:16 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-11 21:11 - 2020-10-09 18:25 - 000000000 ____D C:\Users\jacqu\AppData\Local\Bluestacks
2021-01-11 21:07 - 2019-03-18 23:50 - 000000000 ____D C:\WINDOWS\INF
2021-01-11 17:11 - 2020-04-17 17:31 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-11 17:11 - 2020-04-17 17:31 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-11 17:11 - 2020-04-17 17:31 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-01-11 17:07 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-11 16:54 - 2019-04-03 11:06 - 000000000 __SHD C:\Users\jacqu\IntelGraphicsProfiles
2021-01-09 18:29 - 2019-03-18 23:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-09 18:21 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-01-08 10:34 - 2020-09-02 17:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-08 10:33 - 2019-03-18 23:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-01-08 10:21 - 2020-09-10 09:06 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-08 10:21 - 2020-09-10 09:06 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-01-08 10:21 - 2020-09-10 09:06 - 000002283 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-01-07 17:28 - 2019-04-03 11:06 - 000000000 ____D C:\Users\jacqu\AppData\Local\Packages
2021-01-07 17:24 - 2019-09-15 18:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2021-01-07 17:24 - 2019-09-15 18:59 - 000000000 ____D C:\Program Files (x86)\epson
2021-01-05 08:29 - 2020-04-20 08:05 - 000002443 _____ C:\Users\jacqu\Desktop\EMMA - Chrome.lnk
2020-12-24 17:39 - 2020-09-02 17:31 - 000795992 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-12-24 17:33 - 2019-04-03 11:06 - 000000000 ___RD C:\Users\jacqu\3D Objects
2020-12-24 17:33 - 2018-09-19 13:11 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-12-24 17:32 - 2020-09-02 17:16 - 000257824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-12-19 11:21 - 2020-09-02 17:22 - 000000000 ____D C:\Users\jacqu
2020-12-19 11:21 - 2019-03-18 23:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-12-19 11:21 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-12-19 11:21 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-12-19 11:21 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-12-19 11:21 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-12-19 11:21 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-12-19 11:21 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-12-19 11:21 - 2019-03-18 23:52 - 000000000 ____D C:\Program Files\Windows Defender
2020-12-19 11:21 - 2019-03-18 23:52 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-15 16:13 - 2020-09-02 17:38 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1969282097-1763057123-3184183591-1001
2020-12-15 16:13 - 2020-09-02 17:22 - 000002374 _____ C:\Users\jacqu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-12-15 16:13 - 2019-04-02 19:09 - 000000000 ___RD C:\Users\jacqu\OneDrive
2020-12-14 17:02 - 2019-03-18 23:37 - 000000000 ____D C:\WINDOWS\CbsTemp

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Addition.txt

Link to post
Share on other sites

Hello   :welcome:

Please advise me what name  or handle you prefer to be called by.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me. 

Please only just attach   all report files, etc  that I ask for as we go along.

 

 

Be sure you close all web browsers before you click on the "Scan" button on this next procedure.

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.

Adwcleaner  detects factory Preinstalled applications too!

 

Please download  Malwarebytes AdwCleaner  https://downloads.malwarebytes.com/file/adwcleaner
 

Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

 

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.   Let it remove what it finds.

NOTE:  When it comes to the section "

Pre-installed applications

 

You can skip that.

Please find and send the Adwcleaner "C" clean report.

In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".

Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

 

That C clean report will be the one with the most recent Date and time at folder  C:\AdwCleaner\Logs

Thanks.  Keep me advised.     ONLY attach each report file as we go along.   Please do NOT copy paste into the main body of the reply box.

Link to post
Share on other sites

@Jarhead95   AFTER you have done the scan with Adwcleaner, these are the next steps that must be done.

For the duration of this case, please just use the EDGE browser that came with Windows 10.
Be extremely aware, that WebNavigatorBrowser  is a rogue program & one that must be Uninstalled. It is a hijacker that might seem like a normal web browser, but it is a unwanted program.
Next first step is to Uninstall it.
1. Press & hold  the Windows key on keyboard & then tap the R key   to open the Run command.
2. Type 

appwiz.cpl 


and tap Enter.
The Programs and Features window will appear.

3. Locate  WebNavigatorBrowser  and click once to select it, then click the Uninstall button.

[   NEXT    ]

The system will be rebooted after the script has run.

This custom script is for  Jarhead95 only / for this machine only.

There are leftover traces of WebNavigatorBrowser   that must be removed.

NOTE-1:  In addition, This fix will also run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome,  and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 
If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.

The  custom Fix script is going to be used by the FRST64.exe   tool   which you have on your DESKTOP  folder.

Please save the (attached file named) FIXLIST.txt   to the  Desktop  folder   


Start the Windows Explorer and then, to the Desktop   folder.


RIGHT click on  FRSTE64.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

IF you get a block message from Windows about this tool......
click line More info information on that screen
and click button Run anyway on next screen.

on the FRST window:
Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   


Please know this will do a Windows Restart.   Just let it do its thing.  

Do let me know how things are overall,  after all this.

Sincerely.

Fixlist.txt

Link to post
Share on other sites

Hi Pete.   Thanks for the reports.  I am glad to see that these have been done.

I would like to see you strengthen your web browsers.

I suggest you install the Malwarebytes Browser guard for Chrome.

To get & install the Malwarebytes Browser Guard extension for Chrome,

 

Open this link in your Chrome   browser: 

https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

 

Then proceed with the setup.

[   2   ]

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

.

After these steps, let me know if you need something else.

Sincerely.

Link to post
Share on other sites

You are welcome.  Yes, I would suggest 2 follow-ups.

[    1    ]

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

Select the " Quick " scan option.

Let me know the result of this.

The log is named MSERT.log 

the log will be at  C:\Windows\debug\msert.log

Please attach that log with your reply.

[    2    ]

I would like you to run a tool named SecurityCheck to inquire on the current-security-update  status  of some applications.

  • Download SecurityCheck by glax24 from here  https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
  • and save the tool on the desktop.
  • If Windows's  SmartScreen block that with a message-window, then
  • Click on the MORE INFO spot and over-ride that and allow it to proceed.
  • This tool is safe.   Smartscreen is overly sensitive.
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

Link to post
Share on other sites

The Microsoft Safety Scanner found no infection / no virus.   That is obviously awesome.

The SeecurityCheck tool report highlights 2 apps  that  ought to be updates  so that they have the latest updates.

------------------------------ [ ArchAndFM ] ------------------------------
WinRAR 5.80 (64-bit) v.5.80.0 Warning! Download Update

-------------------------- [ IMAndColloborate ] ---------------------------
Zoom v.5.4.2 (58740.1105) Warning! Download Update

  • Like 1
Link to post
Share on other sites

Hello.

To remove the FRST  tool & its work files, do this.  Go to your Desktop folder.  Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe .
Then run that ( double click on it)  to begin the cleanup process.

 

Delete msert.exe

Delete the Securitycheck.exe

Any other download file I had you download, you may delete.

I wish you all the best.  Stay safe.

Sincerely,

Maurice

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.