Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Potential Spyware [Closed]

Started by drewowens , Feb 12 2022 05:10 PM
spyware

  • This topic is locked This topic is locked

#1
drewowens
Posted 12 February 2022 - 05:10 PM

drewowens

    Member

  • Member
  • PipPip
  • 24 posts

I believe someone might of manually installed spyware on my computer to monitor my correspondence, emails, text messages and web activity. Any help in verifying if this is true would be greatly appreciated. 


  • 0

Advertisements

#2
DR M
Posted 13 February 2022 - 04:03 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

Hello.
 
The first thing you must do, when there is clear evidence that your computer is compromised, is to change passwords for all the accounts you are using, from a healthy machine. 
 
After that, we can check the computer for malware.
 
To start with:

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)


  • 0

#3
drewowens
Posted 13 February 2022 - 07:51 AM

drewowens

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Hello.
 
The first thing you must do, when there is clear evidence that your computer is compromised, is to change passwords for all the accounts you are using, from a healthy machine. 
 
After that, we can check the computer for malware.
 
To start with:

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)

 

Files attached to this post. Thank you for responding. 

Attached Files


Edited by drewowens, 13 February 2022 - 07:52 AM.

  • 0

#4
DR M
Posted 13 February 2022 - 08:42 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

Thanks for the logs. I will review them and be back to you in a couple of hours. 

 

In the meantime...

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.


  • 0

#5
DR M
Posted 13 February 2022 - 10:03 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

Hi.
 
You have so many programs in your computer. Please, make sure that you have a valid product key for each one, meaning that none of them is pirated/cracked. Have in mind that having such programs installed is the best and easiest way to infect the computer with malware. Thus, no need to clean the computer now, since, soon or later it will get infected. In case any program has no valid licence/key, please uninstall it/them at step 2. 

 
1. FRST fix

Please do the following to run a FRST fix. First, move the FRST tool on to your Desktop. 

