Hacker?: Accounts accessed?--receive code via text for two-factor verification

Started by lisa20, February 20, 2020, 12:20:23 AM

Previous topic - Next topic

0 Members and 3 Guests are viewing this topic.

lisa20

Thank you all! Here are the results:

# -------------------------------
# Malwarebytes AdwCleaner 8.0.2.0
# -------------------------------
# Build:    01-27-2020
# Database: 2020-02-17.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    02-22-2020
# Duration: 00:00:20
# OS:       Windows 10 Home
# Scanned:  34851
# Detected: 33


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.EasySpeedCheck     HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\easyspeedtest.co
PUP.Optional.EasySpeedCheck     HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\heasyspeedtest.co
PUP.Optional.EasySpeedCheck     HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\results.heasyspeedtest.co
PUP.Optional.EasySpeedCheck     HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\easyspeedtest.co
PUP.Optional.EasySpeedCheck     HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\heasyspeedtest.co
PUP.Optional.EasySpeedCheck     HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\results.heasyspeedtest.co
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\openspeedtest.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yourtango.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yourtango.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\openspeedtest.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yourtango.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yourtango.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.DellCommand|PowerManager   Folder   C:\Program Files\DELL\COMMANDPOWERMANAGER
Preinstalled.DellCommand|PowerManager   Folder   C:\ProgramData\DELL\COMMANDPOWERMANAGER
Preinstalled.DellCommand|PowerManager   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{18469ED8-8C36-4CF7-BD43-0FC9B1931AF8}
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\SUPPORTASSIST
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATE
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATE
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\UPDATE
Preinstalled.DellUpdateforWindows10   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{5EBBC1DA-975F-44A0-B438-F325BCD45577}
Preinstalled.SmartByte   Folder   C:\Program Files\RIVET NETWORKS
Preinstalled.SmartByte   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIVET NETWORKS
Preinstalled.SmartByte   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01497B93-3735-400C-B56C-B9D6792995CB} 
Preinstalled.SmartByte   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartByte Telemetry
Preinstalled.SmartByte   Task   C:\Windows\System32\Tasks\SMARTBYTE TELEMETRY



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Corrine

Hi, Lisa.

First to explain what is in the log:

The top group of findings by AdwCleaner are PUPs which stands for Potentionally Unwanted Programs.  In the instructions below, I will list them all to be removed.

The section at the bottom under "Preinstalled Software" is software that was apparently installed when the device was new.  Note, for example "Dell Power Manager" and Dell Support Agent Assistant, which you may or may not use.  The non-Dell items, however, I've never seen before.  Rivet Networks creates networking software and Smartbyte is apparently software developed by Rivet Networks.  Feel free to keep or remove the "Preinstalled Software".

To proceed, please do the following:

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now
  • When the scan has finished a Scan Results window will open.
  • Please check the following boxes and then click Quarantine
Quote
PUP.Optional.EasySpeedCheck     HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\easyspeedtest.co
PUP.Optional.EasySpeedCheck     HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\heasyspeedtest.co
PUP.Optional.EasySpeedCheck     HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\results.heasyspeedtest.co
PUP.Optional.EasySpeedCheck     HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\easyspeedtest.co
PUP.Optional.EasySpeedCheck     HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\heasyspeedtest.co
PUP.Optional.EasySpeedCheck     HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\results.heasyspeedtest.co
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\openspeedtest.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yourtango.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yourtango.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\openspeedtest.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yourtango.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yourtango.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com


    • Click Next
    • If any pre-installed software was found on your machine, a prompt window will open ...

      • Check any pre-installed software items you want to remove.  It is your PC so if you wish to keep them, feel free to do so.  However, if you use them or are unsure, feel free to NOT select any of them.
      • Click Quarantine
    • A prompt to save your work will appear ...

      • Click Continue when you're ready to proceed.
    • A prompt to restart your computer will appear ...

      • Click Restart Now
    • Once your computer has restarted ...

      • If it doesn't open automatically, please start ADWCleaner ...
      • Click the Log Files tab ...
      • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
      • A Notepad file will open containing the results of the removal.
      • Please post the contents of the file in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

lisa20

Thank you again, Corrine! I haven't had any issues again. I kept Rivet because I had no idea.

Here are the "clean" results:

# -------------------------------
# Malwarebytes AdwCleaner 8.0.2.0
# -------------------------------
# Build:    01-27-2020
# Database: 2020-02-17.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    02-23-2020
# Duration: 00:00:07
# OS:       Windows 10 Home
# Cleaned:  18
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\easyspeedtest.co
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\heasyspeedtest.co
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\openspeedtest.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\results.heasyspeedtest.co
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yourtango.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yourtango.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\easyspeedtest.co
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\heasyspeedtest.co
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\openspeedtest.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\results.heasyspeedtest.co
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yourtango.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yourtango.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

  • Delete Tracing Keys
  • Reset Winsock

    *************************

    AdwCleaner[S00].txt - [7112 octets] - [22/02/2020 17:36:49]
    AdwCleaner[S01].txt - [7173 octets] - [23/02/2020 06:08:58]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Corrine

QuoteI haven't had any issues again.
Great news but lets do one final check with an ESET online scan.

Please do a scan with ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • Click on Get Started.
  • Another window will appear - select Get Started. Select whether you would like to send anonymous data to ESET.
  • Click on the Full Scan option.
  • Click on the option to Enable ESET to detect and remove potentially unwanted applications, and select Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop with a name like ESETlog.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • On your desktop, a file will be created called ESETlog.txt. Open it, then copy and paste its contents into your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

lisa20

Hello! I just finished the ESET online scan. After I closed it, I do not have the ESETlog.txt. It didn't find anything. Also, there are three ESET logos on my desktop. Any suggestions?


Corrine



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

lisa20

I can right click and delete them. However, what about the ESETlog.txt? It took my computer hours to run. I would rather not run it again if I may or may not get the logs. Should I do anything else?

Corrine

Since ESET didn't find anything, then you don't need to scan with it again.

Is there any reason why you haven't upgraded from Windows 10 Version 1809 to Version 1909 that was released in November?  The next version will likely be released within a couple months.

The following tool will remove the tools we used as well as reset system restore points:

Please download KpRm by kernel-panik and save it to your desktop.


  • Right-click kprm_(version).exe and select Run as Administrator.
  • When the tool opens, ensure all boxes are checked, and select Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

lisa20

Thank you! There isn't a reason I haven't upgraded to Win 10 Version 1909. I don't think my computer has offered it.

There are still icons on my desktop like Malwarebytes. Here are the results:

Run at 2/25/2020 10:48:51 PM
# KpRm (Kernel-panik) version 2.7
# Website https://kernel-panik.me/tool/kprm/
# Run by Angel from C:\Users\Angel\OneDrive\Desktop
# Computer Name: LAPTOP-Q41MP6MQ
# OS: Windows 10 X64 (17763)
# Number of passes: 1

- Checked options -

    ~ Delete Tools
    ~ Restore System Settings
    ~ UAC Restore
    ~ Delete Restore Points
    ~ Create Restore Point
    ~ Delete Quarantines

- Delete Tools -


  ## AdwCleaner
     [R] C:\Users\Angel\OneDrive\Desktop\AdwCleaner.exe deleted
     [OK] C:\AdwCleaner deleted

  ## ESET Online Scanner
     [OK] C:\Users\Angel\AppData\Local\ESET\ESETOnlineScanner deleted

  ## FRST
     [OK] C:\Users\Angel\OneDrive\Desktop\Addition.txt deleted
     [OK] C:\Users\Angel\OneDrive\Desktop\Fixlog.txt deleted
     [OK] C:\Users\Angel\OneDrive\Desktop\FRST.txt deleted
     [OK] C:\Users\Angel\OneDrive\Desktop\FRST64.exe deleted
     [OK] C:\FRST deleted

- Restore System Settings -

     [OK] Reset WinSock
     [OK] FLUSHDNS
     [OK] Hide Hidden file.
     [OK] Show Extensions for known file types
     [OK] Hide protected operating system files

- Restore UAC -

     [OK] Set EnableLUA with default (1) value
     [OK] Set ConsentPromptBehaviorAdmin with default (5) value
     [OK] Set ConsentPromptBehaviorUser with default (3) value
     [OK] Set EnableInstallerDetection with default (0) value
     [OK] Set EnableSecureUIAPaths with default (1) value
     [OK] Set EnableUIADesktopToggle with default (0) value
     [OK] Set EnableVirtualization with default (1) value
     [OK] Set FilterAdministratorToken with default (0) value
     [OK] Set PromptOnSecureDesktop with default (1) value
     [OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

   ~ [OK] RP named Windows Update created at 02/12/2020 11:42:43 deleted
   ~ [OK] RP named Windows Update created at 02/19/2020 01:16:51 deleted
     [OK] All system restore points have been successfully deleted

- Create Restore Point -

     [OK] System Restore Point created

- Display System Restore Point -

   ~ RP named KpRm created at 02/26/2020 03:49:15

-- KPRM finished in 84.12s --


- Need to Restart -


Corrine

Malwarebytes isn't removed by that tool since it is an extremely popular application used for scanning systems for malware.  If you do not wish to keep it installed, it can be uninstalled from Control Panel\Programs\Programs and Features. 

As to updating to the current version of Windows 10, I was concentrating on 1909 and realized that your PC is actually two versions behind as Version 1903 was released last spring and 1909 in the fall.  The end of service for Version 1809 is May 12, 2020.  Please see the instructions provided by Greg Carmack at windows update from 1809 to 1909 windows 10 - Microsoft Community.  I've "known" Greg for many years and know his instructions are good.  Let us know if you are unable to complete the upgrade and I will provide further advice on where you can obtain assistance.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

lisa20

Hello! Please do not respond until later this week. I've been postponing my response again. This isn't urgent because I just keep avoiding update my system. Weeks ago, I clicked on https://answers.microsoft.com/en-us/windows/forum/all/windows-update-from-1809-to-1909-windows-10/1e753a03-1368-49e4-9e21-d33868f18972
I started having issues again. I had to abort several times--it took minutes for only like 10% or less progress. I couldn't get anything updated. In addition, I've been getting a few emails stating my accounts have been closed because of activity which I think our spams/virus emails. I even had issues with my internet server and now should have protection. I'm unsure what I clicked on but unable to updated my windows. Should I start removing everything or run another analysis?

Thank you again!

Corrine

Hi, Lisa.

Quote from: lisa20 on April 12, 2020, 11:33:36 PM
I started having issues again. I had to abort several times--it took minutes for only like 10% or less progress. I couldn't get anything updated.
To actually see ~10% progress in minutes is actually good.  When updating, I've actually not seen any progress and then was suddenly prompted to restart.  Upgrading the Operating System takes time. 

Quote from: lisa20 on April 12, 2020, 11:33:36 PMIn addition, I've been getting a few emails stating my accounts have been closed because of activity which I think our spams/virus emails.
Phishing attempts definitely seem to be on the increase lately.  First, consider whether any of your accounts have outstanding payments due.  When you open the email, do you see the full address -- not just the company name but the full email address?  Consider, for example, an email I received that showed it was from service@intl.paypal.com.  I knew it was a phishing attempt, PayPal logo in the email and all.  The actual from address was ser‎vi‎ce@intl.p‎ay‎‎pal.c‎om <customer-htqxnmvr1312280@noreply.com> (reported as phishing and blocked)





Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

winchester73

If memory serves, it took about an hour to upgrade from 1809 to 1903, and that was on a solid state laptop.  It took probably 15 minutes longer for my other one which has a spinning hard drive.  The upgrade from 1903 to 1909 went fairly quickly since it wasn't as big an update.  You're going from 1809 to 1909 so I should think an hour isn't unreasonable.

You are doing a rather major upgrade, so it may not go as quickly as you think it should.  Times will vary widely depending on how much updating your computer needs, your download speed, age of hardware, etc.

There are a lot of phishing attempts for Amazon Prime at the moment, sent by crooks trying to steal info.  The emails look legit with the logo, etc, but the sending email address is something besides amazon.com
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

lisa20

Thank you both for responses/comments! I started the update again last night--it took at least 2 hrs... It seems to be fine so far... I will definitely keep coding them as junk but use phishing too. It does feel like hackers are getting aggressive and disguising the emails/texts. They almost look very legit. I'll keep being careful!

Corrine

I'm glad you got the updated version.  Expect another next month. :)

Quote from: lisa20 on April 19, 2020, 07:30:57 PM
It does feel like hackers are getting aggressive and disguising the emails/texts. They almost look very legit.
They certainly are!


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.