12 replies to this topic

[Catman686]

This is the first issue I have had and it is only happening on one website so far. All of the links on the home page are ads for phentermine instead of what they should be. I tried with google chrome and had the same results. I called the site owner and they are not having issues. I checked the site with my phone using the same Firefox browser and the site works fine so I think I may be infected. I don't see instructions for Windows 11 users so am not sure how to get started. Here are my system specs.

 

Processor    Intel® Celeron® CPU 4205U @ 1.80GHz   1.80 GHz
Installed RAM    4.00 GB (3.88 GB usable)
Device ID    0059B791-B5DC-4184-88E6-05A1ACFDC160
Product ID    00330-52929-79740-AAOEM
System type    64-bit operating system, x64-based processor
Pen and touch    No pen or touch input is available for this display
Edition    Windows 11 Pro
Version    21H2
Installed on    ‎10/‎28/‎2021
OS build    22000.493
Experience    Windows Feature Experience Pack 1000.22000.493.0

 

[Catman686]

Also, I already scanned my entire system with the eset online scanner and no issues were found.

[Juliet]

Hi and sorry for the wait.
 
Sounds like adware of sorts and that your browser might benefit from an adblocker?
 
Let's run a scanner to see if something can be removed.

Farbar Recovery Scan Tool (FRST) Scan

• Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
• Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
• Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
• Click Yes to the disclaimer.
• Ensure the Addition.txt box is checked.
• Click the Scan button and let the programme run.
• Upon completion, click OK, then OK on the Addition.txt pop up screen.
• Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

(Scan times will vary from one system to another. Sometimes the scan may appear to hang and you may even see a message that says, Program not responding. Most likely that will be temporary and the scan will resume on its own. It is not unusual for a complete scan to take up to10 minutes or even longer depending on what the scan is finding.)

[Catman686]

Thank you for the reply. Here are the logs from the scan. I apologize for the profane computer name. Never thought I would need to post that online

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-02-2022 01
Ran by The Catman (administrator) on FUCKOFFYOUFUCKI (Dell Inc. Inspiron 3580) (18-02-2022 16:48:34)
Running from C:\Users\The Catman\Desktop
Loaded Profiles: The Catman
Platform: Microsoft Windows 11 Pro Version 21H2 22000.527 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe <2>
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.95.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\98.0.1108.55\msedgewebview2.exe <6>
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Scans\MsMpEngCP.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxEM.exe
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_b4d0b189ff2aba03\WavesSvc64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_2687b494da5e552a\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_2687b494da5e552a\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_ffd80069472091bc\RstMwService.exe
(services.exe ->) (Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\NisSrv.exe
(services.exe ->) (Newyu) [File not signed] C:\Program Files (x86)\LibreView Device Drivers\LibreViewMASMonitor.exe
(services.exe ->) (Qualcomm Atheros, Inc. -> ) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_8443b1c224b06d42\RtkAudUService64.exe <3>
(services.exe ->) (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\Intel® Audio Service\IntelAudioService.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_b4d0b189ff2aba03\WavesSysSvc64.exe
(svchost.exe ->) (INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.95.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_8443b1c224b06d42\RtkAudUService64.exe [1256824 2021-04-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_b4d0b189ff2aba03\WavesSvc64.exe [1774584 2021-02-19] (Waves Inc -> Waves Audio Ltd.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1318024 2020-02-12] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM-x32\...\Run: [NT Wonder Pulse] => C:\Program Files (x86)\FOXWELL\NT Wonder\Pulse.exe [446976 2017-03-01] (Foxwell Technology Co.,Ltd) [File not signed]
HKU\S-1-5-21-4217306530-3385283210-3420623960-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE [346712 2020-07-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-4217306530-3385283210-3420623960-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIVE.EXE [283232 2012-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4217306530-3385283210-3420623960-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31162288 2021-04-29] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-4217306530-3385283210-3420623960-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [253952 2021-10-28] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\EPSON WF-2530 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMIVE.DLL [120320 2011-04-19] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [558080 2011-08-30] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\98.0.4758.102\Installer\chrmstp.exe [2022-02-18] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0523DAB6-396E-4D1F-A28B-58D06EF2BBAB} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {4F4FC4C2-F40F-40EB-96F7-6AA67968A715} - System32\Tasks\eM Client for Microsoft Store Database Backup (S-1-5-21-4217306530-3385283210-3420623960-1001) => C:\Users\The Catman\AppData\Local\Microsoft\WindowsApps\eMClientStore.exe [0 2021-10-23] () [simlink -> ]
Task: {52DD3EFB-76B8-41DD-B7A6-BFBA120B979A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {5ECA7866-292C-45A0-B49D-5306C4E0A980} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108904 2022-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {6299D14A-63BD-4643-BDCA-A462A25DDEC3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-18] (Google LLC -> Google LLC)
Task: {735B5527-470F-4641-81EE-507C24C07EFE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {747100D2-6915-4BD2-A130-9D4EF6135E16} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22880136 2022-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {7D071A47-4881-468B-AA92-6B77B826C9AD} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40880 2021-04-29] (Garmin International, Inc. -> )
Task: {851ACD56-5BA0-4625-B4DB-765CA40BB266} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {918E7910-CEF3-4630-B85B-77D67BF1AD62} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9727384A-7D66-4F35-81A4-0B582B419E9F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9A34CD2E-29E8-4C12-A06C-C05A7F381237} - System32\Tasks\S-1-5-21-4217306530-3385283210-3420623960-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (No File)
Task: {B08CEC89-0365-40DA-83FE-4ABB7FA6839A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22880136 2022-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {D371B097-21E6-4156-8663-044A8A1D2F2E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108904 2022-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {E9A42A38-80A0-44F0-96C1-8CFA97658B8E} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {F73E64DA-0F41-4E05-BB10-CAE8CF6620AC} - System32\Tasks\EPSON DS-40 Update => C:\Program Files (x86)\epson\escndv\update\e_dtsksd.exe [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {FDF3540A-3E8C-410E-88F1-573735C632BB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-18] (Google LLC -> Google LLC)
Task: {FF2AF5D4-BF94-4ACA-9161-A85953A1B65F} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON DS-40 Update.job => C:\Program Files (x86)\epson\escndv\update\e_dtsksd.exe./EXE_S:EPSON DS-40,ES00FB.DAT /F:UpdateDESKTOP-7A8EKA5\The CatmanĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.8.69
Tcpip\..\Interfaces\{0d2af80e-2401-4f28-a5b3-9100a168d99b}: [DhcpNameServer] 192.168.8.69
Tcpip\..\Interfaces\{2621140c-b262-4a36-af59-900c02f145e5}: [DhcpNameServer] 192.168.8.69
Tcpip\..\Interfaces\{fb381b5c-d355-447e-bd55-462c0721df7b}: [DhcpNameServer] 192.168.8.1