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{041F9391-C79D-44EE-AA4E-AF4E029C4B47}\InprocServer32 -> C:\Users\Drew Owens\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{0BB081A8-ECD3-34B5-B232-00A308865649}\InprocServer32 -> C:/Users/Drew Owens/AppData/Local/Yesware/Yesware for Outlook/Yesware.Office.Outlook.Addin.DLL => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Drew Owens\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{20D0D6F8-3AC7-3AA6-9FD6-9855CAD175D0}\InprocServer32 -> C:/Users/Drew Owens/AppData/Local/Yesware/Yesware for Outlook/Yesware.Office.Outlook.Addin.DLL => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{2174CB39-6088-31F0-B0A8-19BB891F7AA1}\InprocServer32 -> C:/Users/Drew Owens/AppData/Local/Yesware/Yesware for Outlook/Yesware.Office.Outlook.Addin.DLL => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{2542B805-4FD4-325E-97E0-E5D46F3AC692}\InprocServer32 -> C:/Users/Drew Owens/AppData/Local/Yesware/Yesware for Outlook/Yesware.Office.Outlook.Addin.DLL => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{38BCD7F4-6B38-3506-9969-2066F7F8BFEE}\InprocServer32 -> C:/Users/Drew Owens/AppData/Local/Yesware/Yesware for Outlook/Yesware.Office.Outlook.Addin.DLL => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{40022DCF-934F-3568-9855-CDB4A1527594}\InprocServer32 -> C:/Users/Drew Owens/AppData/Local/Yesware/Yesware for Outlook/Yesware.Office.Outlook.Addin.DLL => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\Drew Owens\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{46D23B22-925B-36F6-9FBB-4D5C6F238879}\InprocServer32 -> C:/Users/Drew Owens/AppData/Local/Yesware/Yesware for Outlook/Yesware.Office.Outlook.Addin.DLL => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{486CCA0E-AB9F-3060-9342-EDFF643D6C19}\InprocServer32 -> C:/Users/Drew Owens/AppData/Local/Yesware/Yesware for Outlook/Yesware.Office.Outlook.Addin.DLL => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\Drew Owens\AppData\Local\Google\Update\1.3.35.422\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Drew Owens\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Drew Owens\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{63D6035E-9E5F-4238-B4EE-42A511C4DBCF}\InprocServer32 -> C:\Users\Drew Owens\AppData\Local\Yesware\Yesware for Outlook\adxloader64.dll => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\Drew Owens\AppData\Local\Google\Update\1.3.36.32\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Drew Owens\AppData\Local\GoToMeeting\16786\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\Drew Owens\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\Drew Owens\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652}\InprocServer32 -> C:\Users\Drew Owens\AppData\Local\Google\Update\1.3.36.92\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{8B5CF381-6470-31A9-8B39-4B1703F4C0F2}\InprocServer32 -> C:/Users/Drew Owens/AppData/Local/Yesware/Yesware for Outlook/Yesware.Office.Outlook.Addin.DLL => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{8B8BE938-B5A8-343F-B524-A84FB29DC613}\InprocServer32 -> C:/Users/Drew Owens/AppData/Local/Yesware/Yesware for Outlook/Yesware.Office.Outlook.Addin.DLL => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Drew Owens\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Drew Owens\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Drew Owens\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{AF3D772A-92D3-34B9-817F-D0D4762C9372}\InprocServer32 -> C:/Users/Drew Owens/AppData/Local/Yesware/Yesware for Outlook/Yesware.Office.Outlook.Addin.DLL => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{AFDB8763-6DFF-3E96-AC9D-1385729CEDF2}\InprocServer32 -> C:/Users/Drew Owens/AppData/Local/Yesware/Yesware for Outlook/Yesware.Office.Outlook.Addin.DLL => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{B33DAF52-1793-3B84-ACC0-AF031676DB87}\InprocServer32 -> C:/Users/Drew Owens/AppData/Local/Yesware/Yesware for Outlook/Yesware.Office.Outlook.Addin.DLL => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\Drew Owens\AppData\Local\Workspace\wbetoolsax64.dll => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE}\InprocServer32 -> C:\Users\Drew Owens\AppData\Local\Google\Update\1.3.36.102\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{C522C8D0-F685-3BFA-9149-F87ABD30E313}\InprocServer32 -> C:/Users/Drew Owens/AppData/Local/Yesware/Yesware for Outlook/Yesware.Office.Outlook.Addin.DLL => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 -> C:\Users\Drew Owens\AppData\Local\Google\Update\1.3.36.82\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 -> C:\Users\Drew Owens\AppData\Local\Google\Update\1.3.36.52\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Drew Owens\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{DE7819A4-8E25-386A-B5B9-6B37F7F077E5}\InprocServer32 -> C:/Users/Drew Owens/AppData/Local/Yesware/Yesware for Outlook/Yesware.Office.Outlook.Addin.DLL => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\Drew Owens\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\Drew Owens\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Drew Owens\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{EA77EFA4-BE79-374F-8DF8-2D649A590240}\InprocServer32 -> C:/Users/Drew Owens/AppData/Local/Yesware/Yesware for Outlook/Yesware.Office.Outlook.Addin.DLL => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\Drew Owens\AppData\Local\Google\Update\1.3.35.302\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001_Classes\CLSID\{FC773B9D-EC1B-3F9B-87A7-7A75C26CFA73}\InprocServer32 -> C:/Users/Drew Owens/AppData/Local/Yesware/Yesware for Outlook/Yesware.Office.Outlook.Addin.DLL => No File
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-25] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
HKU\S-1-5-21-3404635299-2440590617-3582906486-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM -> {939F39C5-D105-4EED-BAFB-75AD39763D1B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM-x32 -> {939F39C5-D105-4EED-BAFB-75AD39763D1B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001 -> {939F39C5-D105-4EED-BAFB-75AD39763D1B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3404635299-2440590617-3582906486-1001 -> {BE928963-A9C5-4429-A387-D89331B4928F} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
FirewallRules: [{96F621AD-68EA-4111-8DE0-4F55D779644E}] => (Allow) C:\Users\Drew Owens\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [UDP Query User{F3EEF179-A586-4120-9F42-713864A62C67}C:\users\drew owens\appdata\local\temp\cp14036403330640session\cptrustfolder14036403330843\adobecaptivatews] => (Allow) C:\users\drew owens\appdata\local\temp\cp14036403330640session\cptrustfolder14036403330843\adobecaptivatews => No File
FirewallRules: [TCP Query User{B80B528D-6802-4269-900F-096D5FA220C4}C:\users\drew owens\appdata\local\temp\cp14036403330640session\cptrustfolder14036403330843\adobecaptivatews] => (Allow) C:\users\drew owens\appdata\local\temp\cp14036403330640session\cptrustfolder14036403330843\adobecaptivatews => No File
FirewallRules: [UDP Query User{CE472582-3C7A-417C-9C24-86ED38F54627}H:\xampp\apache\bin\httpd.exe] => (Allow) H:\xampp\apache\bin\httpd.exe => No File
FirewallRules: [TCP Query User{40FF5DE1-2C48-4A48-98C7-DC4DD834FAF1}H:\xampp\apache\bin\httpd.exe] => (Allow) H:\xampp\apache\bin\httpd.exe => No File
FirewallRules: [UDP Query User{A40FCAC0-2B02-46A9-8AB5-09D3C746305C}C:\users\drew owens\downloads\hello neighbor\hello neighbor alpha 1\helloneighbor\helloneighborreborn\binaries\win64\helloneighborreborn-win64-shipping.exe] => (Allow) C:\users\drew owens\downloads\hello neighbor\hello neighbor alpha 1\helloneighbor\helloneighborreborn\binaries\win64\helloneighborreborn-win64-shipping.exe => No File
FirewallRules: [TCP Query User{544DA9ED-FD13-4CFC-87AD-5C2CB5514861}C:\users\drew owens\downloads\hello neighbor\hello neighbor alpha 1\helloneighbor\helloneighborreborn\binaries\win64\helloneighborreborn-win64-shipping.exe] => (Allow) C:\users\drew owens\downloads\hello neighbor\hello neighbor alpha 1\helloneighbor\helloneighborreborn\binaries\win64\helloneighborreborn-win64-shipping.exe => No File
FirewallRules: [UDP Query User{9252BD97-1AC7-43DA-B512-EEDECDCF0E48}C:\users\drew owens\appdata\local\temp\cp436852539484session\cptrustfolder436852539484\adobecaptivatews] => (Allow) C:\users\drew owens\appdata\local\temp\cp436852539484session\cptrustfolder436852539484\adobecaptivatews => No File
FirewallRules: [TCP Query User{A5EB52CE-913D-46A1-9E93-2ECCA0DDC017}C:\users\drew owens\appdata\local\temp\cp436852539484session\cptrustfolder436852539484\adobecaptivatews] => (Allow) C:\users\drew owens\appdata\local\temp\cp436852539484session\cptrustfolder436852539484\adobecaptivatews => No File
FirewallRules: [UDP Query User{124710E5-AA88-40B8-92DE-9474F229AAF4}C:\users\drew owens\appdata\local\temp\cp826017937703session\cptrustfolder826017937718\adobecaptivatews] => (Allow) C:\users\drew owens\appdata\local\temp\cp826017937703session\cptrustfolder826017937718\adobecaptivatews => No File
FirewallRules: [TCP Query User{38CF2A83-1DAD-4129-A3F3-54933E994A69}C:\users\drew owens\appdata\local\temp\cp826017937703session\cptrustfolder826017937718\adobecaptivatews] => (Allow) C:\users\drew owens\appdata\local\temp\cp826017937703session\cptrustfolder826017937718\adobecaptivatews => No File
FirewallRules: [UDP Query User{948D15B2-6CCA-4F8A-AC9E-39715533ED6A}C:\users\drew owens\appdata\local\temp\cp408017780328session\cptrustfolder408017780578\adobecaptivatews] => (Allow) C:\users\drew owens\appdata\local\temp\cp408017780328session\cptrustfolder408017780578\adobecaptivatews => No File
FirewallRules: [TCP Query User{707B8542-3070-485C-AAAC-006B40D61361}C:\users\drew owens\appdata\local\temp\cp408017780328session\cptrustfolder408017780578\adobecaptivatews] => (Allow) C:\users\drew owens\appdata\local\temp\cp408017780328session\cptrustfolder408017780578\adobecaptivatews => No File
FirewallRules: [UDP Query User{C5FFA83C-8573-4DD6-A8F2-9ADA7EA002DE}C:\program files (x86)\ringcentral for windows\softphone.exe] => (Allow) C:\program files (x86)\ringcentral for windows\softphone.exe => No File
FirewallRules: [TCP Query User{9128C39C-18E1-44FF-98BA-12848E761E0A}C:\program files (x86)\ringcentral for windows\softphone.exe] => (Allow) C:\program files (x86)\ringcentral for windows\softphone.exe => No File
FirewallRules: [{04344FAA-F507-4985-B016-8D352F8E474B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe => No File
FirewallRules: [{09E9D30E-5649-4B02-8F37-A78CB19C5D51}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe => No File
FirewallRules: [{2B2C250C-D2ED-41C5-8AAC-8F88693DEEF5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe => No File
HKU\S-1-5-21-3404635299-2440590617-3582906486-1001\...\Run: [Power2GoExpress8] => [X]
HKU\S-1-5-21-3404635299-2440590617-3582906486-1001\...\Run: [AdobeBridge] => [X]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {007EB496-3F48-4777-9A59-8C256309FF56} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (No File)
Task: {07A31DBE-F416-4923-BA79-B1429D61D967} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {0E03D81E-64B0-44F8-8793-39795C0C971A} - \WPD\SqmUpload_S-1-5-21-3404635299-2440590617-3582906486-1001 -> No File <==== ATTENTION
Task: {27515927-0643-466A-AEC5-7D642DA8A02B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3B270B5F-C868-4E37-B082-EF8C0A6FD4C1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {4CA8CA59-D5BE-4514-A4D2-04A111624C48} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {55456DE1-4A54-460C-B26B-66870118BE05} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5A290DEA-9E4B-4F78-AB0C-B905D969F8A9} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_270_Plugin.exe [1457720 2019-10-13] (Adobe Inc. -> Adobe)
Task: {652A1C32-4B2A-4A46-9B9B-08C9B2B3C770} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6E230833-7710-4824-91AF-169EAAE26914} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9332E425-C327-46FC-81E5-2FB6ACBA48BB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C9C75BA8-5A27-47CF-B3CD-096D22F0C9A5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CEF0EDC6-D075-46D0-8B1C-76AAAFBBCA45} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E071EC09-B022-42F8-8E66-8D64DA1E85E0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F399ED94-6E97-4969-893F-4FEE772AC273} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F71673B3-A235-4975-A446-2832538F1EC7} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {FF2ABC63-4C99-4C9D-B9D8-9EF297E180A0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF NewTab: Mozilla\Firefox\Profiles\vajvojym.default -> about:newtab
FF NetworkProxy: Mozilla\Firefox\Profiles\vajvojym.default -> type", 0
CHR HKLM-x32\...\Chrome\Extension: [nagnmfhgkjkplbhplkbicmpkfopmnefp]
S3 dg_ssudbus; \SystemRoot\system32\DRIVERS\ssudbus2.sys [X]
S3 MpKsl9c987d53; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{521CF657-8047-47A9-8925-9FC5031564EA}\MpKslDrv.sys [X]
RemoveProxy:
cmd: netsh advfirewall reset 
EmptyTemp: 
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

2. Uninstall programs

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program on the list:
Adobe Flash Player 32 NPAPI 
Adobe Flash Player 32 PPAPI 
Adobe Shockwave Player 12.0 
McAfee® Central for HP 
DisableMSDefender
swMSM
  • Select the above program and click Uninstall.
  • Restart the computer.

 

3. ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

 

In your next reply please post:

  1. The fixlog.txt
  2. The programs you uninstalled
  3. The eset.txt

  • 0

#6
DR M
Posted 15 February 2022 - 10:50 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

Hello. 

 

Do you need any help regarding the above? 


  • 0

#7
DR M
Posted 18 February 2022 - 02:00 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts
drewowens,
 
Asking for help, providing your logs for analysis and then go away, is not just a simple thing. Plus, it's not kind at all. People spend a remarkable amount of time to analyse the logs and, as you know, time is valuable for all of us.
 
Due to lack of feedback, this topic has been closed.
 
If you need this topic reopened, please contact a staff member, or send me a personal message (hoover with the mouse on my profile name and choose Send message).
 
 

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: spyware

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP