Recent posts

#1

Hi, Lisa.

Apologies for the way my previous post has been appeared on the screen. It seems that the forum's software messed up the formatting. Let's continue.   
   

AdwCleaner (Clean mode)

To proceed, please do the following:
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

In your next reply, please post:
  • The AdwCleaner[C0*].txt
  • Feedback: how is the computer running now? Any remaining issue/question/concern.

#2
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/27/23
Scan Time: 7:34 PM
Log File: db38e6b6-8d85-11ee-8557-8cec4b123e2a.json

-Software Information-
Version: 4.6.5.293
Components Version: 1.0.2181
Update Package Version: 1.0.77775
License: Trial

-System Information-
OS: Windows 10 (Build 18363.1556)
CPU: x64
File System: NTFS
User: LAPTOP-Q41MP6MQ\Angel

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 269397
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 22 min, 21 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
#3
It found the two PUP files--I didn't quarantine them. Here is the notepad:

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    11-27-2023
# Duration: 00:00:22
# OS:       Windows 10 (Build 18363.1556)
# Scanned:  32098
# Detected: 17


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.GetFormsPlus       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\freeforms.co
PUP.Optional.GetFormsPlus       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\freeforms.co
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.DellCommand|PowerManager   Folder   C:\Program Files (x86)\Common Files\DELL\COMMANDPOWERMANAGER
Preinstalled.DellCommand|PowerManager   Folder   C:\Program Files\DELL\COMMANDPOWERMANAGER
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\AUDIT
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\SUPPORTASSIST
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files\DELL\UPDATE
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATE
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE
Preinstalled.SmartByte   Folder   C:\Program Files\RIVET NETWORKS
Preinstalled.SmartByte   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB1DC2B5-E952-450D-98F6-9AF8FE68F80B} 
Preinstalled.SmartByte   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartByte Telemetry
Preinstalled.SmartByte   Task   C:\Windows\System32\Tasks\SMARTBYTE TELEMETRY



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
#4
Analysis and Malware Removal / Re: Internet surveillance aler...
Last post by DR M - November 27, 2023, 07:47:20 PM
    Good job,
Lisa.To ensure that everything is clean:1. Run AdwCleaner (scan only)Download AdwCleaner and save it to your desktop.
    • Double click AdwCleaner.exe to run it.
    • Click Scan Now.
      • When the scan has finished, a Scan Results window will open.
      • Click Cancel (at this point do not attempt to Quarantine anything that is found)
    • Now click the Log Files tab.
      • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
      • A Notepad file will open containing the results of the scan.
      • Please post the contents of the file in your next reply.
2. Run Malwarebytes (scan only)
    • Download Malwarebytes and save it to your Desktop.
    • Once downloaded, close all programs and Windows on your computer.
    • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
    • Follow the instructions to install the program.
    • When finished, double click the program's icon created on your Desktop.
    • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
      Code (auto:0) Select
      Under the title Scan Options, all the options are checked.
      Under the title Windows Security Center (Premium only) the option is NOT checked.
      Under the title Potentially unwanted items all options are set to Always.

    • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
    • When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below. If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
    • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
    • Find the report with the most recent date and double click on it.
    • Click on Export and then Copy to Clipboard.
    • Paste its content here, in your next reply.
In your next reply, please post:
    • The AdwCleaner[S0*].txt
    • The Malwarebytes report
#5
Analysis and Malware Removal / Re: Internet surveillance aler...
Last post by lisa20 - November 27, 2023, 07:28:11 PM
Fix result of Farbar Recovery Scan Tool (x64) Version: 05-11-2023 02
Ran by Angel (27-11-2023 13:42:51) Run:1
Running from C:\Users\Angel\Desktop
Loaded Profiles: Angel
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
Edge Notifications: Default -> hxxps://concerts.livenation.com; hxxps://www.beachbodyondemand.com; hxxps://www.facebook.com; hxxps://www.sephora.com; hxxps://www.tangeroutlet.com; hxxps://www.ticketmaster.com
CHR Notifications: Default -> hxxps://www.beachbodyondemand.com; hxxps://www.draftkings.com
HKLM-x32\...\Run: [] => [X]
Task: {D6E4032B-9810-4BE0-A3A0-0DA8312B3126} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Angel\OneDrive\Desktop\AdwCleaner.exe  /r (No File)
Task: {80E57743-1653-4115-A5F8-E52F2E3D2057} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Angel\OneDrive\Desktop\esetonlinescanner_enu (1).exe  LOGON (No File)
Task: {9E3728CA-1BB3-46C4-8FAA-4DCB0186A438} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Angel\OneDrive\Desktop\esetonlinescanner_enu (1).exe  SCHED (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
S3 MpKsldb0ad81e; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9A6EF2A8-E7CD-4634-87EA-2D27DAC2F9B9}\MpKslDrv.sys [X]
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Angel\AppData\Local\GoToMeeting\19228\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Angel\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19178.2\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\Angel\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
SearchScopes: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001 -> {E7B5BEF7-A830-43A7-858A-05667B872EEA} URL =
FirewallRules: [{6E8A4F54-6F86-43BD-9350-E47196E4DE22}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS28BE\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{B5C64A92-1A7E-4B25-827A-DAA53E7BACFD}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS28BE\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{9A1A5494-F9ED-4252-80D3-3894C4A60692}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS295B\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{27E854E2-D7C6-475B-9CD1-75C3BB7E8988}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS295B\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{2DD474BD-39EF-4A33-A490-0302BD8EF941}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS68BF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{83EF1896-B1DE-49A7-A92D-6D9C18954E56}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS68BF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{5D29B9B2-F209-49BA-AF7D-EB13291ECA5F}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS6DAA\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{7131EB1F-7C9F-403A-BBF0-66AD4E0EF3A3}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS6DAA\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{321D00A1-B58D-4A35-907B-A422036EF256}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS16EF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{B524FE52-59B4-4BBF-8247-E2FD16615CD4}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS16EF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [UDP Query User{F97E6D11-94C1-4C06-A306-8ABA8F74361C}C:\users\angel\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\angel\appdata\local\microsoft\teams\current\teams.exe => No File
FirewallRules: [{0C201ACD-7498-4572-BD88-45D40433C8E1}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS01F0\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{D57DBF49-9972-4C5A-89E7-3A03CBBA2851}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS01F0\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{9BDE6974-363F-42B0-8A35-BDD30AC0086F}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS14CF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{1E292E65-461D-4921-A25B-3A03C76F385B}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS14CF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{486BAE9B-F831-482C-9AD5-87AF06C98AE8}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS26BF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{3844EDFB-BBEA-4C42-AA15-C2C4DB777146}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS26BF\HPDiagnosticCoreUI.exe => No File
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
*****************

Restore point was successfully created.
Processes closed successfully.
"Edge Notifications" => removed successfully
"Chrome Notifications" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D6E4032B-9810-4BE0-A3A0-0DA8312B3126}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6E4032B-9810-4BE0-A3A0-0DA8312B3126}" => removed successfully
C:\WINDOWS\System32\Tasks\AdwCleaner_onReboot => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdwCleaner_onReboot" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{80E57743-1653-4115-A5F8-E52F2E3D2057}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80E57743-1653-4115-A5F8-E52F2E3D2057}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E3728CA-1BB3-46C4-8FAA-4DCB0186A438}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E3728CA-1BB3-46C4-8FAA-4DCB0186A438}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
MpKsldb0ad81e => service not found.
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309} => removed successfully
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92} => removed successfully
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a} => removed successfully
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E7B5BEF7-A830-43A7-858A-05667B872EEA} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6E8A4F54-6F86-43BD-9350-E47196E4DE22}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B5C64A92-1A7E-4B25-827A-DAA53E7BACFD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9A1A5494-F9ED-4252-80D3-3894C4A60692}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{27E854E2-D7C6-475B-9CD1-75C3BB7E8988}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2DD474BD-39EF-4A33-A490-0302BD8EF941}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{83EF1896-B1DE-49A7-A92D-6D9C18954E56}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5D29B9B2-F209-49BA-AF7D-EB13291ECA5F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7131EB1F-7C9F-403A-BBF0-66AD4E0EF3A3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{321D00A1-B58D-4A35-907B-A422036EF256}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B524FE52-59B4-4BBF-8247-E2FD16615CD4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F97E6D11-94C1-4C06-A306-8ABA8F74361C}C:\users\angel\appdata\local\microsoft\teams\current\teams.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0C201ACD-7498-4572-BD88-45D40433C8E1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D57DBF49-9972-4C5A-89E7-3A03CBBA2851}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9BDE6974-363F-42B0-8A35-BDD30AC0086F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1E292E65-461D-4921-A25B-3A03C76F385B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{486BAE9B-F831-482C-9AD5-87AF06C98AE8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3844EDFB-BBEA-4C42-AA15-C2C4DB777146}" => removed successfully