Edge:
=======
DownloadDir: C:\Users\The Catman\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\The Catman\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-25]
Edge HomePage: Default -> hxxp://www.duckduckgo.com/
Edge StartupUrls: Default -> "hxxp://www.duckduckgo.com/"
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list

FireFox:
========
FF DefaultProfile: 51tnd6lk.default
FF ProfilePath: C:\Users\The Catman\AppData\Roaming\Mozilla\Firefox\Profiles\51tnd6lk.default [2020-06-07]
FF ProfilePath: C:\Users\The Catman\AppData\Roaming\Mozilla\Firefox\Profiles\jnz5dh9y.default-release [2022-02-18]
FF DownloadDir: C:\Users\The Catman\Desktop\Downloads
FF Homepage: Mozilla\Firefox\Profiles\jnz5dh9y.default-release -> start.duckduckgo.com
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\The Catman\AppData\Roaming\Mozilla\Firefox\Profiles\jnz5dh9y.default-release\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2022-02-01]
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\The Catman\AppData\Local\Google\Chrome\User Data\Default [2022-02-15]
CHR HomePage: Default -> hxxp://www.duckduckgo.com/
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Extension: (Slides) - C:\Users\The Catman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-11-26]
CHR Extension: (Docs) - C:\Users\The Catman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-11-26]
CHR Extension: (Google Drive) - C:\Users\The Catman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-11-26]
CHR Extension: (DuckDuckGo) - C:\Users\The Catman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2022-02-14]
CHR Extension: (YouTube) - C:\Users\The Catman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-11-26]
CHR Extension: (Sheets) - C:\Users\The Catman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-11-26]
CHR Extension: (Google Docs Offline) - C:\Users\The Catman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-02-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\The Catman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-26]
CHR Extension: (Gmail) - C:\Users\The Catman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-11-26]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY SOLUTIONS LIMITED -> ABBYY)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12124536 2022-02-03] (Microsoft Corporation -> Microsoft Corporation)
S4 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [19128 2020-08-19] (Dell Inc -> Dell INC.)
S4 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 LibreViewMASMonitor; C:\Program Files (x86)\LibreView Device Drivers\LibreViewMASMonitor.exe [14848 2021-04-28] (Newyu) [File not signed]
R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [188728 2021-05-28] (Qualcomm Atheros, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6078536 2021-12-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\NisSrv.exe [2909208 2022-02-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe [128376 2022-02-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
R2 WMIRegistrationService; C:\WINDOWS\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe [538736 2021-07-25] (Intel Corporation -> Intel Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [180224 2021-06-05] (Microsoft Corporation) [File not signed]
R3 dc3d; C:\WINDOWS\System32\drivers\dc3d.sys [47616 2011-05-18] (Hardware Group Test Cert -> Microsoft Corporation)
S3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [43400 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Dell Technologies)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 Hsp; C:\WINDOWS\System32\drivers\Hsp.sys [110904 2022-01-26] (Microsoft Windows -> Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2022-02-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [438520 2022-02-09] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-02-09] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-02-18 16:48 - 2022-02-18 16:51 - 000021892 _____ C:\Users\The Catman\Desktop\FRST.txt
2022-02-18 16:41 - 2022-02-18 16:50 - 000000000 ____D C:\FRST
2022-02-18 16:38 - 2022-02-18 16:38 - 002312192 _____ (Farbar) C:\Users\The Catman\Desktop\FRST64.exe
2022-02-18 15:53 - 2022-02-18 15:53 - 000212487 _____ C:\Users\The Catman\Desktop\The Catman Flow Chart.pdf
2022-02-16 04:02 - 2022-02-16 04:02 - 000000000 ____D C:\WINDOWS\Panther
2022-02-15 22:15 - 2022-02-15 22:15 - 000015024 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-02-15 22:13 - 2022-02-15 22:13 - 000210432 _____ C:\WINDOWS\system32\CloudIdWxhExtension.dll
2022-02-15 22:00 - 2022-02-15 22:00 - 000000000 ___HD C:\$WinREAgent
2022-02-14 14:31 - 2022-02-14 14:32 - 000001389 _____ C:\Users\The Catman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2022-02-14 14:31 - 2022-02-14 14:31 - 000000000 ____D C:\Users\The Catman\AppData\Local\ESET
2022-02-14 06:57 - 2022-02-14 11:41 - 000000000 ____D C:\Users\The Catman\Desktop\Acupuncture Bills For Reimbursement
2022-02-09 11:03 - 2022-02-09 11:04 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-02-03 08:36 - 2021-10-08 11:00 - 000167544 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2022-01-26 08:35 - 2022-01-26 08:36 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2022-01-26 07:58 - 2022-01-26 07:58 - 000311296 _____ C:\WINDOWS\system32\EsclScan.dll
