WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93100 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Starting a new thread & removal of en.softonic.com malware

Started by terryfelter , Jun 04 2022 10:32 AM

This topic is locked

13 replies to this topic

#1 terryfelter

Authentic Member

Authentic Member
210 posts

Posted 04 June 2022 - 10:32 AM

Its been a long time since my last visit and help, however about 3 weeks ago I downloaded some game and now I have this annoying bunch of pop-ups "warning my PC may be infected".

Well I read the instructions to download FRST removal tool and I can't get Microsoft to allow the downloading to complete.

So first question is ho to get the file downloaded to even start a removal?

Advertisements

Register to Remove

#2 terryfelter

Authentic Member

Authentic Member
210 posts

Posted 04 June 2022 - 10:59 AM

OK, I fiddled with MS and finally was able to download.

I have attached the files generated.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-06-2022 01

Ran by Terry Felter (administrator) on TERRYFELTER-PC (Dell Inc. Latitude E5530 non-vPro) (04-06-2022 11:47:25)

Running from C:\Users\Terry Felter\Downloads

Loaded Profiles: Terry Felter

Platform: Microsoft Windows 7 Professional Service Pack 1 (X64) Language: English (United States)

Default browser: Edge

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe

(C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE ->) (Dell Inc.) [File not signed] C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE

(C:\Program Files\DellTPad\Apoint.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

(C:\Program Files\DellTPad\Apoint.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(explorer.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

(explorer.exe ->) (Dell Inc. -> Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe

(explorer.exe ->) (Dell Inc. -> Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe

(explorer.exe ->) (Dell Inc.) [File not signed] [File is in use] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <40>

(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\regedit.exe

(explorer.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(explorer.exe ->) (Scarlet.Crush Productions) [File not signed] C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpTrayApp.exe

(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe

(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

(services.exe ->) (Broadcom Corporation) [File not signed] C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe

(services.exe ->) (Dell Inc. -> Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe

(services.exe ->) (Dell Inc.) [File not signed] C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

(services.exe ->) (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(services.exe ->) (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(services.exe ->) (Intel® Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe

(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(services.exe ->) (O2Micro Inc. -> O2Micro International) C:\Windows\System32\o2flash.exe

(services.exe ->) (Scarlet.Crush Productions) [File not signed] [File is in use] C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [7469568 2012-01-18] (Dell Inc.) [File not signed] [File is in use]

HKLM\...\Run: [DFEPApplication] => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-15] (Dell Inc. -> Dell Inc.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)

HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-11-13] (Intel Corporation - Software and Firmware Products -> Intel Corporation)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation -> Intel Corporation)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation -> Intel Corporation)

HKU\S-1-5-21-3168039627-3718610935-1345992466-1000\...\Run: [MicrosoftEdgeAutoLaunch_5E6B25E9ECB97753DAF4B983F8A90770] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3547064 2022-05-19] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-3168039627-3718610935-1345992466-1000\...\MountPoints2: {f0732a2c-5f9c-11e8-90d0-f01faf01a6d9} - E:\StartClickFreeBackup.exe

HKU\S-1-5-21-3168039627-3718610935-1345992466-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Windows -> Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScpToolkit Tray Notifications.lnk [2019-06-09]

ShortcutTarget: ScpToolkit Tray Notifications.lnk -> C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpTrayApp.exe (Scarlet.Crush Productions) [File not signed]

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2018-05-23]

ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc. -> Dell Inc.)

Startup: C:\Users\Terry Felter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2018-05-23]

ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc. -> Dell Inc.)

GroupPolicy: Restriction ? <==== ATTENTION

Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {12DF4D22-C3BC-4200-A4E4-30BDEAFDBFBB} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)

Task: {2CDF2EA4-0338-4F54-80E6-527BCFFC1B40} - System32\Tasks\TradeStation Backup - Weekly => C:\Program Files (x86)\TradeStation 9.5\Program\TSBackupRestore.exe [62224 2018-11-30] (TradeStation Technologies, Inc. -> TradeStation Technologies, Inc.) -> /Backup C:\Program Files (x86)\TradeStation 9.5\Templates\Backup\Weekly.tsb

Task: {2F1A3E51-8EBF-47BF-8CC0-6648CE0364BF} - System32\Tasks\TradeStation Backup - Monthly => C:\Program Files (x86)\TradeStation 9.5\Program\TSBackupRestore.exe [62224 2018-11-30] (TradeStation Technologies, Inc. -> TradeStation Technologies, Inc.) -> /Backup C:\Program Files (x86)\TradeStation 9.5\Templates\Backup\Monthly.tsb

Task: {462E3573-5331-4ED2-84E6-31B62F0D31EF} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate

Task: {89DF9061-D56B-470B-9F25-5B9AD971AFA6} - System32\Tasks\updater => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe [464384 2016-01-10] (Nefarius Software Solutions) [File not signed]

Task: {89EDD544-D74F-40EA-9370-8CBD4538580F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)

Task: {92FF614D-95EF-413A-9689-E89464BC27AE} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"

Task: {C97B72B7-F57B-44CF-81B3-638301A186F3} - System32\Tasks\{BF8E9827-F068-4B91-9ADC-501774FA83CE} => C:\Windows\system32\pcalua.exe -a "C:\Users\Terry Felter\Downloads\heroes_might_magic_5_3.01_eu.exe" -d "C:\Users\Terry Felter\Downloads"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\TradeStation Backup - Monthly.job => C:\Program Files (x86)\TradeStation 9.5\Program\TSBackupRestore.exeM/Backup C:\Program Files (x86)\TradeStation 9.5\Templates\Backup\Monthly.tsb

Task: C:\Windows\Tasks\TradeStation Backup - Weekly.job => C:\Program Files (x86)\TradeStation 9.5\Program\TSBackupRestore.exeL/Backup C:\Program Files (x86)\TradeStation 9.5\Templates\Backup\Weekly.tsb

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Tcpip\..\Interfaces\{773FB042-95EC-4BFF-8D11-A116E38E5EDC}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{EEFAE6F4-0A5A-4212-BAE0-72AE6F002F19}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Edge:

=======

Edge DefaultProfile: Default

Edge Profile: C:\Users\Terry Felter\AppData\Local\Microsoft\Edge\User Data\Default [2022-06-04]

Edge Notifications: Default -> hxxps://en.softonic.com; hxxps://poker-world-offline.en.softonic.com

Edge HomePage: Default -> hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE12&ocid=UE12DHP

FireFox:

========

FF DefaultProfile: scha1b76.default-1587942500426

FF ProfilePath: C:\Users\Terry Felter\AppData\Roaming\Mozilla\Firefox\Profiles\scha1b76.default-1587942500426 [2022-04-17]

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)

FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)

FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)

FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-13] (Intel® Identity Protection Technology Software -> Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-13] (Intel® Identity Protection Technology Software -> Intel Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-3168039627-3718610935-1345992466-1000: jpl.nasa.gov/NASAEyes -> C:\Users\Terry Felter\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2019-01-25] (NASA Jet Propulsion Laboratory -> Jet Propulsion Laboratory)

FF Plugin HKU\S-1-5-21-3168039627-3718610935-1345992466-1000: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2022-05-30] (TD Ameritrade -> TD Ameritrade)

FF Plugin HKU\S-1-5-21-3168039627-3718610935-1345992466-1000: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2022-05-30] (TD Ameritrade -> TD Ameritrade)

FF Plugin HKU\S-1-5-21-3168039627-3718610935-1345992466-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2022-03-19] (Ubisoft Entertainment Sweden AB -> )

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)

R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [163840 2011-11-30] (Broadcom Corporation) [File not signed]

S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-03-20] (Microsoft Corporation -> Microsoft Corporation)

S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [158912 2019-03-28] (Microsoft Dynamic Code Publisher -> Microsoft Corporation)

S3 ComboCleaner.Guard; C:\Program Files (x86)\Combo Cleaner\ComboCleaner.Guard.exe [143488 2021-11-05] (RCS LT, UAB -> RCS LT)

S3 ComboCleaner.WinService; C:\Program Files (x86)\Combo Cleaner\ComboCleaner.WinService.exe [151168 2021-11-05] (RCS LT, UAB -> RCS LT)

R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc. -> Dell Inc.)

R2 Ds3Service; C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe [389632 2016-01-10] (Scarlet.Crush Productions) [File not signed] [File is in use]

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8524512 2022-05-14] (Malwarebytes Inc. -> Malwarebytes)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)

R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro Inc. -> O2Micro International)

R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-02-05] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)

S3 updater; C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe [464384 2016-01-10] (Nefarius Software Solutions) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-07-22] (Microsoft Windows -> Microsoft Corporation)

R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6157312 2012-01-18] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BdDci; C:\Windows\System32\DRIVERS\bddci.sys [802976 2020-12-04] (Bitdefender SRL -> Bitdefender)

S3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [176008 2021-09-30] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender LLC)

S3 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [47200 2019-06-09] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)

R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2022-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239560 2022-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)

R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)

R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)

R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [22128 2011-07-15] (STMicroelectronics -> ST Microelectronics)

R3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [544768 2013-02-05] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)

S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [615840 2021-10-01] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)

S3 Delldiag; \??\C:\CTS\DellDiags\WBT_W64\DDDriver.sys [X]

S3 DellWAL; \??\C:\__de11csattestfolder__\battery\DDDriver64Dcsa.sys [X]

S3 WinRing0_1_2_0; \??\C:\CTS\Test\OpenHardwareMonitorLib.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-06-04 11:47 - 2022-06-04 11:48 - 000019003 _____ C:\Users\Terry Felter\Downloads\FRST.txt

2022-06-04 11:46 - 2022-06-04 11:47 - 000000000 ____D C:\FRST

2022-06-04 11:46 - 2022-06-04 11:46 - 000000000 ____D C:\Users\Terry Felter\Downloads\FRST-OlderVersion

2022-06-04 11:45 - 2022-06-04 11:46 - 002368000 _____ (Farbar) C:\Users\Terry Felter\Downloads\FRST64.exe

2022-06-04 09:43 - 2022-06-04 09:43 - 000223176 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys

2022-05-21 10:45 - 2022-06-04 10:34 - 000000000 ____D C:\Program Files\Mozilla Firefox

2022-05-14 12:02 - 2022-05-14 12:05 - 000000000 ____D C:\Program Files (x86)\Combo Cleaner

2022-05-14 12:02 - 2022-05-14 12:02 - 000001896 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Combo Cleaner.lnk

2022-05-14 12:02 - 2022-05-14 12:02 - 000001890 _____ C:\Users\Public\Desktop\Combo Cleaner.lnk

2022-05-14 12:02 - 2022-05-14 12:02 - 000000000 ____D C:\Users\Terry Felter\AppData\Local\RCS_LT