========= DISM /Online /Cleanup-Image /RestoreHealth =========


Deployment Image Servicing and Management tool
Version: 10.0.18362.1379

Image Version: 10.0.18363.1556


[==                         3.8%                           ]

[==                         3.8%                           ]

[==                         3.9%                           ]

[==                         4.1%                           ]

[==                         4.2%                           ]

[==                         4.5%                           ]

[==                         4.7%                           ]

[==                         4.9%                           ]

[==                         5.1%                           ]

[==                         5.1%                           ]

[===                        5.2%                           ]

[===                        5.5%                           ]

[===                        5.7%                           ]

[===                        5.7%                           ]

[===                        5.9%                           ]

[===                        6.0%                           ]

[===                        6.2%                           ]

[===                        6.3%                           ]

[===                        6.5%                           ]

[===                        6.6%                           ]

[===                        6.7%                           ]

[===                        6.9%                           ]

[====                       7.0%                           ]

[====                       7.2%                           ]

[====                       7.2%                           ]

[====                       7.3%                           ]

[====                       7.5%                           ]

[====                       7.6%                           ]

[====                       7.7%                           ]

[====                       7.9%                           ]

[====                       7.9%                           ]

[====                       8.2%                           ]

[====                       8.4%                           ]

[====                       8.6%                           ]

[=====                      8.8%                           ]

[=====                      9.1%                           ]

[=====                      9.3%                           ]

[=====                      9.5%                           ]

[=====                      9.6%                           ]

[=====                      9.8%                           ]

[=====                      10.0%                          ]

[=====                      10.1%                          ]

[=====                      10.3%                          ]

[======                     10.5%                          ]

[======                     10.6%                          ]

[======                     10.9%                          ]

[======                     10.9%                          ]

[======                     11.2%                          ]

[======                     11.3%                          ]

[======                     11.5%                          ]

[======                     11.6%                          ]

[======                     11.8%                          ]

[======                     11.8%                          ]

[=======                    12.2%                          ]

[=======                    12.2%                          ]

[=======                    12.4%                          ]

[=======                    12.5%                          ]

[=======                    12.6%                          ]

[=======                    12.8%                          ]

[=======                    13.0%                          ]

[=======                    13.1%                          ]

[=======                    13.3%                          ]

[=======                    13.4%                          ]

[=======                    13.7%                          ]

[========                   13.8%                          ]

[========                   14.0%                          ]

[========                   14.3%                          ]

[========                   14.4%                          ]

[========                   14.6%                          ]

[========                   14.9%                          ]

[========                   15.1%                          ]

[========                   15.4%                          ]

[=========                  15.5%                          ]

[=========                  15.6%                          ]

[=========                  15.9%                          ]

[=========                  16.2%                          ]

[=========                  16.2%                          ]

[=========                  16.5%                          ]

[=========                  16.6%                          ]

[=========                  16.9%                          ]

[=========                  17.1%                          ]

[=========                  17.2%                          ]

[==========                 17.4%                          ]

[==========                 17.7%                          ]

[==========                 17.8%                          ]

[==========                 18.0%                          ]

[==========                 18.2%                          ]

[==========                 18.6%                          ]

[==========                 18.6%                          ]

[==========                 18.8%                          ]

[==========                 18.9%                          ]

[==========                 18.9%                          ]

[===========                19.2%                          ]

[===========                19.5%                          ]

[===========                19.8%                          ]

[===========                20.0%                          ]

[===========                20.4%                          ]

[============               21.4%                          ]

[============               22.3%                          ]

[=============              22.8%                          ]

[=============              23.2%                          ]

[=============              23.6%                          ]

[=============              23.9%                          ]

[==============             24.3%                          ]

[==============             24.8%                          ]

[==============             25.1%                          ]

[==============             25.6%                          ]

[===============            26.2%                          ]

[===============            26.8%                          ]

[===============            27.3%                          ]

[================           27.8%                          ]

[================           28.1%                          ]

[================           28.2%                          ]

[================           28.8%                          ]

[================           28.8%                          ]

[================           29.1%                          ]

[================           29.1%                          ]

[=================          29.4%                          ]

[=================          29.7%                          ]

[=================          30.0%                          ]

[=================          30.3%                          ]

[=================          30.4%                          ]

[=================          30.5%                          ]

[=================          30.5%                          ]

[=================          30.6%                          ]

[=================          30.6%                          ]

[=================          30.7%                          ]

[=================          31.0%                          ]

[==================         31.1%                          ]

[==================         31.4%                          ]

[==================         31.6%                          ]

[==================         31.9%                          ]

[==================         32.2%                          ]

[==================         32.4%                          ]

[==================         32.8%                          ]

[===================        33.0%                          ]

[===================        33.3%                          ]

[===================        33.5%                          ]

[===================        33.8%                          ]

[===================        34.0%                          ]

[====================       34.5%                          ]

[====================       34.6%                          ]

[====================       34.8%                          ]

[====================       35.0%                          ]

[====================       35.2%                          ]

[====================       35.5%                          ]

[====================       35.7%                          ]

[====================       35.9%                          ]

[====================       36.2%                          ]

[=====================      36.5%                          ]

[=====================      36.5%                          ]

[=====================      36.7%                          ]

[=====================      37.0%                          ]

[=====================      37.1%                          ]

[=====================      37.5%                          ]

[=====================      37.7%                          ]

[======================     38.1%                          ]

[======================     38.3%                          ]

[======================     38.3%                          ]

[======================     38.6%                          ]

[======================     38.9%                          ]

[======================     39.1%                          ]

[======================     39.4%                          ]

[======================     39.6%                          ]

[=======================    40.0%                          ]

[=======================    40.1%                          ]

[=======================    40.1%                          ]

[=======================    40.2%                          ]

[=======================    40.3%                          ]

[=======================    40.4%                          ]

[=======================    40.5%                          ]

[=======================    40.9%                          ]

[=======================    41.1%                          ]

[=======================    41.2%                          ]

[=======================    41.3%                          ]

[=======================    41.4%                          ]

[========================   41.4%                          ]

[========================   41.6%                          ]

[========================   41.7%                          ]

[========================   41.7%                          ]

[========================   41.9%                          ]

[========================   42.0%                          ]

[========================   42.0%                          ]

[========================   42.0%                          ]

[========================   42.1%                          ]

[========================   42.2%                          ]

[========================   42.2%                          ]

[========================   42.3%                          ]

[========================   42.3%                          ]

[========================   42.5%                          ]

[========================   42.5%                          ]

[========================   42.6%                          ]

[========================   42.6%                          ]

[========================   42.6%                          ]

[========================   42.7%                          ]

[========================   42.8%                          ]

[========================   42.9%                          ]

[========================   42.9%                          ]

[========================   43.0%                          ]

[========================   43.0%                          ]

[========================   43.1%                          ]

[========================   43.1%                          ]

[=========================  43.2%                          ]

[=========================  43.2%                          ]

[=========================  43.3%                          ]

[=========================  43.4%                          ]

[=========================  43.5%                          ]

[=========================  43.5%                          ]

[=========================  43.5%                          ]

[=========================  43.6%                          ]

[=========================  43.8%                          ]

[=========================  43.8%                          ]

[=========================  44.0%                          ]

[=========================  44.1%                          ]

[=========================  44.2%                          ]

[=========================  44.2%                          ]

[=========================  44.2%                          ]

[=========================  44.3%                          ]

[=========================  44.4%                          ]

[=========================  44.5%                          ]

[=========================  44.6%                          ]

[=========================  44.6%                          ]

[=========================  44.7%                          ]

[=========================  44.8%                          ]

[========================== 44.8%                          ]

[========================== 44.9%                          ]

[========================== 45.1%                          ]

[========================== 45.1%                          ]

[========================== 45.2%                          ]

[========================== 45.4%                          ]

[========================== 45.4%                          ]

[========================== 45.6%                          ]

[========================== 45.6%                          ]

[========================== 45.7%                          ]

[========================== 45.8%                          ]

[========================== 45.9%                          ]

[========================== 45.9%                          ]

[========================== 46.0%                          ]

[========================== 46.0%                          ]

[========================== 46.2%                          ]

[========================== 46.4%                          ]

[===========================46.6%                          ]

[===========================46.7%                          ]

[===========================46.9%                          ]

[===========================46.9%                          ]

[===========================47.2%                          ]

[===========================47.3%                          ]

[===========================47.6%                          ]

[===========================47.8%                          ]

[===========================47.9%                          ]

[===========================47.9%                          ]

[===========================48.1%                          ]

[===========================48.2%                          ]

[===========================48.5%                          ]

[===========================48.5%                          ]

[===========================48.8%                          ]

[===========================48.9%                          ]

[===========================49.1%                          ]

[===========================49.4%                          ]

[===========================49.4%                          ]

[===========================49.4%                          ]

[===========================49.5%                          ]

[===========================49.6%                          ]

[===========================49.9%                          ]

[===========================50.0%                          ]

[===========================50.3%                          ]

[===========================50.6%                          ]

[===========================50.9%                          ]

[===========================51.2%                          ]

[===========================51.5%                          ]

[===========================51.8%                          ]

[===========================51.8%                          ]

[===========================52.1%                          ]

[===========================52.4%                          ]

[===========================52.9%                          ]

[===========================53.4%                          ]

[===========================53.9%                          ]

[===========================54.5%                          ]

[===========================54.7%                          ]

[===========================55.0%                          ]

[===========================55.5%                          ]

[===========================55.8%                          ]

[===========================55.9%                          ]

[===========================56.1%                          ]

[===========================56.1%                          ]

[===========================56.2%                          ]

[===========================56.2%                          ]

[===========================56.2%                          ]

[===========================56.2%                          ]

[===========================56.2%                          ]

[===========================56.2%                          ]

[===========================56.2%                          ]

[===========================56.3%                          ]

[===========================56.3%                          ]

[===========================56.4%                          ]

[===========================56.4%                          ]

[===========================56.5%                          ]

[===========================56.5%                          ]

[===========================56.5%                          ]

[===========================56.5%                          ]

[===========================56.5%                          ]

[===========================56.5%                          ]

[===========================56.5%                          ]

[===========================56.6%                          ]

[===========================56.6%                          ]

[===========================56.6%                          ]

[===========================56.7%                          ]

[===========================56.7%                          ]

[===========================56.8%                          ]

[===========================56.8%                          ]

[===========================56.8%                          ]

[===========================56.8%                          ]

[===========================56.8%                          ]

[===========================56.8%                          ]

[===========================56.9%=                         ]

[===========================56.9%=                         ]

[===========================56.9%=                         ]

[===========================57.0%=                         ]

[===========================57.0%=                         ]

[===========================57.0%=                         ]

[===========================57.1%=                         ]

[===========================57.1%=                         ]

[===========================57.1%=                         ]

[===========================57.1%=                         ]

[===========================57.1%=                         ]

[===========================57.1%=                         ]

[===========================57.1%=                         ]

[===========================57.2%=                         ]

[===========================57.2%=                         ]

[===========================57.2%=                         ]

[===========================57.3%=                         ]

[===========================57.3%=                         ]

[===========================57.4%=                         ]

[===========================57.4%=                         ]

[===========================57.4%=                         ]

[===========================57.4%=                         ]

[===========================57.4%=                         ]

[===========================57.4%=                         ]

[===========================57.5%=                         ]

[===========================57.5%=                         ]

[===========================57.6%=                         ]

[===========================57.6%=                         ]

[===========================57.6%=                         ]

[===========================57.7%=                         ]

[===========================57.7%=                         ]

[===========================57.7%=                         ]

[===========================57.7%=                         ]

[===========================57.8%=                         ]

[===========================57.8%=                         ]

[===========================57.8%=                         ]

[===========================58.0%=                         ]

[===========================58.0%=                         ]

[===========================58.0%=                         ]

[===========================58.0%=                         ]

[===========================58.1%=                         ]

[===========================58.4%=                         ]

[===========================58.4%=                         ]

[===========================58.7%==                        ]

[===========================59.4%==                        ]

[===========================59.5%==                        ]

[===========================60.2%==                        ]

[===========================62.3%====                      ]

[===========================84.9%=================         ]

[==========================100.0%==========================]
The restore operation completed successfully.
The operation completed successfully.


========= End of CMD: =========


========= SFC /scannow =========



Beginning system scan.  This process will take some time.



Beginning verification phase of system scan.


Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.


Windows Resource Protection did not find any integrity violations.



========= End of CMD: =========


=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 2097152 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 45262210 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 45318213 B
Edge => 22784737 B
Chrome => 558027451 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 150984721 B
systemprofile32 => 150984721 B
LocalService => 151083219 B
NetworkService => 412235239 B
Angel => 691849780 B
defaultuser100000 => 692650581 B

RecycleBin => 107554015 B
EmptyTemp: => 2.8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:19:36 ====
#6
Analysis and Malware Removal / Re: Internet surveillance aler...
Last post by DR M - November 25, 2023, 07:11:50 PM
Hi, Lisa.

I see that you run the chkdsk utility regularly. There is no reason to do that.

The result is shown in these words:

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

However, I'm glad you made a backup. As soon as an issue appears with the disk, you never know when it completely fails.

Moving on. Please, make sure you moved FRST tool from your Downloads folder on to your Desktop.

1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code (auto:0) Select
Start::
CreateRestorePoint:
CloseProcesses:
Edge Notifications: Default -> hxxps://concerts.livenation.com; hxxps://www.beachbodyondemand.com; hxxps://www.facebook.com; hxxps://www.sephora.com; hxxps://www.tangeroutlet.com; hxxps://www.ticketmaster.com
CHR Notifications: Default -> hxxps://www.beachbodyondemand.com; hxxps://www.draftkings.com
HKLM-x32\...\Run: [] => [X]
Task: {D6E4032B-9810-4BE0-A3A0-0DA8312B3126} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Angel\OneDrive\Desktop\AdwCleaner.exe  /r (No File)
Task: {80E57743-1653-4115-A5F8-E52F2E3D2057} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Angel\OneDrive\Desktop\esetonlinescanner_enu (1).exe  LOGON (No File)
Task: {9E3728CA-1BB3-46C4-8FAA-4DCB0186A438} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Angel\OneDrive\Desktop\esetonlinescanner_enu (1).exe  SCHED (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
S3 MpKsldb0ad81e; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9A6EF2A8-E7CD-4634-87EA-2D27DAC2F9B9}\MpKslDrv.sys [X]
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Angel\AppData\Local\GoToMeeting\19228\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Angel\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19178.2\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\Angel\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
SearchScopes: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001 -> {E7B5BEF7-A830-43A7-858A-05667B872EEA} URL =
FirewallRules: [{6E8A4F54-6F86-43BD-9350-E47196E4DE22}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS28BE\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{B5C64A92-1A7E-4B25-827A-DAA53E7BACFD}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS28BE\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{9A1A5494-F9ED-4252-80D3-3894C4A60692}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS295B\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{27E854E2-D7C6-475B-9CD1-75C3BB7E8988}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS295B\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{2DD474BD-39EF-4A33-A490-0302BD8EF941}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS68BF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{83EF1896-B1DE-49A7-A92D-6D9C18954E56}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS68BF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{5D29B9B2-F209-49BA-AF7D-EB13291ECA5F}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS6DAA\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{7131EB1F-7C9F-403A-BBF0-66AD4E0EF3A3}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS6DAA\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{321D00A1-B58D-4A35-907B-A422036EF256}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS16EF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{B524FE52-59B4-4BBF-8247-E2FD16615CD4}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS16EF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [UDP Query User{F97E6D11-94C1-4C06-A306-8ABA8F74361C}C:\users\angel\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\angel\appdata\local\microsoft\teams\current\teams.exe => No File
FirewallRules: [{0C201ACD-7498-4572-BD88-45D40433C8E1}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS01F0\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{D57DBF49-9972-4C5A-89E7-3A03CBBA2851}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS01F0\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{9BDE6974-363F-42B0-8A35-BDD30AC0086F}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS14CF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{1E292E65-461D-4921-A25B-3A03C76F385B}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS14CF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{486BAE9B-F831-482C-9AD5-87AF06C98AE8}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS26BF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{3844EDFB-BBEA-4C42-AA15-C2C4DB777146}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS26BF\HPDiagnosticCoreUI.exe => No File
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.
#7
Analysis and Malware Removal / Re: Internet surveillance aler...
Last post by lisa20 - November 25, 2023, 06:00:36 PM
Hello! Okay! I saved my files elsewhere. I restarted my computer but had issues logging in--it gave me an error message that I'm not signed in... However, I was able to finish the last step and receive this notepad content:

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 11/25/2023 12:50:12 PM >------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 97518
Source Name: Chkdsk
Time Written: 11-23-2023 @ 15:20:59
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 1.4 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 97075
Source Name: Chkdsk
Time Written: 11-20-2023 @ 15:25:59
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x168,0x18c5>" ... no corruption found.

1 corruption record processed in 0.4 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 96548
Source Name: Chkdsk
Time Written: 11-17-2023 @ 00:16:28
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 95185
Source Name: Chkdsk
Time Written: 11-11-2023 @ 00:55:42
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.3 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 94120
Source Name: Chkdsk
Time Written: 11-02-2023 @ 23:27:36
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.2 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 93568
Source Name: Chkdsk
Time Written: 10-26-2023 @ 22:39:38
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.8 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 92998
Source Name: Chkdsk
Time Written: 10-21-2023 @ 00:06:38
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.3 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 91582
Source Name: Chkdsk
Time Written: 10-10-2023 @ 00:03:45
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.2 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 90657
Source Name: Chkdsk
Time Written: 09-30-2023 @ 18:19:39
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.3 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 90206
Source Name: Chkdsk
Time Written: 09-21-2023 @ 23:26:55
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.5 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 89354
Source Name: Chkdsk
Time Written: 09-07-2023 @ 21:51:46
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 87577
Source Name: Chkdsk
Time Written: 08-17-2023 @ 23:30:38
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.2 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 86190
Source Name: Chkdsk
Time Written: 08-01-2023 @ 01:13:42
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 85472
Source Name: Chkdsk
Time Written: 07-14-2023 @ 21:47:22
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.5 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 83900
Source Name: Chkdsk
Time Written: 06-23-2023 @ 18:21:16
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.2 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 82931
Source Name: Chkdsk
Time Written: 06-13-2023 @ 21:29:13
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 81864
Source Name: Chkdsk
Time Written: 05-26-2023 @ 12:43:35
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 79128
Source Name: Chkdsk
Time Written: 05-06-2023 @ 17:46:57
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x168,0x18c5>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 74853
Source Name: Chkdsk
Time Written: 03-11-2023 @ 14:10:14
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 1.2 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 73124
Source Name: Chkdsk
Time Written: 02-14-2023 @ 06:10:42
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.3 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 71847
Source Name: Chkdsk
Time Written: 01-21-2023 @ 00:16:16
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 68705
Source Name: Chkdsk
Time Written: 12-08-2022 @ 01:32:03
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.9 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 68156
Source Name: Chkdsk
Time Written: 11-27-2022 @ 23:32:22
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x168,0x18c5>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-Q41MP6MQ
Event Code: 26228
Record Number: 67689
Source Name: Chkdsk
Time Written: 11-24-2022 @ 00:55:50
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume3

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x37,0x18c4>" ... no corruption found.

1 corruption record processed in 0.4 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
#8
LandzDown Lounge / Re: Happy Thanksgiving LzD Fri...
Last post by Boz - November 24, 2023, 08:00:47 PM
I hope everyone had a wonderful Thanksgiving!
#9
LandzDown Lounge / Re: Happy Thanksgiving LzD Fri...
Last post by winchester73 - November 23, 2023, 08:47:00 PM
Perform a random act of kindness today!
#10
LandzDown Lounge / Re: Happy Thanksgiving LzD Fri...
Last post by DR M - November 23, 2023, 05:42:34 PM
Happy Thanksgiving, my dear LzD Friends from the USA!