2022-01-26 07:58 - 2022-01-26 07:58 - 000188416 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-01-26 07:56 - 2022-01-26 07:56 - 000077824 _____ C:\WINDOWS\system32\APMonUI.dll
2022-01-26 07:55 - 2022-01-26 07:55 - 000339968 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-02-18 16:48 - 2020-06-07 09:14 - 000000000 ____D C:\Users\The Catman\AppData\LocalLow\Mozilla
2022-02-18 16:43 - 2022-01-11 16:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-02-18 16:43 - 2021-02-07 16:36 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-02-18 16:43 - 2020-06-07 09:14 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-02-18 16:43 - 2020-06-07 09:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-02-18 16:39 - 2021-06-05 07:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-02-18 16:25 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-02-18 16:18 - 2021-11-26 10:55 - 000000000 ____D C:\Program Files (x86)\Google
2022-02-18 16:15 - 2020-10-30 13:36 - 000000000 ____D C:\Users\The Catman\Documents\eM Client for Microsoft Store
2022-02-18 16:07 - 2021-06-05 07:10 - 000000000 ___HD C:\Program Files\WindowsApps
2022-02-18 16:07 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-02-18 15:50 - 2020-10-24 09:58 - 000001249 _____ C:\Users\The Catman\Desktop\NT Wonder.lnk
2022-02-18 15:50 - 2020-07-16 14:13 - 000001427 _____ C:\Users\The Catman\Desktop\ADT Cameras and NVR Management.lnk
2022-02-18 15:46 - 2021-12-18 10:05 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-02-18 15:30 - 2020-08-07 12:16 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-02-18 15:27 - 2020-06-07 12:08 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-02-16 07:25 - 2020-06-18 14:03 - 000000000 ____D C:\Users\The Catman\AppData\Local\D3DSCache
2022-02-16 04:22 - 2021-10-28 18:06 - 000848788 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-02-16 04:22 - 2021-06-05 07:09 - 000000000 ____D C:\WINDOWS\INF
2022-02-16 04:18 - 2020-06-06 17:53 - 000000000 __SHD C:\Users\The Catman\IntelGraphicsProfiles
2022-02-16 04:17 - 2021-10-28 18:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-02-16 04:17 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\ServiceState
2022-02-16 04:17 - 2020-07-24 14:49 - 000012288 ___SH C:\DumpStack.log.tmp
2022-02-16 04:17 - 2020-05-26 01:03 - 000000000 ____D C:\Intel
2022-02-16 04:15 - 2021-06-05 07:01 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-02-16 04:14 - 2021-06-05 07:01 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-02-16 04:03 - 2021-12-04 13:42 - 000490856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-02-16 04:02 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2022-02-16 04:00 - 2021-10-28 17:58 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-02-16 03:58 - 2021-06-05 09:30 - 000000000 ___SD C:\WINDOWS\system32\AppV
2022-02-16 03:58 - 2021-06-05 07:10 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-02-16 03:58 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-02-16 03:58 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\SystemResources
2022-02-16 03:58 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-02-16 03:58 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-02-16 03:58 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-02-16 03:58 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-02-15 22:13 - 2021-10-28 18:04 - 003101696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-02-12 13:19 - 2020-06-07 03:32 - 000000000 ____D C:\Users\The Catman\Desktop\Rich's Emergency Information
2022-02-12 11:35 - 2020-06-07 02:10 - 000000000 ____D C:\Users\The Catman\Desktop\Back Up
2022-02-12 11:28 - 2020-06-07 03:34 - 000000000 ____D C:\Users\The Catman\Documents\TurboTax
2022-02-09 13:45 - 2020-06-06 21:23 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-02-09 13:38 - 2020-06-06 21:23 - 149611728 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-02-09 11:19 - 2020-05-26 01:03 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-02-09 11:04 - 2020-06-07 09:14 - 000000000 ____D C:\ProgramData\Mozilla
2022-02-04 08:25 - 2021-02-21 07:57 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-01-30 15:58 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-01-26 08:35 - 2021-06-05 07:01 - 000000000 ____D C:\WINDOWS\servicing
2022-01-25 16:02 - 2021-11-17 06:16 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7cc50ecb219f5
2022-01-25 16:02 - 2021-10-28 18:23 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-23 12:41 - 2020-06-06 17:53 - 000000000 ____D C:\Users\The Catman\AppData\Local\Packages
2022-01-21 16:47 - 2021-11-24 11:57 - 000000000 ____D C:\Users\The Catman\Desktop\Game Cameras
2022-01-21 09:57 - 2021-12-18 10:03 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-01-21 09:57 - 2021-12-18 10:03 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-01-19 21:21 - 2021-02-21 07:58 - 000508216 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2022-01-19 21:21 - 2021-02-21 07:58 - 000501104 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll

==================== Files in the root of some directories ========

2020-07-25 09:18 - 2020-07-25 09:18 - 000007639 _____ () C:\Users\The Catman\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2022 01
Ran by The Catman (18-02-2022 16:58:48)
Running from C:\Users\The Catman\Desktop
Microsoft Windows 11 Pro Version 21H2 22000.527 (X64) (2021-10-28 23:25:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4217306530-3385283210-3420623960-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4217306530-3385283210-3420623960-503 - Limited - Disabled)
Guest (S-1-5-21-4217306530-3385283210-3420623960-501 - Limited - Disabled)
The Catman (S-1-5-21-4217306530-3385283210-3420623960-1001 - Administrator - Enabled) => C:\Users\The Catman
WDAGUtilityAccount (S-1-5-21-4217306530-3385283210-3420623960-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader (HKLM\...\{7BFB58DD-7484-49BF-A8F7-0CD4A80BA5F8}) (Version: 4.18.1.4500 - Open Media LLC) Hidden
4K Video Downloader (HKLM-x32\...\{592a019d-a9be-4dfa-b6bc-e82aa0136ca3}) (Version: 4.18.1.4500 - Open Media LLC)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.01.513.58212 - ABBYY) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 21.011.20039 - Adobe)
ANT Drivers Installer x64 (HKLM\...\{1BC0225E-AF99-4434-92CC-615111CE698F}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell SupportAssist Remediation (HKLM\...\{6B991B44-B938-4902-BDF3-186CBDC62AD3}) (Version: 5.1.4.11989 - Dell Inc.) Hidden
Dynamic Application Loader Host Interface Service (HKLM\...\{90BC69B6-C3DD-45E3-B2EE-354635A0329B}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Elevated Installer (HKLM-x32\...\{C3D3E0B3-6B8D-4AF4-B49A-3583E512ECE8}) (Version: 7.5.0.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson DS-40 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson DS-40 User’s Guide_is1) (Version: 1.0 - )
Epson Event Manager (HKLM-x32\...\{FAD39060-F2ED-4BEE-A0D9-B012794D9537}) (Version: 3.11.0054 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{28C66F35-69BF-4376-BC80-4D5F4808FF3C}) (Version: 4.6.1 - Seiko Epson Corporation)
EPSON WF-2530 Series Printer Uninstall (HKLM\...\EPSON WF-2530 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Config V4 (HKLM-x32\...\{08013FB5-DF8B-4D29-9B5E-B3DE88EBA6CA}) (Version: 4.9.4 - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC15014EA700}) (Version: 21.001.20135 - Adobe Systems Incorporated)
Garmin Express (HKLM-x32\...\{034F279C-D74E-42F2-8CEC-216E91969B29}) (Version: 7.5.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{afe06296-a3d5-48cf-88a2-77629aeb124b}) (Version: 7.5.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 98.0.4758.102 - Google LLC)
inReach Sync (HKLM-x32\...\{18289030-aeea-4897-8bdd-744743540a39}) (Version: 1.4.47.4776 - Garmin)
inReach Sync (HKLM-x32\...\{33594258-D04F-49B7-AE94-91D53B7B229A}) (Version: 1.4.47.4776 - Garmin) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{70281077-96c3-4f75-938c-dc4746110c00}) (Version: 10.1.17903.8106 - Intel® Corporation)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.5.10103.7263 - Intel Corporation)
Intel® HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 2.2.1.375 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2110.15.0.2210 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.7463 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.60.155.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{047f2156-ee7f-4a24-b3c2-c0c5c2c81557}) (Version: 1.60.155.0 - Intel Corporation) Hidden
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LibreView Device Drivers3.3.1 (HKLM-x32\...\{D2200BF1-9BF0-4C1C-9282-A727FFCC5046}) (Version: 3.3.1 - Newyu)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 98.0.1108.55 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 98.0.1108.55 - Microsoft Corporation)
Microsoft Office Home and Student 2019 - en-us (HKLM\...\HomeStudent2019Retail - en-us) (Version: 16.0.14827.20198 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{572E990E-67FD-4014-884C-A730BFC7E1D7}) (Version: 4.65.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29914 (HKLM-x32\...\{1b5476d9-ab8e-4b0d-b004-059a1bd5568b}) (Version: 14.28.29914.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 97.0.1 (x64 en-US)) (Version: 97.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 94.0.1 - Mozilla)
NT Wonder (HKLM-x32\...\NT Wonder) (Version: 1.00 - Foxwell)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14827.20198 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14827.20198 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14827.20198 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10527 - Qualcomm)
Quicken 2009 (HKLM-x32\...\{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}) (Version: 18.1.6.25 - Intuit)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9147.1 - Realtek Semiconductor Corp.)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
SmartPSS 2.0 (HKLM-x32\...\SmartPSS) (Version: 2.0 - )
TurboCAD Deluxe v12 (HKLM-x32\...\{2902BA57-1BB3-4EC6-91FB-8480F47FDA81}) (Version: 12.2 - IMSI)
TurboCAD Symbols (HKLM-x32\...\{40B62162-ADF5-485F-B81F-6344CB0E321B}) (Version: 12.0 - IMSI)
TurboTax 2019 (HKLM-x32\...\TurboTax 2019) (Version: 2019.0 - Intuit, Inc)
TurboTax 2020 (HKLM-x32\...\TurboTax 2020) (Version: 2020.0 - Intuit, Inc)
TurboTax 2021 (HKLM-x32\...\{19F2745D-A94D-40AB-A983-E9D0A57B1E50}) (Version: 021.000.0441 - Intuit Inc.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
wmeiperStateIS (HKLM-x32\...\{9E801FAF-9E1A-4235-BEFE-2EEC2FB8909D}) (Version: 021.000.0102 - Intuit Inc.) Hidden

Packages:
=========
eM Client -> C:\Program Files\WindowsApps\eMClient.20054CA46072C_8.2.1659.0_neutral__rq410mg92b554 [2021-10-23] (eM Client) [Startup Task]
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt [2021-12-04] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1020.0_x64__8j3eq9eme6ctt [2021-09-02] (INTEL CORP)
Media Suite Essentials for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.MediaSuiteEssentialsforDell_2.6.4028.0_x86__mcezb6ze687jp [2020-05-26] (CYBERLINK CORPORATION.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-10-28] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-10-28] (Microsoft Corporation) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-24] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-03-09] (Microsoft Corporation)
Power Media Player for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerMediaPlayerforDell_14.2.3708.0_x86__mcezb6ze687jp [2021-07-15] (CYBERLINK CORPORATION.)
Power2Go for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_11.0.3920.0_x86__mcezb6ze687jp [2020-05-26] (CYBERLINK CORPORATION.) [Startup Task]
PowerDirector for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerDirectorforDell_15.0.4409.0_x64__mcezb6ze687jp [2020-06-08] (CYBERLINK CORPORATION.)
Waves MaxxAudio Pro for Dell 2019 -> C:\Program Files\WindowsApps\WavesAudio.MaxxAudioProforDell2019_2.0.54.0_x64__fh4rh281wavaa [2020-06-06] (Waves Audio)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4217306530-3385283210-3420623960-1001_Classes\CLSID\{0BAD39CB-DD3E-4F21-9156-649B0156C28E}\localserver32 -> C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_b4d0b189ff2aba03\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\The Catman\Favorites\Computer carp**\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm

==================== Loaded Modules (Whitelisted) =============

2021-12-04 16:22 - 2021-12-04 16:23 - 042859520 _____ (Intel Corporation) [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt\IGCC.dll
2022-02-15 21:23 - 2022-02-15 21:24 - 000137168 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.95.0_x64__cw5n1h2txyewy\Dashboard\WebView2Loader.dll
2020-06-07 09:30 - 2011-08-30 12:38 - 000558080 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2020-06-07 09:30 - 2011-08-01 17:24 - 000250880 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enpres.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\S-1-5-21-4217306530-3385283210-3420623960-1001 -> DefaultScope {04689D37-0FA4-4508-A853-CDB3D64B50BC} URL =
SearchScopes: HKU\S-1-5-21-4217306530-3385283210-3420623960-1001 -> {04689D37-0FA4-4508-A853-CDB3D64B50BC} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-03] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-18 23:49 - 2019-03-18 23:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4217306530-3385283210-3420623960-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\The Catman\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.8.69
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: ABBYY.Licensing.FineReader.Sprint.9.0 => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: cplspcon => 2
MSCONFIG\Services: Dell SupportAssist Remediation => 2
MSCONFIG\Services: DellClientManagementService => 2
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: esifsvc => 2
MSCONFIG\Services: iaStorAfsService => 3
MSCONFIG\Services: igccservice => 2
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel® TPM Provisioning Service => 2
MSCONFIG\Services: IntelAudioService => 2
MSCONFIG\Services: IntuitUpdateServiceV4 => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: QcomWlanSrv => 2
MSCONFIG\Services: RAPSService => 2
MSCONFIG\Services: RNDBWM => 3
MSCONFIG\Services: RstMwService => 2
MSCONFIG\Services: RtkAudioUniversalService => 2
MSCONFIG\Services: SmartByte Analytics Service => 2
MSCONFIG\Services: SmartByte Network Service x64 => 2
MSCONFIG\Services: WavesSysSvc => 2
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKLM\...\StartupApproved\Run32: => "NT Wonder Pulse"
HKU\S-1-5-21-4217306530-3385283210-3420623960-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-4217306530-3385283210-3420623960-1001\...\StartupApproved\Run: => "EPSDNMON"
HKU\S-1-5-21-4217306530-3385283210-3420623960-1001\...\StartupApproved\Run: => "GarminExpress"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{97F838AD-F70E-44BF-B1C6-C636838EC490}C:\program files (x86)\smart professional surveillance system\pc-nvr\challenge.exe] => (Allow) C:\program files (x86)\smart professional surveillance system\pc-nvr\challenge.exe () [File not signed]
FirewallRules: [TCP Query User{0827016E-A51C-457D-9DC1-9EA358720B78}C:\program files (x86)\smart professional surveillance system\pc-nvr\challenge.exe] => (Allow) C:\program files (x86)\smart professional surveillance system\pc-nvr\challenge.exe () [File not signed]
FirewallRules: [UDP Query User{6092FEA5-DF08-40C6-A697-4451EF484EA0}C:\program files (x86)\smart professional surveillance system\smartpss\smartpss.exe] => (Allow) C:\program files (x86)\smart professional surveillance system\smartpss\smartpss.exe () [File not signed]
FirewallRules: [TCP Query User{286835E5-C56A-4416-9738-ED5AC5E8ED1D}C:\program files (x86)\smart professional surveillance system\smartpss\smartpss.exe] => (Allow) C:\program files (x86)\smart professional surveillance system\smartpss\smartpss.exe () [File not signed]
FirewallRules: [UDP Query User{A9B4C08D-5AA6-4732-91D5-9A3C8B13A2AA}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{97C55E96-E7FF-4B7B-BA28-ADA00837221E}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2F6CF651-DBC3-457D-9039-9047EC00BFD5}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.1.9611.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) [File not signed]
FirewallRules: [{F0F1C36D-54BE-4C3F-8B3E-A321E08BB7D3}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.1.9611.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) [File not signed]
FirewallRules: [{158F6E02-2C9F-4FB3-A8A3-3F33A0EF51F1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FCF69CC4-9013-42C9-A575-912E43FB34E2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8EEE78A3-431F-40AA-B1D0-08B037194E6E}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{F11CE1F7-6E7B-44D2-824A-08A23402A645}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{327CE0D1-9F12-4A36-A287-26EF67872A96}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AA5E305B-B2CE-41D7-8496-2609E451F82E}] => (Allow) LPort=2869
FirewallRules: [{2CDFB0C1-2BAC-48FF-8B7A-24E782135652}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{30DF689C-4A3E-4971-96FD-8EF1D482BE2C}C:\program files (x86)\smart professional surveillance system\pc-nvr\challenge.exe] => (Allow) C:\program files (x86)\smart professional surveillance system\pc-nvr\challenge.exe () [File not signed]
FirewallRules: [UDP Query User{B0965B4C-6788-4AFD-B005-AA52898F9678}C:\program files (x86)\smart professional surveillance system\pc-nvr\challenge.exe] => (Allow) C:\program files (x86)\smart professional surveillance system\pc-nvr\challenge.exe () [File not signed]
FirewallRules: [TCP Query User{0D05B4CD-BA91-44E0-B383-E3861313E57A}C:\program files (x86)\smart professional surveillance system\smartpss\smartpss.exe] => (Allow) C:\program files (x86)\smart professional surveillance system\smartpss\smartpss.exe () [File not signed]
FirewallRules: [UDP Query User{EF6D193E-2163-4334-A4D6-AC02C76FDD2F}C:\program files (x86)\smart professional surveillance system\smartpss\smartpss.exe] => (Allow) C:\program files (x86)\smart professional surveillance system\smartpss\smartpss.exe () [File not signed]
FirewallRules: [TCP Query User{52ECDDCD-A8B8-4008-99C7-CD054DB4BBDC}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [UDP Query User{5D665E8B-686E-4525-ABD7-CC944D15DEC0}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{E3721AF7-EB23-4DC0-9B6F-953C12DFA5CC}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_21253.510.996.1465_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C98EA76F-1BB3-4D52-9C33-0511EFFFD2CD}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_21253.510.996.1465_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C3863FB1-F02D-4591-8E1D-E4C0AE030CC7}] => (Allow) C:\Program Files (x86)\TurboTax\Individual 2021\32bit\CefSharp.BrowserSubprocess.exe (INTUIT INC. -> The CefSharp Authors)
FirewallRules: [{10B127AE-B6EF-4EE5-A95A-98FA87048120}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\98.0.1108.50\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F6CC4DF0-2D02-4EDE-BB3A-634612A843C6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{AC76F59C-8F0B-4DBE-9777-F0178583DA6D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{4DFA8944-9EAC-4944-AE27-51C3F9FA42F8}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{34E60A01-756F-4588-8B40-75A16312BA66}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{70EADFA6-9E61-46CF-B666-AF7661F40D42}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{205C157D-AFD0-470A-91BE-E6C5A1FD5EE3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{E4FBBCB6-7841-4CBE-98CA-21E357BBA314}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\98.0.1108.55\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7BAA7340-35C3-456F-86FA-4A6A6E480D21}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