2022-05-14 12:01 - 2022-05-14 12:01 - 003594016 _____ (RCS LT) C:\Users\Terry Felter\Downloads\CCSetup.exe

2022-05-14 11:44 - 2022-05-14 11:44 - 000000000 ____D C:\Users\Terry Felter\AppData\Local\mbam

2022-05-14 11:43 - 2022-05-14 11:43 - 000239560 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys

2022-05-14 11:43 - 2022-05-14 11:43 - 000001962 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk

2022-05-14 11:43 - 2022-05-14 11:43 - 000001950 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2022-05-14 11:43 - 2022-05-14 11:42 - 000103888 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys

2022-05-14 11:42 - 2022-05-14 11:42 - 000000000 ____D C:\ProgramData\Malwarebytes

2022-05-14 11:42 - 2022-05-14 11:42 - 000000000 ____D C:\Program Files\Malwarebytes

2022-05-14 11:41 - 2022-05-14 11:41 - 002443448 _____ (Malwarebytes) C:\Users\Terry Felter\Downloads\MBSetup-119181.119181-consumer.exe

2022-05-08 09:49 - 2022-05-08 09:49 - 000000000 ____D C:\Users\Terry Felter\Documents\Campaigns

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-06-04 11:28 - 2009-07-13 23:45 - 000034832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2022-06-04 11:28 - 2009-07-13 23:45 - 000034832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2022-06-04 10:34 - 2018-12-20 19:37 - 000000000 ____D C:\Users\Terry Felter\AppData\LocalLow\Mozilla

2022-06-04 09:48 - 2020-11-15 00:42 - 000002225 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2022-06-04 09:48 - 2020-11-15 00:42 - 000002184 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk

2022-06-04 09:42 - 2018-05-30 17:45 - 000000000 __SHD C:\Users\Terry Felter\IntelGraphicsProfiles

2022-06-04 09:42 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2022-05-30 21:28 - 2018-06-19 13:53 - 000000000 ____D C:\Users\Terry Felter\.thinkorswim

2022-05-30 21:28 - 2018-06-19 13:52 - 000000000 ____D C:\Program Files\thinkorswim

2022-05-30 15:19 - 2022-03-05 14:35 - 000000000 ____D C:\Program Files\Cheat Engine 7.4

2022-05-28 09:29 - 2018-05-24 20:41 - 000000000 ____D C:\Users\Terry Felter\AppData\Roaming\Simple Sudoku

2022-05-28 09:16 - 2018-12-20 19:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2022-05-22 10:38 - 2018-06-24 13:04 - 000000000 ____D C:\Users\Terry Felter\AppData\Local\CrashDumps

2022-05-21 17:35 - 2022-04-16 10:30 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla

2022-05-21 10:39 - 2009-07-14 00:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI

2022-05-21 10:39 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf

2022-05-15 03:05 - 2018-05-30 17:03 - 000000000 ____D C:\Windows\system32\MRT

2022-05-15 03:01 - 2018-05-30 17:03 - 145501456 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

2022-05-14 19:10 - 2018-06-17 08:24 - 000000612 _____ C:\Windows\Tasks\TradeStation Backup - Weekly.job

2022-05-14 18:34 - 2018-05-30 12:48 - 000000000 ____D C:\Program Files (x86)\TradeStation Archives

2022-05-14 12:42 - 2018-05-24 19:32 - 000000000 ____D C:\Users\Terry Felter\Documents\SoftwareUpdates

2022-05-14 12:02 - 2018-05-23 11:12 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2022-05-08 10:28 - 2018-05-24 19:25 - 000000000 ____D C:\Users\Terry Felter\Documents\Access

2022-05-08 10:09 - 2018-05-24 19:25 - 000000000 ____D C:\Users\Terry Felter\Desktop\UserMODs

2022-05-08 09:57 - 2018-05-24 19:26 - 000000000 ____D C:\Users\Terry Felter\Documents\Companies

2022-05-07 18:13 - 2018-06-17 08:24 - 000000616 _____ C:\Windows\Tasks\TradeStation Backup - Monthly.job

==================== Files in the root of some directories ========

2018-05-24 18:09 - 2018-05-24 18:09 - 000000320 _____ () C:\Users\Terry Felter\AppData\Roaming\SEC629985.trad

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2022-05-28 12:08

==================== End of FRST.txt ========================

And the addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-06-2022 01

Ran by Terry Felter (04-06-2022 11:49:31)

Running from C:\Users\Terry Felter\Downloads

Microsoft Windows 7 Professional Service Pack 1 (X64) (2018-05-24 22:05:07)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3168039627-3718610935-1345992466-500 - Administrator - Disabled)

Guest (S-1-5-21-3168039627-3718610935-1345992466-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3168039627-3718610935-1345992466-1002 - Limited - Enabled)

Terry Felter (S-1-5-21-3168039627-3718610935-1345992466-1000 - Administrator - Enabled) => C:\Users\Terry Felter

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}

AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{0C518F4B-8D5A-47A6-A1E2-B3F371486118}) (Version: 15.2.1.3 - Broadcom Corporation)

Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine)

Cheat Engine 7.0 (HKLM\...\Cheat Engine 7.0_is1) (Version: - Cheat Engine)

Cheat Engine 7.4 (HKLM\...\Cheat Engine_is1) (Version: - Cheat Engine)

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden

Combo Cleaner (HKLM\...\{8C9F8853-52F7-46F3-BC78-98001D3FF40C}) (Version: 1.0.58.0 - RCS LT) Hidden

