Have I been hacked?

Hi, anamandy.

Let's clean the detected items now.

1. AdwCleaner (Clean mode)

The findings in Files, Folders and Registry parts of the log, are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I do not keep anything I don't use/need. But it's your computer, so your decision.

To proceed, please do the following:

• Double click AdwCleaner.exe on your Desktop, to run it as you did before.
• Click Scan Now.
• When the scan has finished a Scan Results window will open.
• Please check all the boxes and then click Quarantine.
• Click Next.
  • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
  • Check any pre-installed software items you want to remove.
  • Click Quarantine.
• A prompt to save your work will appear.
  • Click Continue when you're ready to proceed.
• A prompt to restart your computer will appear.
  • Click Restart Now.
• Once your computer has restarted:
  • If it doesn't open automatically, please start AdwCleaner.
  • Click the Log Files tab.
  • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
  • A Notepad file will open containing the results of the removal.
  • Please post the contents of the file in your next reply.

2. Run Malwarebytes (Clean mode)

• Double click the program's icon on your Desktop, as you did before.
• Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
  
  Code:

  Under the title Scan Options, all the options are checked.
  Under the title Windows Security Center (Premium only) the option is unchecked.
  Under the title Potentially unwanted items all options are set to Always.

• Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
• When finished, you will see the Thread Scan Summary window open.
• If threats are not found, click View Report and proceed to the two last steps below.
• If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
• You may need to restart the computer.
• Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
• Find the report with the most recent date and double click on it.
• Click on Export and then Copy to Clipboard.
• Paste its content here, in your next reply.

In your next reply, please post:

1. The AdwCleaner[C0*].txt
2. The Malwarebytes report
3. Feedback: how is the computer running now?

Adware - (no prompt showed up to restart the computer. Should I restart it myself? These are the logs before restart.)
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-22-2023
# Duration: 00:00:23
# OS: Windows 10 (Build 19044.2965)
# Cleaned: 9
# Failed: 0


[ Services ]

No malicious services cleaned.

[ Folders ]

Deleted C:\ProgramData\SecuritySuite
Deleted C:\Users\lovet\Documents\TotalAV

[ Files ]

Deleted C:\Users\lovet\Downloads\TOTALAV_SETUP.EXE

[ DLL ]

No malicious DLLs cleaned.

[ WMI ]

No malicious WMI cleaned.

[ Shortcuts ]

No malicious shortcuts cleaned.

[ Tasks ]

No malicious tasks cleaned.

[ Registry ]

Deleted HKCU\Software\SSProtect
Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\Software\Classes\totalav
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService

[ Chromium (and derivatives) ]

No malicious Chromium entries cleaned.

[ Chromium URLs ]

No malicious Chromium URLs cleaned.

[ Firefox (and derivatives) ]

No malicious Firefox entries cleaned.

[ Firefox URLs ]

No malicious Firefox URLs cleaned.

[ Hosts File Entries ]

No malicious hosts file entries cleaned.

[ Preinstalled Software ]

No Preinstalled Software cleaned.


*

[+] Delete Tracing Keys
[+] Reset Winsock

*

AdwCleaner[S00].txt - [4788 octets] - [22/05/2023 12:28:32]
AdwCleaner[S01].txt - [4849 octets] - [22/05/2023 14:03:04]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

DR.M said:

Hi, anamandy.

Let's clean the detected items now.

1. AdwCleaner (Clean mode)

The findings in Files, Folders and Registry parts of the log, are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I do not keep anything I don't use/need. But it's your computer, so your decision.

To proceed, please do the following:

• Double click AdwCleaner.exe on your Desktop, to run it as you did before.
• Click Scan Now.
• When the scan has finished a Scan Results window will open.
• Please check all the boxes and then click Quarantine.
• Click Next.
  • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
  • Check any pre-installed software items you want to remove.
  • Click Quarantine.
• A prompt to save your work will appear.
  • Click Continue when you're ready to proceed.
• A prompt to restart your computer will appear.
  • Click Restart Now.
• Once your computer has restarted:
  • If it doesn't open automatically, please start AdwCleaner.
  • Click the Log Files tab.
  • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
  • A Notepad file will open containing the results of the removal.
  • Please post the contents of the file in your next reply.