26-01-2022 07:32:10 Windows Modules Installer
03-02-2022 10:08:21 Scheduled Checkpoint
09-02-2022 12:41:05 Windows Modules Installer
15-02-2022 22:00:07 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/18/2022 03:20:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OfficeC2RClient.exe, version: 16.0.14827.20188, time stamp: 0x61fc5bc6
Faulting module name: OfficeC2RClient.exe, version: 16.0.14827.20188, time stamp: 0x61fc5bc6
Exception code: 0xc0000005
Fault offset: 0x000000000047198b
Faulting process id: 0x1bb0
Faulting application start time: 0x01d82504a77df13f
Faulting application path: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
Faulting module path: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
Report Id: 357f2a33-c2ef-4d38-bd34-e931207c71e1
Faulting package full name:
Faulting package-relative application ID:

Error: (02/16/2022 04:00:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (02/16/2022 04:00:05 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (02/16/2022 04:00:04 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (02/16/2022 04:00:04 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (02/15/2022 04:54:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Widgets.exe, version: 421.20060.45.0, time stamp: 0x61f20c6e
Faulting module name: Widgets.exe, version: 421.20060.45.0, time stamp: 0x61f20c6e
Exception code: 0xc0000409
Fault offset: 0x000000000007adce
Faulting process id: 0x1e1c
Faulting application start time: 0x01d82251a28a5a76
Faulting application path: C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.45.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
Faulting module path: C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.45.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
Report Id: d403203c-549e-4cf9-8925-471e11812563
Faulting package full name: MicrosoftWindows.Client.WebExperience_421.20070.45.0_x64__cw5n1h2txyewy
Faulting package-relative application ID: App

Error: (02/12/2022 01:37:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.22000.469 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1380

Start Time: 01d81e07b951d2f4

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: 400a5874-7b6d-4c0f-911c-6b1e849a97b2

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (02/12/2022 11:38:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TurboTax.exe, version: 2021.47.17.75, time stamp: 0x6206cd2d
Faulting module name: KERNELBASE.dll, version: 10.0.22000.434, time stamp: 0x78dc11b6
Exception code: 0xc0020001
Fault offset: 0x0013ec52
Faulting process id: 0x2710
Faulting application start time: 0x01d82026960d2224
Faulting application path: C:\Program Files (x86)\TurboTax\Individual 2021\32bit\TurboTax.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: daf52092-818c-455f-9c80-5ba087fd9f04
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (02/18/2022 03:12:17 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{0D2AF80E-2401-4F28-A5B3-9100A168D99B} because another computer on the network has the same name.  The server could not start.

Error: (02/16/2022 07:18:21 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{0D2AF80E-2401-4F28-A5B3-9100A168D99B} because another computer on the network has the same name.  The server could not start.

Error: (02/16/2022 03:57:55 AM) (Source: DCOM) (EventID: 10010) (User: FUCKOFFYOUFUCKI)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (02/16/2022 03:57:55 AM) (Source: DCOM) (EventID: 10010) (User: FUCKOFFYOUFUCKI)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (02/16/2022 03:57:55 AM) (Source: DCOM) (EventID: 10010) (User: FUCKOFFYOUFUCKI)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (02/16/2022 03:57:55 AM) (Source: DCOM) (EventID: 10010) (User: FUCKOFFYOUFUCKI)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (02/16/2022 03:57:55 AM) (Source: DCOM) (EventID: 10010) (User: FUCKOFFYOUFUCKI)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (02/16/2022 03:57:55 AM) (Source: DCOM) (EventID: 10010) (User: FUCKOFFYOUFUCKI)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2022-02-18 16:25:17
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-02-15 22:44:19
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-02-13 13:19:00
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-02-12 11:48:05
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-02-09 12:27:51
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]

Date: 2022-02-16 04:14:49
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.359.295.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18900.3
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==================== Memory info ===========================

BIOS: Dell Inc. 1.16.0 10/04/2021
Motherboard: Dell Inc. 0WC8VH
Processor: Intel® Celeron® CPU 4205U @ 1.80GHz
Percentage of memory in use: 69%
Total physical RAM: 3973.67 MB
Available physical RAM: 1201.01 MB
Total Virtual: 23973.67 MB
Available Virtual: 20685.72 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.5 GB) (Free:629.54 GB) (Protected) NTFS

\\?\Volume{83b80f9a-adf6-407a-8b84-d1dec69c3040}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.27 GB) NTFS
\\?\Volume{02a0acc4-d4ec-4380-b48d-a63887189936}\ (Image) (Fixed) (Total:14.24 GB) (Free:0.16 GB) NTFS
\\?\Volume{e75f1141-50ad-419a-8a0a-47db271c52ff}\ (DELLSUPPORT) (Fixed) (Total:1.42 GB) (Free:0.62 GB) NTFS
\\?\Volume{567e2e22-ebb8-4415-921d-a9a87cb9ed84}\ (ESP) (Fixed) (Total:0.24 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B3BAF332)

Partition: GPT.