Combo Cleaner (HKLM-x32\...\InstallShield_{8C9F8853-52F7-46F3-BC78-98001D3FF40C}) (Version: 1.0.58.0 - RCS LT)

Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.2.1 - Dell)

Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)

DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.82.124 - Dell Inc.)

eSignal (HKLM-x32\...\{3E4338A2-CBBF-4103-BBE3-89AAE077816F}) (Version: 10.6.2425.1208 - eSignal) Hidden

eSignal 10.6 (HKLM-x32\...\eSignal) (Version: 10.6.2425.1208 - eSignal)

Heroes of Might and Magic V - Tribes of the East (HKLM-x32\...\{66FF4C48-0083-4E60-8556-B883AB200092}) (Version: - )

Heroes of Might and Magic® III (HKLM-x32\...\Heroes of Might and Magic® III) (Version: - )

HxD Hex Editor 2.5 (HKLM\...\HxD_is1) (Version: 2.5 - Maël Hörz)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)

Intel® Trusted Connect Service Client (HKLM\...\{B5E06417-A4AC-4225-B36E-7E34C91616E7}) (Version: 1.31.8.1 - Intel Corporation) Hidden

IZArc 4.3 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.3 - Ivan Zahariev)

Malwarebytes version 4.5.9.198 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.9.198 - Malwarebytes)

Might & Magic Heroes VI (HKLM-x32\...\{745D37C2-26F4-4B65-BA13-F9840EBFA75B}) (Version: 1.8 - Ubisoft)

MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)

Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 100.0.2 (x64 en-US)) (Version: 100.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla)

PhotoRazor (HKLM-x32\...\PhotoRazor) (Version: - )

ScpToolkit (HKLM\...\{AC052048-9828-45E3-872B-04CE30A3B58B}) (Version: 1.6.238.16010 - Nefarius Software Solutions)

Simple Sudoku 4.2 (HKLM-x32\...\Simple Sudoku_is1) (Version: - )

Snagit 11 (HKLM-x32\...\{F8E3C768-71F3-11E1-9DF7-70804824019B}) (Version: 11.0.1 - TechSmith Corporation)

ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0036 - ST Microelectronics)

TextPad 4 (HKLM-x32\...\TextPad 4) (Version: - )

thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)

TradeStation 9.5 (HKLM-x32\...\{E02A3EE0-1193-454C-8E59-BDFCE6EC7B22}) (Version: 9.05.01.3344 - TradeStation Technologies)

Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

VLC media player (HKLM\...\VLC media player) (Version: 3.0.14 - VideoLAN)

Wizardry 8 (HKLM-x32\...\Wizardry 8) (Version: - )

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3168039627-3718610935-1345992466-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel® pGFX -> Intel Corporation)

ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)

ContextMenuHandlers1: [IZArcCM] -> {BC593DF5-466F-44EC-8FFD-C4DBC603B917} => C:\Program Files (x86)\IZArc\IZArcCM64.dll [2012-07-20] () [File not signed]

ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 11\DLLx64\SnagitShellExt64.dll [2012-05-16] (TechSmith Corporation -> TechSmith Corporation)

ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-14] (Malwarebytes Inc. -> Malwarebytes)

ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)

ContextMenuHandlers4: [IZArcCM] -> {BC593DF5-466F-44EC-8FFD-C4DBC603B917} => C:\Program Files (x86)\IZArc\IZArcCM64.dll [2012-07-20] () [File not signed]

ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 11\DLLx64\SnagitShellExt64.dll [2012-05-16] (TechSmith Corporation -> TechSmith Corporation)

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File

ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-06-02] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-14] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::

WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]

WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

ShortcutWithArgument: C:\Users\Terry Felter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge (2).lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2018-05-23 11:16 - 2012-05-30 13:55 - 000059904 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2014-05-02 11:52 - 2014-05-02 11:52 - 000599040 _____ () [File not signed] [File is in use] C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\irrKlang.NET4.dll

2018-05-24 21:10 - 2012-07-20 14:39 - 002469888 _____ () [File not signed] C:\Program Files (x86)\IZArc\IZArcCM64.dll

2014-05-02 06:55 - 2014-05-02 06:55 - 000185344 _____ () [File not signed] C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\ikpflac.dll

2014-05-02 06:05 - 2014-05-02 06:05 - 000173056 _____ () [File not signed] C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\ikpmp3.dll

2019-06-11 10:41 - 2019-06-11 10:41 - 000172544 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\59287b78c3ec80a796fc72e83bac8716\IsdiInterop.ni.dll

2020-11-15 08:43 - 2020-11-15 08:43 - 000315392 _____ () [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ReactiveSockets\8937264a9d414cb8b6bf90f44289214b\ReactiveSockets.ni.dll

2015-08-28 20:16 - 2015-08-28 20:16 - 003496448 _____ (akeo.ie) [File not signed] C:\Program Files\Nefarius Software Solutions\ScpToolkit\libwdi\amd64\libwdi.dll

2020-11-15 08:43 - 2020-11-15 08:43 - 000356864 _____ (Benjamin Höglinger) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Libarius\8cb140813190cfbe721b9ddb19f71cf6\Libarius.ni.dll

2018-05-23 11:11 - 2018-05-23 11:11 - 000066560 _____ (Broadcom Corporation) [File not signed] [File is in use] C:\Windows\assembly\GAC_64\bcmwlrmt\5.100.82.0__6d6a20262490fcdc\bcmwlrmt.dll

2018-05-23 11:10 - 2012-01-18 16:01 - 000073728 _____ (Broadcom Corporation) [File not signed] C:\Windows\system32\wltrynt.dll

2020-11-15 08:42 - 2020-11-15 08:42 - 001546240 _____ (dbreeze.tiesky.com) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DBreeze\50c964048ec3a5039b80371df3637463\DBreeze.ni.dll

2018-05-23 11:10 - 2012-01-18 16:01 - 002914304 _____ (Dell Inc.) [File not signed] [File is in use] C:\Program Files\Dell\DW WLAN Card\bcmpeerapi.dll

2020-11-15 08:43 - 2020-11-15 08:43 - 000760320 _____ (Galos) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CSScriptLibrary\bc212c4bcea7e4ed895fad6e6558fa25\CSScriptLibrary.ni.dll

2020-11-15 08:43 - 2020-11-15 08:43 - 000629760 _____ (Illusory Studios LLC) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\HidSharp\b425364bca89ce7b8317307ac01e9d6d\HidSharp.ni.dll

2019-06-11 10:41 - 2019-06-11 10:41 - 000014336 _____ (Intel Corp.) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\5f39005543919a2bd9bbf96f2173ba9d\IAStorCommon.ni.dll

2018-05-23 11:16 - 2012-05-30 13:55 - 000176128 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorUIHelper.dll

2018-05-23 11:16 - 2012-05-30 13:55 - 001319424 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IntelVisualDesign.dll

2018-05-23 11:16 - 2012-05-30 13:43 - 000279552 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\ISDI.dll

2018-05-23 11:15 - 2013-02-22 05:38 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll

2020-04-11 10:33 - 2020-04-11 10:33 - 000229376 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\969c90941cf6f8fe7fec9da7cf0d5ad3\IAStorDataMgr.ni.dll

2020-04-11 10:33 - 2020-04-11 10:33 - 000489472 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4c7e9c41295d9d7a77590986b08fac83\IAStorUtil.ni.dll

2020-11-15 08:43 - 2020-11-15 08:43 - 000284160 _____ (MadMilkman) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\MadMilkman.Ini\43e6cab53466f971172ce18ac31a3a01\MadMilkman.Ini.ni.dll

2020-11-15 08:42 - 2020-11-15 08:42 - 000150528 _____ (michaelnoonan) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsInput\a6eb65228b9994e734e86cc17ec9b353\WindowsInput.ni.dll

2018-11-18 22:43 - 2018-11-18 22:43 - 000245760 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcm90.dll

2019-07-28 16:58 - 2019-07-28 16:58 - 000225280 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll

2020-11-15 08:43 - 2020-11-15 08:43 - 005551616 _____ (Mono development team) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Mono.CSharp\5cb33fa795ee3115256e351780ab2711\Mono.CSharp.ni.dll

2020-11-15 08:43 - 2020-11-15 08:43 - 002821632 _____ (Newtonsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Newtonsoft.Json\fe3ad868e520456efb43f428b82dfbc2\Newtonsoft.Json.ni.dll

2020-11-15 08:43 - 2020-11-15 08:43 - 000159744 _____ (Richard Deeming) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Trinet.Core.IO.Ntfs\0d7043fc4ac9eeacd5cc54702b9c9307\Trinet.Core.IO.Ntfs.ni.dll

2020-11-15 08:42 - 2020-11-15 08:42 - 000164352 _____ (Scarlet.Crush Productions) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ScpControl.Shared\ab02b0255e4fb4e6bd2b2ea250d3b03b\ScpControl.Shared.ni.dll

2020-11-15 08:42 - 2020-11-15 08:42 - 001137664 _____ (Scarlet.Crush Productions) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ScpControl\b901b553c8246427939057c2038cbceb\ScpControl.ni.dll

2020-11-15 08:41 - 2020-11-15 08:41 - 000978432 _____ (The Apache Software Foundation) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\log4net\952ec3e787983f4cb8b18635dfae514b\log4net.ni.dll

2018-05-23 11:10 - 2012-01-18 16:01 - 000342528 _____ (TODO: <Company name>) [File not signed] C:\Program Files\Dell\DW WLAN Card\bcmfshapi.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\S-1-5-21-3168039627-3718610935-1345992466-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files\Dell\DW WLAN Card;;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\eSignal\

HKU\S-1-5-21-3168039627-3718610935-1345992466-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Terry Felter\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 75.75.75.75 - 75.75.76.76

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [TCP Query User{E302487E-F41D-488C-8496-5C6517ADCC0C}C:\program files (x86)\esignal\winros.exe] => (Allow) C:\program files (x86)\esignal\winros.exe (eSignal) [File not signed]

FirewallRules: [UDP Query User{527DC192-A976-4CB1-953F-B826996AA289}C:\program files (x86)\esignal\winros.exe] => (Allow) C:\program files (x86)\esignal\winros.exe (eSignal) [File not signed]

FirewallRules: [{78355A5A-BA79-4A6B-8AC8-E70D47A70DB8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{E391AF49-CAD6-4A38-81F9-CEA08120C1CC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{B583E24F-A490-4E20-A1A5-F5628FEBD976}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft Entertainment Sweden AB -> Ubisoft)

FirewallRules: [{7FF027A5-47B4-45B1-B8E6-D069F46F64DA}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft Entertainment Sweden AB -> Ubisoft)

FirewallRules: [{360AE6B8-70EC-4F49-9D04-459D2FE60F35}] => (Allow) C:\Program Files (x86)\Ubisoft\Might & Magic Heroes VI\Might & Magic Heroes VI.exe (Limbic Entertainment GmbH -> Black Hole Entertainment)

FirewallRules: [{F8D2AF3F-DA65-4151-AE3F-A873963F7B23}] => (Allow) C:\Program Files (x86)\Ubisoft\Might & Magic Heroes VI\Might & Magic Heroes VI.exe (Limbic Entertainment GmbH -> Black Hole Entertainment)

FirewallRules: [TCP Query User{61437A26-B36B-4B9D-BD1F-DBD893965E63}C:\program files\cheat engine 7.0\cheatengine-x86_64.exe] => (Allow) C:\program files\cheat engine 7.0\cheatengine-x86_64.exe (Cheat Engine -> Cheat Engine)

FirewallRules: [UDP Query User{FE167BD0-5F4A-4BE6-BA7D-31A86D8A18D4}C:\program files\cheat engine 7.0\cheatengine-x86_64.exe] => (Allow) C:\program files\cheat engine 7.0\cheatengine-x86_64.exe (Cheat Engine -> Cheat Engine)

==================== Restore Points =========================

15-05-2022 03:00:20 Windows Update

21-05-2022 10:48:01 Windows Update

28-05-2022 09:29:06 Windows Update

04-06-2022 09:55:28 Windows Update

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:

==================

Error: (06/04/2022 09:42:31 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/30/2022 09:02:41 AM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (05/29/2022 07:00:30 AM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (05/28/2022 09:16:48 AM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (05/22/2022 10:37:34 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: H5_Game.exe, version: 3.1.2.98, time stamp: 0x48469f9f

Faulting module name: H5_Game.exe, version: 3.1.2.98, time stamp: 0x48469f9f

Exception code: 0xc0000005

Fault offset: 0x005b9228

Faulting process id: 0x1928

Faulting application start time: 0x01d86d2f7254e986

Faulting application path: C:\Program Files (x86)\Ubisoft\Heroes of Might and Magic V - Tribes of the East\bin\H5_Game.exe

Faulting module path: C:\Program Files (x86)\Ubisoft\Heroes of Might and Magic V - Tribes of the East\bin\H5_Game.exe

Report Id: 190d7e81-d9e5-11ec-9fe9-f01faf01a6d9

Error: (05/21/2022 10:34:01 AM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (05/14/2022 10:26:48 AM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (05/08/2022 01:10:23 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: H5_Game.exe, version: 3.1.2.98, time stamp: 0x48469f9f

Faulting module name: H5_Game.exe, version: 3.1.2.98, time stamp: 0x48469f9f

Exception code: 0xc0000005

Fault offset: 0x0067cb54

Faulting process id: 0x4d4

Faulting application start time: 0x01d862f2bc8c034e

Faulting application path: C:\Program Files (x86)\Ubisoft\Heroes of Might and Magic V - Tribes of the East\bin\H5_Game.exe

Faulting module path: C:\Program Files (x86)\Ubisoft\Heroes of Might and Magic V - Tribes of the East\bin\H5_Game.exe

Report Id: 20ce2de6-cefa-11ec-9fb9-f01faf01a6d9

System errors:

=============

Error: (06/04/2022 11:54:06 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.

Error: (05/29/2022 07:21:23 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 40.

Error: (05/29/2022 07:21:23 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 70.

Error: (05/28/2022 09:42:01 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 40.

Error: (05/28/2022 09:42:01 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 70.

Error: (05/22/2022 04:52:55 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 40.

Error: (05/22/2022 04:52:54 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 70.

Error: (05/21/2022 11:01:07 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 40.

Windows Defender:

================Event[0]:

Date: 2018-07-05 10:04:52.965

Description:

Windows Defender has encountered an error trying to update signatures.

New Signature Version:1.271.442.0

Previous Signature Version:1.269.1075.0

Update Source:User

Signature Type:AntiSpyware

Update Type:Delta

Current Engine Version:1.1.15000.2

Previous Engine Version:1.1.14901.4

Error code:0x80070666

Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2018-07-05 10:04:52.965

Description:

Windows Defender has encountered an error trying to update the engine.

New Engine Version:1.1.15000.2

Previous Engine Version:1.1.14901.4

Update Source:User

Error Code:0x80070666

==================== Memory info ===========================

BIOS: Dell Inc. A20 02/21/2018

Motherboard: Dell Inc.

Processor: Intel® Core™ i7-3540M CPU @ 3.00GHz

Percentage of memory in use: 70%

Total physical RAM: 8096.87 MB

Available physical RAM: 2382.88 MB

Total Virtual: 16191.88 MB

Available Virtual: 6413.95 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:297.26 GB) (Free:125.47 GB) (Model: WDC WD3200LPLX-75ZNTT0) NTFS

Drive d: () (CDROM) (Total:0 GB) (Free:0 GB)

\\?\Volume{497d3ec4-5eb0-11e8-ae20-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:0.73 GB) (Free:0.52 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 5B05B263)

Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)

Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=297.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

#3 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 05 June 2022 - 10:16 AM

I didn't see anything obvious

Since you already have MalwareBytes onboard, open the app, check for updates and run a new scan.

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.
you can download AdwCleaner here: https://malwarebytes.com/adwcleaner

run AdwCleaner by clicking on Scan Now
when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
if it asks to reboot, allow the reboot
on reboot, click on View Log File; please attach the content of the log to your next reply.

============================================

Please post these 2 logs when finished.

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#4 terryfelter

Authentic Member

Authentic Member
210 posts

Posted 05 June 2022 - 12:07 PM

Here are the two files from AdwClearer

# -------------------------------

# Malwarebytes AdwCleaner 8.3.2.0

# -------------------------------

# Build: 03-23-2022

# Database: 2022-03-15.3 (Local)

# Support: https://www.malwarebytes.com/support

# -------------------------------

# Mode: Scan

# -------------------------------

# Start: 06-05-2022

# Duration: 00:00:17

# OS: Windows 7 Professional

# Scanned: 32045

# Detected: 8

***** [ Services ] *****

PUP.Optional.Legacy updater

***** [ Folders ] *****

PUP.Optional.TweakBit C:\ProgramData\TweakBit

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.DriverAgent HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\download.driversupport.com

PUP.Optional.DriverAgent HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\driversupport.com

PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com

PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com

PUP.Optional.Legacy HKLM\Software\Wow6432Node\TWEAKBIT

PUP.Optional.TheBrightTag HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\thebrighttag.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

And

# -------------------------------

# Malwarebytes AdwCleaner 8.3.2.0

# -------------------------------

# Build: 03-23-2022

# Database: 2022-03-15.3 (Local)

# Support: https://www.malwarebytes.com/support

# -------------------------------

# Mode: Clean

# -------------------------------

# Start: 06-05-2022

# Duration: 00:00:04

# OS: Windows 7 Professional

# Cleaned: 8

# Failed: 0

***** [ Services ] *****

Deleted updater

***** [ Folders ] *****

Deleted C:\ProgramData\TweakBit

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com

Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\download.driversupport.com

Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\driversupport.com

Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com

Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\thebrighttag.com

Deleted HKLM\Software\Wow6432Node\TWEAKBIT

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys

[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2073 octets] - [05/06/2022 12:50:25]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

In the mean time another pop up. This time an ad from Disney for a game(?). All these popups have an address of

I didn't see anything obvious

Since you already have MalwareBytes onboard, open the app, check for updates and run a new scan.

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.
you can download AdwCleaner here: https://malwarebytes.com/adwcleaner

run AdwCleaner by clicking on Scan Now
when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
if it asks to reboot, allow the reboot
on reboot, click on View Log File; please attach the content of the log to your next reply.

============================================

Please post these 2 logs when finished.

all these pop-ups have an address of
en.softonic.com

Scan results:

# -------------------------------

# Malwarebytes AdwCleaner 8.3.2.0

# -------------------------------

# Build: 03-23-2022

# Database: 2022-03-15.3 (Local)

# Support: https://www.malwarebytes.com/support

#

# -------------------------------

# Mode: Scan

# -------------------------------

# Start: 06-05-2022

# Duration: 00:00:17

# OS: Windows 7 Professional

# Scanned: 32045

# Detected: 8

***** [ Services ] *****

PUP.Optional.Legacy updater

***** [ Folders ] *****

PUP.Optional.TweakBit C:\ProgramData\TweakBit

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.DriverAgent HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\download.driversupport.com

PUP.Optional.DriverAgent HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\driversupport.com

PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com

PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com

PUP.Optional.Legacy HKLM\Software\Wow6432Node\TWEAKBIT

PUP.Optional.TheBrightTag HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\thebrighttag.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Clean results.

# -------------------------------

# Malwarebytes AdwCleaner 8.3.2.0

# -------------------------------

# Build: 03-23-2022

# Database: 2022-03-15.3 (Local)

# Support: https://www.malwarebytes.com/support

#

# -------------------------------

# Mode: Clean

# -------------------------------

# Start: 06-05-2022

# Duration: 00:00:04

# OS: Windows 7 Professional

# Cleaned: 8

# Failed: 0

***** [ Services ] *****

Deleted updater

***** [ Folders ] *****

Deleted C:\ProgramData\TweakBit

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com

Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\download.driversupport.com

Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\driversupport.com

Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com

Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\thebrighttag.com

Deleted HKLM\Software\Wow6432Node\TWEAKBIT

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys

[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2073 octets] - [05/06/2022 12:50:25]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

In addition to all these pop-ups, there appears an ad banner at the bottom of a we page or a refresh web page. Most off the time it is a Contact (me) for help, etc. Do you guys allow .png files as attachments?

Edited by terryfelter, 05 June 2022 - 12:16 PM.

#5 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 06 June 2022 - 05:17 AM

Sounds like you need an ad blocker, we can start with that.

https://adblockplus.org/
The above is free and easy to use.

ESET Online Scanner:

Download ESET Online Scanner from the ESET website by clicking the ONE-TIME-SCAN button on that webpage
Double-click the esetonlinescanner.exe file you downloaded to run the application
Select product language
Click Get started and confirm the User access control dialog of Windows
In the Terms of use screen, click Accept if you agree to the Terms of use. After accepting the terms of use, the shortcut for ESET Online Scanner is created on the Desktop
Click Get started in the welcome screen
Select whether or not you want to join the Customer Experience Improvement Program, and whether or not to enable the feedback system, then click Continue
Select the Full Scan type
Select the choice to enable detections of potentially unwanted applications (PUA)
After the detection module updates are downloaded, the scan starts. Scan progress is shown via the progress bar along with the path and title of file being scanned. You can pause or cancel the scan at any time
Note: The scan make take several hours depending on how many files are on your computer..When the scan has finished and if threats have been detected, click Save scan log and save the text file with a unique name such as, ESET results.txt then click Continue.
Copy and paste the contents of this ESET results report into your next reply to me (If no threats were detected, you do not need to save the results)
The following steps are optional and are not required
- If there has been no ESET security product detected on your machine, and your user account has administrator privileges, ESET Online Scanner will offer you to turn on Periodic scan. This choice is up to you
- In the Thank you for using ESET Online Scanner screen you can rate the application and leave feedback. In addition, to delete all detection modules and settings of ESET Online Scanner configured in previous steps, select Delete application's data on closing
- Click Submit and close if you rated the application and/or left a feedback, or click Close without feedback
Click Finish to exit ESET Online Scanner

Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

After running the above scanner for remnants, tell me what the computer is doing now.

#6 terryfelter

Authentic Member

Authentic Member
210 posts

Posted 10 June 2022 - 03:37 PM

Running ESET currently. Downloaded adblockers, but haven't done anything with it yet. You never indicated whether .png files were allowed as attachments.

Edited by terryfelter, 10 June 2022 - 06:55 PM.

#7 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 10 June 2022 - 04:52 PM

Running ESET currently. Downloaded adblockers, but haven't done anything with it yet. You never indicated whether .png files were allowed as attachments.

We'll have to experiment with that

Usually it's saved to notepad and posted as an attachment.

#8 terryfelter

Authentic Member

Authentic Member
210 posts

Posted 11 June 2022 - 09:33 AM

I had to do the scan twice since I couldn't find the first file. I did quarantine some of the first scan. Here is the file. All the files seem to be ok.

ETA:

Ran adaware and nothing ominous in the scan.

Attached Files

Scan.txt 2.6KB 1403 downloads

Edited by terryfelter, 11 June 2022 - 09:37 AM.

#9 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 11 June 2022 - 11:40 AM

That should had made an improvement

How is the computer now.

#10 terryfelter

Authentic Member

Authentic Member
210 posts

Posted 11 June 2022 - 12:49 PM

Seems to be much better. The pop-ups have either stopped or at the very least reduced frequency. The banners at the bottom have also ceased(?).

Thanks

#11 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 12 June 2022 - 08:10 AM

You should be good to go.
Careful what you download to your computer,before installing, run it through a virus checker first
Virus Total (Recommended)
jotti.org
VirScan

Use this tool to remove quarantined items:

Please download KpRm by Kernel-panik and save to your Desktop.

Vista/Windows 7/8/10 users right-click and select Run As Administrator.

- Delete tools
- Delete now

Click on KpRm.exe to run the tool.
- Put a check mark next to these items:
- Click the "Run" button.
- When the tool has finished, it will create and open a log report and delete itself.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Answers to common security questions - Best Practices by quietman7, MVP
- How Malware Spreads - How did I get infected? by quietman7, MVP
- Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
- How to Prevent Malware by miekiemoes, MVP
- How to backup and restore your data using Cobian Backup by YourHighness
- Slow Computer/browser? It May Not Be Malware by quietman7, MVP
- AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
- CryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
- Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
- Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
- NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
- Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
- Secunia PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
- SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
- Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
For those interested in how to make a backup of your computer
https://forums.malwa...ackup-software/

#12 terryfelter

Authentic Member

Authentic Member
210 posts

Posted 16 June 2022 - 11:00 AM

Well deleted all of the steps it seems.

# Run at 6/16/2022 11:58:46 AM

# KpRm (Kernel-panik) version 2.9.3

# Website https://kernel-panik.me/tool/kprm/

# Run by Terry Felter from C:\Users\Terry Felter\Downloads

# Computer Name: TERRYFELTER-PC

# OS: Windows 7 X64 (7601) Service Pack 1

# Number of passes: 1

- Checked options -

~ Delete Tools

~ Delete Quarantines

- Delete Tools -

## AdwCleaner

[OK] C:\Users\Terry Felter\Downloads\adwcleaner.exe deleted

[OK] C:\AdwCleaner deleted

## ESET Online Scanner

[OK] C:\Users\Terry Felter\Desktop\ESET Online Scanner.lnk deleted

[OK] C:\Users\Terry Felter\Downloads\esetonlinescanner.exe deleted

[OK] C:\Users\Terry Felter\AppData\Local\ESET\ESETOnlineScanner deleted

## FRST

[OK] C:\Users\Terry Felter\Desktop\FRST64.exe deleted

[OK] C:\Users\Terry Felter\Downloads\Addition.txt deleted

[OK] C:\Users\Terry Felter\Downloads\FRST-OlderVersion deleted

[OK] C:\Users\Terry Felter\Downloads\FRST.txt deleted

[OK] C:\FRST deleted

-- KPRM finished in 9.45s --

#13 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 16 June 2022 - 12:29 PM

Correct.

You should be good to go.

#14 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 20 June 2022 - 10:28 AM

Glad we could help.

Since this issue appears resolved ... this Topic is closed.

Body Background

skin color theme

Starting a new thread & removal of en.softonic.com malware

#1 terryfelter

Advertisements

Register to Remove

#2 terryfelter

#3 Juliet

#4 terryfelter

#5 Juliet

#6 terryfelter

#7 Juliet

#8 terryfelter

Attached Files

#9 Juliet

#10 terryfelter

#11 Juliet

#12 terryfelter

#13 Juliet

#14 Juliet

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

Starting a new thread & removal of en.softonic.com malware

#1 terryfelter

Advertisements Register to Remove

#2 terryfelter

#3 Juliet

#4 terryfelter

#5 Juliet

#6 terryfelter

#7 Juliet

#8 terryfelter

Attached Files

#9 Juliet

#10 terryfelter

#11 Juliet

#12 terryfelter

#13 Juliet

#14 Juliet

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove