Tech Support Guy banner
Cancel
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

Have I been hacked?

721 Views 61 Replies 2 Participants Last post by  DR.M
A
Hi, and thank you for any help you can give. A lot of craziness has been going on with my computer. Strange popups; sites I use often not recognizing my user name or/and passwords. Often used sites keep asking me to register my device, like for my bank or when paying my utilities, then send me an email that there was a login attempt; email account flooded with junk mail which I keep blocking and putting in junk mail folder. Hard drive running at 100%. Microsoft security says that there have been multiple attempts to access my account from Russia, China, etc.

I included a screenshot of the popup that keeps showing up on certain sites. It even showed up on bleeping computer's site when I went to download farbar. I had to reload the page and it didn't show up the next time.

Product Rectangle Azure Font Screenshot


This has me a little freaked out right now so any help that anyone can give will be greatly appreciated. Thanks.
See less See more
Reply
Save
Like
1 - 20 of 62 Posts
A
Hi, sorry for the delay. Just got home from work.

Attachments

Reply
Save
Like
A
I tried copying and pasting the contents of both and this site won't let me do it.
Reply
Save
Like
A
DR.M said:
EDIT: I posted here by mistake. So I deleted my post. Apologies, anamandy.
Click to expand...
Hi, that's okay. I did adhere to the guidelines and did put FRST on my desktop before running it. Both the reports are on my desktop too.
Reply
Save
Like
A
Thanks. A product update was just done so I have to run a new scan which I am doing now. I will attach all 3 when it is done.
Reply
Save
Like
A
DR.M said:
No, i don’t want you to scan now. Just follow step 3 above, to apply the fix.
Click to expand...
When I press fix I got the message that there was no fixlist.txt found. The fixlist.txt should be in same folder/directory the tool is located.
What am I doing wrong?

The scan result and the addition are both on my desktop.
Reply
Save
Like
A
Okay, I figured it out. I had to click on the fixlist attachment above. Sorry.
Reply
Save
Like
A
Oh geez, windows would have to do an update in the middle of this all. Anyway, here is what you asked for -

Attachments

Reply
Save
Like
A
Just want to add that looking at the results of that scan, I do not have Avira or McAfee yet I see them listed.
Reply
Save
Like
A
Right after I did what you asked for my computer shut down and I thought it was doing a windows update. But checking my updates and I see that no updates were done today. Did FRST reboot my computer?
Reply
Save
Like
A
Hi, sorry, just got back home.

Attachments

Reply
Save
Like
A
Sorry, I sent FRST to the Desktop instead of moving it.

Here is the AdwCleaner results
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 05-22-2023
# Duration: 00:00:35
# OS: Windows 10 (Build 19044.2965)
# Scanned: 32098
# Detected: 35


* [ Services ] *

No malicious services found.

* [ Folders ] *

PUP.Optional.Legacy C:\Users\lovet\Documents\TotalAV
PUP.Optional.PCProtect C:\ProgramData\SecuritySuite

* [ Files ] *

PUP.Optional.TotalAV C:\Users\lovet\Downloads\TOTALAV_SETUP.EXE

* [ DLL ] *

No malicious DLLs found.

* [ WMI ] *

No malicious WMI found.

* [ Shortcuts ] *

No malicious shortcuts found.

* [ Tasks ] *

No malicious tasks found.

* [ Registry ] *

PUP.Optional.PCProtect HKCU\Software\SSProtect
PUP.Optional.PCProtect HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService
PUP.Optional.TotalAV HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\Software\Classes\totalav

* [ Chromium (and derivatives) ] *

No malicious Chromium entries found.

* [ Chromium URLs ] *

No malicious Chromium URLs found.

* [ Firefox (and derivatives) ] *

No malicious Firefox entries found.

* [ Firefox URLs ] *

No malicious Firefox URLs found.

* [ Hosts File Entries ] *

No malicious hosts file entries found.

* [ Preinstalled Software ] *

Preinstalled.CyberLinkService Folder C:\Program Files (x86)\CYBERLINK\SHARED FILES\PLUGIN\NEWBLUE
Preinstalled.CyberLinkShellExtension Registry HKLM\Software\Classes\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2}
Preinstalled.DellHelp&Support Folder C:\Program Files\DELL\DELL HELP & SUPPORT
Preinstalled.DellHelp&Support Folder C:\ProgramData\DELL\DELL HELP & SUPPORT
Preinstalled.DellSupportAssistAgent Folder C:\Program Files (x86)\DELL\SUPPORTASSISTAGENT
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AGENT
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AUDIT
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SUPPORTASSISTAGENT
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SAREMEDIATION\AGENT
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SUPPORTASSIST
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\SUPPORTASSIST
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT
Preinstalled.DellSupportAssistAgent Folder C:\Users\lovet\Documents\DELL\SUPPORTASSIST
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74FAF088-72C0-489A-9ECB-7D96FEC255E7}
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74FAF088-72C0-489A-9ECB-7D96FEC255E7}
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
Preinstalled.DellSupportAssistAgent Task C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10 Folder C:\Program Files\DELL\UPDATE
Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE
Preinstalled.SmartByte Folder C:\Program Files\RIVET NETWORKS
Preinstalled.SmartByte Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DF29CEF-81A1-4AE8-BF2C-39C9555BAD3E}
Preinstalled.SmartByte Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartByte Telemetry
Preinstalled.SmartByte Task C:\Windows\System32\Tasks\SMARTBYTE TELEMETRY



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
See less See more
Reply
Save
Like
A
Malaware scan -
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/22/23
Scan Time: 12:59 PM
Log File: 0de82cba-f8c2-11ed-89a4-f8da0c596286.json

-Software Information-
Version: 4.5.29.268
Components Version: 1.0.2022
Update Package Version: 1.0.69834
License: Trial

-System Information-
OS: Windows 10 (Build 19044.2965)
CPU: x64
File System: NTFS
User: DESKTOP-9OU62RP\lovet

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 297962
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 25 min, 59 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.Chromnius, C:\USERS\LOVET\DOWNLOADS\SETUP.EXE, No Action By User, 16659, 1127395, 1.0.69834, , ame, , 8626D60B3010832E06F0B55A97835A48, 29AA8A3EA05A3E2A4161E47CE65F3AFF0343C66F9ADD8CA167353D989176C3BF

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
See less See more
Reply
Save
Like
A
Adware - (no prompt showed up to restart the computer. Should I restart it myself? These are the logs before restart.)
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-22-2023
# Duration: 00:00:23
# OS: Windows 10 (Build 19044.2965)
# Cleaned: 9
# Failed: 0


[ Services ]

No malicious services cleaned.

[ Folders ]

Deleted C:\ProgramData\SecuritySuite
Deleted C:\Users\lovet\Documents\TotalAV

[ Files ]

Deleted C:\Users\lovet\Downloads\TOTALAV_SETUP.EXE

[ DLL ]

No malicious DLLs cleaned.

[ WMI ]

No malicious WMI cleaned.

[ Shortcuts ]

No malicious shortcuts cleaned.

[ Tasks ]

No malicious tasks cleaned.

[ Registry ]

Deleted HKCU\Software\SSProtect
Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\Software\Classes\totalav
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService

[ Chromium (and derivatives) ]

No malicious Chromium entries cleaned.

[ Chromium URLs ]

No malicious Chromium URLs cleaned.

[ Firefox (and derivatives) ]

No malicious Firefox entries cleaned.

[ Firefox URLs ]

No malicious Firefox URLs cleaned.

[ Hosts File Entries ]

No malicious hosts file entries cleaned.

[ Preinstalled Software ]

No Preinstalled Software cleaned.


*

[+] Delete Tracing Keys
[+] Reset Winsock

*

AdwCleaner[S00].txt - [4788 octets] - [22/05/2023 12:28:32]
AdwCleaner[S01].txt - [4849 octets] - [22/05/2023 14:03:04]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
See less See more
Reply
Save
Like
A
DR.M said:
Hi, anamandy.

Let's clean the detected items now.

1. AdwCleaner (Clean mode)

The findings in Files, Folders and Registry parts of the log, are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I do not keep anything I don't use/need. But it's your computer, so your decision.

To proceed, please do the following:
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

2. Run Malwarebytes (Clean mode)
  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code: 
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is unchecked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

In your next reply, please post:
  1. The AdwCleaner[C0*].txt
  2. The Malwarebytes report
  3. Feedback: how is the computer running now?
Click to expand...
DR.M said:
Hi, anamandy.

Let's clean the detected items now.

1. AdwCleaner (Clean mode)

The findings in Files, Folders and Registry parts of the log, are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I do not keep anything I don't use/need. But it's your computer, so your decision.

To proceed, please do the following:
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

2. Run Malwarebytes (Clean mode)
  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code: 
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is unchecked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

In your next reply, please post:
  1. The AdwCleaner[C0*].txt
  2. The Malwarebytes report
  3. Feedback: how is the computer running now?
Click to expand...
Adware logs after computer restart -
DR.M said:
Hi, anamandy.

Let's clean the detected items now.

1. AdwCleaner (Clean mode)

The findings in Files, Folders and Registry parts of the log, are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I do not keep anything I don't use/need. But it's your computer, so your decision.

To proceed, please do the following:
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

2. Run Malwarebytes (Clean mode)
  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code: 
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is unchecked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

In your next reply, please post:
  1. The AdwCleaner[C0*].txt
  2. The Malwarebytes report
  3. Feedback: how is the computer running now?
Click to expand...
Adware logs after restart -
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-22-2023
# Duration: 00:00:23
# OS: Windows 10 (Build 19044.2965)
# Cleaned: 9
# Failed: 0


* [ Services ] *

No malicious services cleaned.

* [ Folders ] *

Deleted C:\ProgramData\SecuritySuite
Deleted C:\Users\lovet\Documents\TotalAV

* [ Files ] *

Deleted C:\Users\lovet\Downloads\TOTALAV_SETUP.EXE

* [ DLL ] *

No malicious DLLs cleaned.

* [ WMI ] *

No malicious WMI cleaned.

* [ Shortcuts ] *

No malicious shortcuts cleaned.

* [ Tasks ] *

No malicious tasks cleaned.

* [ Registry ] *

Deleted HKCU\Software\SSProtect
Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\Software\Classes\totalav
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService

* [ Chromium (and derivatives) ] *

No malicious Chromium entries cleaned.

* [ Chromium URLs ] *

No malicious Chromium URLs cleaned.

* [ Firefox (and derivatives) ] *

No malicious Firefox entries cleaned.

* [ Firefox URLs ] *

No malicious Firefox URLs cleaned.

* [ Hosts File Entries ] *

No malicious hosts file entries cleaned.

* [ Preinstalled Software ] *

No Preinstalled Software cleaned.


*

[+] Delete Tracing Keys
[+] Reset Winsock

*

AdwCleaner[S00].txt - [4788 octets] - [22/05/2023 12:28:32]
AdwCleaner[S01].txt - [4849 octets] - [22/05/2023 14:03:04]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
See less See more
Reply
Save
Like
A
Here is the malwarebytes after quarantine and reboot -
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/22/23
Scan Time: 2:31 PM
Log File: dea806b6-f8ce-11ed-b2f0-f8da0c596286.json

-Software Information-
Version: 4.5.29.268
Components Version: 1.0.2022
Update Package Version: 1.0.69836
License: Trial

-System Information-
OS: Windows 10 (Build 19044.2965)
CPU: x64
File System: NTFS
User: DESKTOP-9OU62RP\lovet

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 298088
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 24 min, 20 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.Chromnius, C:\USERS\LOVET\DOWNLOADS\SETUP.EXE, Quarantined, 16659, 1127395, 1.0.69836, , ame, , 8626D60B3010832E06F0B55A97835A48, 29AA8A3EA05A3E2A4161E47CE65F3AFF0343C66F9ADD8CA167353D989176C3BF

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
See less See more
Reply
Save
Like
A
Hi, and thank you so much for all your help. Yes, the computer is running much better and I no longer feel like I am being tracked or misdirected. Does this mean that my system is now clean?

I am just curious to know why McAfee and Avira showed up in the logs if I no longer have them on my computer. I not only use the Add/Remove program to get rid of unwanted software, but I also use WinDirStat to do a deep clean to get rid of the remaining traces. Should I worry about this? Also, should I get rid of the software that you told me to install or do I keep it on and keep using it?

One final thing, my sister is having the same issue with her computer. I went to her house to help her last week and aside from running the virus scan and a SuperAntiSpyware that removed hundreds of adware, it is still running slow. Can I use these same tools to clean her system?
Reply
Save
Like
A
I was going to wait on the update until Microsoft automatically installs it in their updates. I'm waiting to see if people who have already updated are having any issues. Usually, Microsoft addresses those issues before they roll it out to everyone.

I wonder if Microsoft is going to be doing the upgrade on systems that are running the S version. I have an ACER SPIN that is running that.

Should I create a Windows Installation Media Disc in case I have a future issue where I have to reinstall the program? If so, should I use a CD or DVD?

Yes, I would appreciate instructions to remove the apps and create a new restore point.

I will go to my sister's house on my next day off and start a new thread for that. I will do all of the above first part of your message to me so that you can at least get an idea of what is going on and what tools you need to fix the issues.

I might not be able to get back to you today. I have to go to work and won't be home until late tonight. But if you leave the instruction, I will use them when I get home and get back to you tomorrow.

Thanks Again!
See less See more
Reply
Save
Like
A
Hi, Thank you so much. Operation accomplished.

# Run at 5/25/2023 1:58:37 PM
# KpRm (Kernel-panik) version 2.14.0
# Website https://kernel-panik.me/tool/kprm/
# Run by lovet from C:\Users\lovet\Desktop
# Computer Name: DESKTOP-9OU62RP
# OS: Windows 10 X64 (19044) (10.0.19044.2965)
# Number of passes: 1

- Checked options -

~ Registry Backup
~ Delete Tools
~ Restore System Settings
~ UAC Restore
~ Delete Restore Points
~ Create Restore Point
~ Delete Quarantines

- Create Registry Backup -

~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
~ [OK] Hive C:\Users\lovet\NTUSER.dat backed up

[OK] Registry Backup: C:\KPRM\backup\2023-05-25-13-58-37

- Delete Tools -


## AdwCleaner
[OK] C:\Users\lovet\Downloads\AdwCleaner (1).exe deleted
[OK] C:\Users\lovet\Downloads\AdwCleaner (2).exe deleted
[OK] C:\Users\lovet\Downloads\AdwCleaner.exe deleted
[OK] C:\AdwCleaner deleted

## DDS
[OK] C:\Users\lovet\Downloads\dds.com deleted

## FRST
[OK] C:\Users\lovet\Desktop\Addition.txt deleted
[OK] C:\Users\lovet\Desktop\fixlist.txt deleted
[OK] C:\Users\lovet\Desktop\Fixlog.txt deleted
[OK] C:\Users\lovet\Desktop\FRST-OlderVersion deleted
[OK] C:\Users\lovet\Desktop\FRST.txt deleted
[OK] C:\Users\lovet\Desktop\FRST64.exe deleted
[OK] C:\Users\lovet\Downloads\fixlist.txt deleted
[OK] C:\FRST deleted

## Malwarebytes Anti-Rootkit
[OK] C:\Users\lovet\Desktop\mbar deleted
[OK] C:\Users\lovet\Downloads\Software\mbar-1.10.3.1001.exe deleted

## Rkill
[OK] C:\Users\lovet\Downloads\rkill.exe deleted

- Restore System Settings -

[OK] Reset WinSock
[OK] FLUSHDNS
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files

- Restore UAC -

[OK] Set EnableLUA with default (1) value
[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

~ [OK] RP named Scheduled Checkpoint created at 05/19/2023 18:05:42 deleted
~ [OK] RP named Restore Point Created by FRST created at 05/21/2023 23:59:01 deleted
~ [OK] RP named after tech support created at 05/24/2023 16:52:08 deleted
[OK] All system restore points have been successfully deleted

- Create Restore Point -

[OK] System Restore Point created

- Display System Restore Point -

~ RP named KpRm created at 05/25/2023 17:59:46

-- KPRM finished in 140.70s --
See less See more
Reply
Save
Like
A
Thank you so much for your help. I really appreciate it. My computer is running so much better right now and I no longer feel like my every move is being tracked. I have to go to work later this afternoon, but I plan to stop by my sister's house and at least get the FSK done. I will post it under a new thread. Once again, thank you!
Reply
Save
Like
1 - 20 of 62 Posts
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking
Top