==================== End of Addition.txt =======================

[Juliet]

Yeah, had to take a second look at the computer name,  we'll move on.
 
Nothing malicious was found but I'll create a script to use Farbar Recovery Scan Tool to tidy up a couple of things.

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator, just open it and let it wait)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End:: (Inside the quote box)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start::
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {533CBE0A-AE30-41C4-B79B-992BD5E47FA2} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {D7474179-1B4D-43B8-ACEF-1A47F221372D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
CHR Profile: C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy [2017-06-01] <==== ATTENTION
CHR Profile: C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold [2017-06-01] <==== ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
ContextMenuHandlers1: [WINZIPSSSecureExt] -> {C2BB2CFD-5FBC-4a1f-94A8-4186D8602366} => -> No File
ContextMenuHandlers2: [WINZIPSSSecureExt] -> {C2BB2CFD-5FBC-4a1f-94A8-4186D8602366} => -> No File
ContextMenuHandlers6: [WINZIPSSSecureExt] -> {C2BB2CFD-5FBC-4a1f-94A8-4186D8602366} => -> No File
ShortcutWithArgument: C:\Users\Joshua\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
FirewallRules: [{AE4A418C-F13C-42C1-B962-DEA6DFB32979}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe => No File
FirewallRules: [{EA003B25-F32A-4797-BD18-9A27D79B8078}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe => No File
FirewallRules: [{2618A073-E039-4D7A-9D0F-3C8B811B9E25}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe => No File
FirewallRules: [{907837F9-09C2-4EE5-8DBD-6D9B01BB5209}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe => No File
FirewallRules: [{4385A0AF-E86E-4568-A21F-03BFBB1F25BD}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE => No File
FirewallRules: [{C0577731-6849-496F-9E4F-9EBCF4CDBACD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File
FirewallRules: [{A8B49718-4DC4-46F1-A573-99F1E8430E03}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
FirewallRules: [{80C14DBA-76D2-40E1-9C58-63DC59C643BB}] => (Allow) C:\Users\TEMP\AppData\Local\Programs\Fiddler\Fiddler.exe => No File
EmptyTemp:
C:\Windows\Temp\*.*
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Return to the Farbar Recovery Scan Tool app
Press the b]Fix button[/b]. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.
you can download AdwCleaner here: https://malwarebytes.com/adwcleaner

run AdwCleaner by clicking on Scan Now
when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
if it asks to reboot, allow the reboot
on reboot, click on View Log File; please attach the content of the log to your next reply.


============================================


Please post these 2 logs when finished.

[Catman686]

Thank you very much for the help. Here are the next set of logs that you requested.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-02-2022 01
Ran by The Catman (18-02-2022 18:24:28) Run:1
Running from C:\Users\The Catman\Desktop
Loaded Profiles: The Catman
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {533CBE0A-AE30-41C4-B79B-992BD5E47FA2} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {D7474179-1B4D-43B8-ACEF-1A47F221372D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
CHR Profile: C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy [2017-06-01] <==== ATTENTION
CHR Profile: C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold [2017-06-01] <==== ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
ContextMenuHandlers1: [WINZIPSSSecureExt] -> {C2BB2CFD-5FBC-4a1f-94A8-4186D8602366} => -> No File
ContextMenuHandlers2: [WINZIPSSSecureExt] -> {C2BB2CFD-5FBC-4a1f-94A8-4186D8602366} => -> No File
ContextMenuHandlers6: [WINZIPSSSecureExt] -> {C2BB2CFD-5FBC-4a1f-94A8-4186D8602366} => -> No File
ShortcutWithArgument: C:\Users\Joshua\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
FirewallRules: [{AE4A418C-F13C-42C1-B962-DEA6DFB32979}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe => No File
FirewallRules: [{EA003B25-F32A-4797-BD18-9A27D79B8078}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe => No File
FirewallRules: [{2618A073-E039-4D7A-9D0F-3C8B811B9E25}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe => No File
FirewallRules: [{907837F9-09C2-4EE5-8DBD-6D9B01BB5209}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe => No File
FirewallRules: [{4385A0AF-E86E-4568-A21F-03BFBB1F25BD}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE => No File
FirewallRules: [{C0577731-6849-496F-9E4F-9EBCF4CDBACD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File
FirewallRules: [{A8B49718-4DC4-46F1-A573-99F1E8430E03}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
FirewallRules: [{80C14DBA-76D2-40E1-9C58-63DC59C643BB}] => (Allow) C:\Users\TEMP\AppData\Local\Programs\Fiddler\Fiddler.exe => No File
EmptyTemp:
C:\Windows\Temp\*.*

*****************

Processes closed successfully.
Restore point was successfully created.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM\SOFTWARE\Policies\Mozilla => not found
HKLM\SOFTWARE\Policies\Google => not found
HKLM\SOFTWARE\Policies\Microsoft\Edge => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{533CBE0A-AE30-41C4-B79B-992BD5E47FA2}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7474179-1B4D-43B8-ACEF-1A47F221372D}" => not found
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => not found
"C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy" => not found
"C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold" => not found
HKLM\System\CurrentControlSet\Services\gupdate => removed successfully
gupdate => service removed successfully
HKLM\System\CurrentControlSet\Services\gupdatem => removed successfully
gupdatem => service removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WINZIPSSSecureExt => not found
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\WINZIPSSSecureExt => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WINZIPSSSecureExt => not found
"C:\Users\Joshua\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk" => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AE4A418C-F13C-42C1-B962-DEA6DFB32979}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EA003B25-F32A-4797-BD18-9A27D79B8078}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2618A073-E039-4D7A-9D0F-3C8B811B9E25}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{907837F9-09C2-4EE5-8DBD-6D9B01BB5209}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4385A0AF-E86E-4568-A21F-03BFBB1F25BD}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C0577731-6849-496F-9E4F-9EBCF4CDBACD}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A8B49718-4DC4-46F1-A573-99F1E8430E03}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{80C14DBA-76D2-40E1-9C58-63DC59C643BB}" => not found

=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\chrome_installer.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220209-1748.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220211-1552.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220212-0911.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220212-0954.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220212-1025.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220212-1149.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220212-1249.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220213-1007.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220213-1011.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220213-1309.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220213-1310.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220213-1314.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220213-1314a.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220213-1315.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220213-1315a.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220213-1319.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220214-0646.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220214-0653.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220214-1138.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220215-0441.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220215-0441a.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220215-1551.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220215-1551a.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220215-2247.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220216-0403.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220216-0410.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220216-0410a.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220216-0417.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220216-0423.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220216-0428.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220216-0743.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220218-1515.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220218-1519.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220218-1519a.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220218-1521.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220218-1527.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220218-1527a.log => moved successfully
C:\Windows\Temp\FUCKOFFYOUFUCKI-20220218-1528.log => moved successfully
Could not move "C:\Windows\Temp\FUCKOFFYOUFUCKI-20220218-1824.log" => Scheduled to move on reboot.
C:\Windows\Temp\MpSigStub.log => moved successfully
C:\Windows\Temp\msedge_installer.log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(202202181527231DC4).log => moved successfully
Could not move "C:\Windows\Temp\officeclicktorun.exe_streamserver(2022021818243820AC).log" => Scheduled to move on reboot.
C:\Windows\Temp\{2EE63078-0995-4506-9D45-180595905ADB} - OProcSessId.dat => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9552693 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 40 B
Edge => 0 B
Chrome => 36214572 B
Firefox => 41143197 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2450 B
NetworkService => 206364 B
The Catman => 72156055 B

RecycleBin => 322063 B
EmptyTemp: => 152.2 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 18-02-2022 18:33:29)

C:\Windows\Temp\FUCKOFFYOUFUCKI-20220218-1824.log => Is moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2022021818243820AC).log => Is moved successfully

==== End of Fixlog 18:33:29 ====

 

 

# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build:    11-18-2021
# Database: 2022-02-03.4 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    02-18-2022
# Duration: 00:00:56
# OS:       Windows 10 Pro
# Scanned:  32046
# Detected: 5


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\AGENT
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SAREMEDIATION\AGENT
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE
Preinstalled.EpsonCustomerResearchParticipation   Folder   C:\ProgramData\EPSON\EPSONCUSTOMERRESEARCHPARTICIPATION



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 

[Juliet]

Run Malwarebytes Anti-Malware

You may have Malwarebytes Anti-Malware installed but if not, you can download it from here:

• run the program
• click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
• click on the ‘Scan’ tab, (directly below the Dashboard tab)
• select the Threat Scan option
• slick the Scan Now button
• Threat Scan will begin
• when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
• if prompted to restart the computer, close all other programs and click Yes to restart your computer
• once you are back at your desktop, open MBAM once more
• click on the ‘Reports’ tab
• double-click on the most recent Scan Report
• click on Export, then Copy to Clipboard

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
 
Post this log when finished.
 
Still having a problem?

Also, consider using an Adblocker
https://www.mozilla....ures/adblocker/

[Catman686]

Here is the Malwarebytes log. Seems like I should be good to go.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/19/22
Scan Time: 9:48 AM
Log File: 082939e6-9193-11ec-9416-c03eba0f10f7.json

-Software Information-
Version: 4.5.4.168
Components Version: 1.0.1599
Update Package Version: 1.0.51355
License: Trial

-System Information-
OS: Windows 11 (Build 22000.527)
CPU: x64
File System: NTFS
User: FuckOffYouFuckingFuck\The Catman

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 292324
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 8 min, 47 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

[Juliet]

Seems like I should be good to go.

I'd say we're there, nothing malicious shows up.

How is the computer now?

[Catman686]

Seems fine. So I should be good to go.

 

Also, since you are a retired school teacher I wanted to apologize once again for having to endure the profane computer name. I developed a bad case of Sailor Mouth in the military and it still lingers 28 years later. My grandfather was an English teacher for 30 years and was also in the Navy. He tried to help me correct this malady but was never fully successful much to his chagrin. Oh well, there are certainly worse things in life I guess other than some embarrassment at occasionally offending complete strangers that are trying to help you out.

 

Take Care and thanks again,

 

The Catman

[Juliet]

I've seen many things over the years, so really no need to apologize because, there is much worse to endure.
 
I would like to take a moment to say Thank you for your time in the military and service to the country.
(I don't know if it's for the U.S. or abroad)
 
Let's remove tools used.
 
Use this tool to remove quarantined items:
 
Please download KpRm by Kernel-panik and save to your Desktop.

• Click on KpRm.exe to run the tool.

Vista/Windows 7/8/10 users right-click and select Run As Administrator.

• Put a check mark next to these items:

- Delete tools
- Delete now

• Click the "Run" button.

• When the tool has finished, it will create and open a log report and  delete itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Please read over a few preventive tips:

• Answers to common security questions - Best Practices by quietman7, MVP
• How Malware Spreads - How did I get infected? by quietman7, MVP
• Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
• How to Prevent Malware by miekiemoes, MVP
• How to backup and restore your data using Cobian Backup by YourHighness
• Slow Computer/browser? It May Not Be Malware by quietman7, MVP

• AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
• Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
• Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
• NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
• Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
• Secunia PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
• For those interested in how to make a backup of your computer
  https://forums.malwa...ackup-software/

[Catman686]

 I served in the US Navy Submarine Service. No need for the thanks but you are welcome.

 

Thanks again and take care.

 

The Catman

[Juliet]

Glad we could help.
Since this issue appears resolved ... this Topic is closed.