2. Run Malwarebytes (Clean mode)

• Double click the program's icon on your Desktop, as you did before.
• Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
  
  Code:

  Under the title Scan Options, all the options are checked.
  Under the title Windows Security Center (Premium only) the option is unchecked.
  Under the title Potentially unwanted items all options are set to Always.

• Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
• When finished, you will see the Thread Scan Summary window open.
• If threats are not found, click View Report and proceed to the two last steps below.
• If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
• You may need to restart the computer.
• Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
• Find the report with the most recent date and double click on it.
• Click on Export and then Copy to Clipboard.
• Paste its content here, in your next reply.

In your next reply, please post:

1. The AdwCleaner[C0*].txt
2. The Malwarebytes report
3. Feedback: how is the computer running now?

Click to expand...

DR.M said:

Hi, anamandy.

Let's clean the detected items now.

1. AdwCleaner (Clean mode)

The findings in Files, Folders and Registry parts of the log, are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I do not keep anything I don't use/need. But it's your computer, so your decision.

To proceed, please do the following:

• Double click AdwCleaner.exe on your Desktop, to run it as you did before.
• Click Scan Now.
• When the scan has finished a Scan Results window will open.
• Please check all the boxes and then click Quarantine.
• Click Next.
  • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
  • Check any pre-installed software items you want to remove.
  • Click Quarantine.
• A prompt to save your work will appear.
  • Click Continue when you're ready to proceed.
• A prompt to restart your computer will appear.
  • Click Restart Now.
• Once your computer has restarted:
  • If it doesn't open automatically, please start AdwCleaner.
  • Click the Log Files tab.
  • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
  • A Notepad file will open containing the results of the removal.
  • Please post the contents of the file in your next reply.

2. Run Malwarebytes (Clean mode)

• Double click the program's icon on your Desktop, as you did before.
• Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
  
  Code:

  Under the title Scan Options, all the options are checked.
  Under the title Windows Security Center (Premium only) the option is unchecked.
  Under the title Potentially unwanted items all options are set to Always.

• Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
• When finished, you will see the Thread Scan Summary window open.
• If threats are not found, click View Report and proceed to the two last steps below.
• If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
• You may need to restart the computer.
• Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
• Find the report with the most recent date and double click on it.
• Click on Export and then Copy to Clipboard.
• Paste its content here, in your next reply.

In your next reply, please post:

1. The AdwCleaner[C0*].txt
2. The Malwarebytes report
3. Feedback: how is the computer running now?

Click to expand...

Adware logs after computer restart -

DR.M said:

Hi, anamandy.

Let's clean the detected items now.

1. AdwCleaner (Clean mode)

The findings in Files, Folders and Registry parts of the log, are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I do not keep anything I don't use/need. But it's your computer, so your decision.

To proceed, please do the following:

• Double click AdwCleaner.exe on your Desktop, to run it as you did before.
• Click Scan Now.
• When the scan has finished a Scan Results window will open.
• Please check all the boxes and then click Quarantine.
• Click Next.
  • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
  • Check any pre-installed software items you want to remove.
  • Click Quarantine.
• A prompt to save your work will appear.
  • Click Continue when you're ready to proceed.
• A prompt to restart your computer will appear.
  • Click Restart Now.
• Once your computer has restarted:
  • If it doesn't open automatically, please start AdwCleaner.
  • Click the Log Files tab.
  • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
  • A Notepad file will open containing the results of the removal.
  • Please post the contents of the file in your next reply.

2. Run Malwarebytes (Clean mode)

• Double click the program's icon on your Desktop, as you did before.
• Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
  
  Code:

  Under the title Scan Options, all the options are checked.
  Under the title Windows Security Center (Premium only) the option is unchecked.
  Under the title Potentially unwanted items all options are set to Always.

• Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
• When finished, you will see the Thread Scan Summary window open.
• If threats are not found, click View Report and proceed to the two last steps below.
• If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
• You may need to restart the computer.
• Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
• Find the report with the most recent date and double click on it.
• Click on Export and then Copy to Clipboard.
• Paste its content here, in your next reply.

In your next reply, please post:

1. The AdwCleaner[C0*].txt
2. The Malwarebytes report
3. Feedback: how is the computer running now?

Click to expand...

Adware logs after restart -
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-22-2023
# Duration: 00:00:23
# OS: Windows 10 (Build 19044.2965)
# Cleaned: 9
# Failed: 0


* [ Services ] *

No malicious services cleaned.

* [ Folders ] *

Deleted C:\ProgramData\SecuritySuite
Deleted C:\Users\lovet\Documents\TotalAV

* [ Files ] *

Deleted C:\Users\lovet\Downloads\TOTALAV_SETUP.EXE

* [ DLL ] *

No malicious DLLs cleaned.

* [ WMI ] *

No malicious WMI cleaned.

* [ Shortcuts ] *

No malicious shortcuts cleaned.

* [ Tasks ] *

No malicious tasks cleaned.

* [ Registry ] *

Deleted HKCU\Software\SSProtect
Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\Software\Classes\totalav
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService

* [ Chromium (and derivatives) ] *

No malicious Chromium entries cleaned.

* [ Chromium URLs ] *

No malicious Chromium URLs cleaned.

* [ Firefox (and derivatives) ] *

No malicious Firefox entries cleaned.

* [ Firefox URLs ] *

No malicious Firefox URLs cleaned.

* [ Hosts File Entries ] *

No malicious hosts file entries cleaned.

* [ Preinstalled Software ] *

No Preinstalled Software cleaned.


*

[+] Delete Tracing Keys
[+] Reset Winsock

*

AdwCleaner[S00].txt - [4788 octets] - [22/05/2023 12:28:32]
AdwCleaner[S01].txt - [4849 octets] - [22/05/2023 14:03:04]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Here is the malwarebytes after quarantine and reboot -
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/22/23
Scan Time: 2:31 PM
Log File: dea806b6-f8ce-11ed-b2f0-f8da0c596286.json

-Software Information-
Version: 4.5.29.268
Components Version: 1.0.2022
Update Package Version: 1.0.69836
License: Trial

-System Information-
OS: Windows 10 (Build 19044.2965)
CPU: x64
File System: NTFS
User: DESKTOP-9OU62RP\lovet

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 298088
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 24 min, 20 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.Chromnius, C:\USERS\LOVET\DOWNLOADS\SETUP.EXE, Quarantined, 16659, 1127395, 1.0.69836, , ame, , 8626D60B3010832E06F0B55A97835A48, 29AA8A3EA05A3E2A4161E47CE65F3AFF0343C66F9ADD8CA167353D989176C3BF

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Hi, anamandy. I'm glad to hear that the computer is running fine now.

When a program is not correctly uninstalled, remnants are kept in the system. That's why Avira and McAfee were still there. I recommend Revo Uninstaller Free when you want to uninstall an antivirus program.

As to your sister, we must check her system like we did with yours to clean it. It's not just the same tools' usage. FRST tool makes much more than a diagnosis. I'll be glad to help her too.

Now...

Before we remove the tools we used, I have to tell you that the only remaining issue is that you are running in version 21H2 which expires in less than a month. When this happens, your system won't be getting security updates.

In case you want to upgrade now:

• Go to this Microsoft page and under the title Create Windows 10 installation media press on Download tool now.
• Save the tool on your Desktop and double click to run it.
• On the License terms page, if you accept the license terms, select Accept.
• On the What do you want to do page, select Upgrade this PC now, and then select Next.
• Follow the instructions and select Keep personal files and apps, when you are asked to.
• It might take a couple of hours, depending on your wifi speed connection, to install Windows 10. Your PC will restart a few times. Make sure you don’t turn off your PC.
• After downloading and installing, the tool will walk you through how to set up Windows 10 on your PC.

In case you don't want to upgrade now, let me know to give you instructions to remove the tools we used and create a new restore point.

I was going to wait on the update until Microsoft automatically installs it in their updates. I'm waiting to see if people who have already updated are having any issues. Usually, Microsoft addresses those issues before they roll it out to everyone.

I wonder if Microsoft is going to be doing the upgrade on systems that are running the S version. I have an ACER SPIN that is running that.

Should I create a Windows Installation Media Disc in case I have a future issue where I have to reinstall the program? If so, should I use a CD or DVD?

Yes, I would appreciate instructions to remove the apps and create a new restore point.

I will go to my sister's house on my next day off and start a new thread for that. I will do all of the above first part of your message to me so that you can at least get an idea of what is going on and what tools you need to fix the issues.

I might not be able to get back to you today. I have to go to work and won't be home until late tonight. But if you leave the instruction, I will use them when I get home and get back to you tomorrow.

Thanks Again!

Hi!

Apologies for the delay. I was very busy the previous days.

I'll try to reply to your questions.

anamandy said:

I was going to wait on the update until Microsoft automatically installs it in their updates. I'm waiting to see if people who have already updated are having any issues. Usually, Microsoft addresses those issues before they roll it out to everyone.

I wonder if Microsoft is going to be doing the upgrade on systems that are running the S version. I have an ACER SPIN that is running that.

Click to expand...

There was a restriction regarding the updates in your computer. That's why you didn't get any notification about them. Since the version you are running now comes to its end of life, I recommend you to upgrade as soon as possible. The same applies to version S.

anamandy said:

Should I create a Windows Installation Media Disc in case I have a future issue where I have to reinstall the program? If so, should I use a CD or DVD?

Click to expand...

Not necessary to do an installation media now, but it's always useful when a severe system issue appears.

anamandy said:

I will go to my sister's house on my next day off and start a new thread for that. I will do all of the above first part of your message to me so that you can at least get an idea of what is going on and what tools you need to fix the issues.

Click to expand...

The best you can do is run an FRST scan, open a new topic here and attach the 2 logs (FRST and Addition). We will continue from there.

I would prefer you to run the upgrade before we move the tools. Sometimes issues occur, and FRST is always useful. However, if you don't want to upgrade now, here are the instructions to remove the tools and create a fresh restore point:

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

• Right-click kprm_(version).exe and select Run as Administrator.
• Read and accept the disclaimer.
• When the tool opens, ensure all boxes under Actions are checked.
• Under Delete Quarantines select Delete Now, then click Run.
• Once complete, click OK.
• A log will open in Notepad titled kprm-(date).txt.
• Please copy and paste its contents in your next reply.

Hi, Thank you so much. Operation accomplished.

# Run at 5/25/2023 1:58:37 PM
# KpRm (Kernel-panik) version 2.14.0
# Website https://kernel-panik.me/tool/kprm/
# Run by lovet from C:\Users\lovet\Desktop
# Computer Name: DESKTOP-9OU62RP
# OS: Windows 10 X64 (19044) (10.0.19044.2965)
# Number of passes: 1

- Checked options -

~ Registry Backup
~ Delete Tools
~ Restore System Settings
~ UAC Restore
~ Delete Restore Points
~ Create Restore Point
~ Delete Quarantines

- Create Registry Backup -

~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
~ [OK] Hive C:\Users\lovet\NTUSER.dat backed up

[OK] Registry Backup: C:\KPRM\backup\2023-05-25-13-58-37

- Delete Tools -


## AdwCleaner
[OK] C:\Users\lovet\Downloads\AdwCleaner (1).exe deleted
[OK] C:\Users\lovet\Downloads\AdwCleaner (2).exe deleted
[OK] C:\Users\lovet\Downloads\AdwCleaner.exe deleted
[OK] C:\AdwCleaner deleted

## DDS
[OK] C:\Users\lovet\Downloads\dds.com deleted

## FRST
[OK] C:\Users\lovet\Desktop\Addition.txt deleted
[OK] C:\Users\lovet\Desktop\fixlist.txt deleted
[OK] C:\Users\lovet\Desktop\Fixlog.txt deleted
[OK] C:\Users\lovet\Desktop\FRST-OlderVersion deleted
[OK] C:\Users\lovet\Desktop\FRST.txt deleted
[OK] C:\Users\lovet\Desktop\FRST64.exe deleted
[OK] C:\Users\lovet\Downloads\fixlist.txt deleted
[OK] C:\FRST deleted

## Malwarebytes Anti-Rootkit
[OK] C:\Users\lovet\Desktop\mbar deleted
[OK] C:\Users\lovet\Downloads\Software\mbar-1.10.3.1001.exe deleted

## Rkill
[OK] C:\Users\lovet\Downloads\rkill.exe deleted

- Restore System Settings -

[OK] Reset WinSock
[OK] FLUSHDNS
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files

- Restore UAC -

[OK] Set EnableLUA with default (1) value
[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

~ [OK] RP named Scheduled Checkpoint created at 05/19/2023 18:05:42 deleted
~ [OK] RP named Restore Point Created by FRST created at 05/21/2023 23:59:01 deleted
~ [OK] RP named after tech support created at 05/24/2023 16:52:08 deleted
[OK] All system restore points have been successfully deleted

- Create Restore Point -

[OK] System Restore Point created

- Display System Restore Point -

~ RP named KpRm created at 05/25/2023 17:59:46

-- KPRM finished in 140.70s --

Great!

Now your computer is clean, here are some final tips about your computer's security from now on:

Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It has been stated that "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.

3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

4. Be careful about what you download and what you open!

• Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
• Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
• Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
• Do not open any files without being certain of what they are!

5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

6. Registry cleaners/driver boosters/system optimizers
I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

7. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

8. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

9. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled. You have now the built-in Windows antivirus, Windows Defender. Together with Malwarebytes, if you run it occasionally, depending on how often you use your computer, can keep you safe.

Happy safe computing.


I'm glad I was able to help you.

Thank you so much Dr. M. I went to my sister's house and her computer is so badly infected that it took me over an hour just to boot it up and download the FRST tool. It is running right now, and I went home to communicate with you here because it was just taking too long there. One thing I noticed though, when I went to bleepingcomputer the popup that occurred on my computer, and still does, did not pop up on hers. I think that is how I got infected in the first place because this popup really looks like it is a part of the website, and it is not. Is there anyway to get rid of this so it stops popping up when I go to various legitimate sites?

Yes, it happens when I am on edge (that's the only browser I am using now). As far as the rest of the computer, everything is running great. It is only when I go on certain sites, like bleeping computer, that I get that popup. I am in no rush either as I am busy. I am going to stop by my sisters house in a little while before I go to work and will start a new post of My Sister's Very Infected Computer with the FRST info attached. Just so you know.

Oh, one other thing. Malawarebytes is still on my desktop. Do I just delete it or do I remove it through add/remove programs?

Once again, thank you for all your help.

Edit to add - I thought this issue was fixed with the popup. It was only when I went on bleeping computer to copy the address of the software that I saw this popup again. That was after my last message to you. When I went to my sister's computer and tried bleeping computer there and didn't have that popup occur I realized that it wasn't part of the site but was an actual phishing popup that was still infecting Edge on my computer.