After looking through your latest logs, there's few things I need to discuss with you, and a few things that need attending to.
First ....
Your log shows that you had 76 chrome.exe processes running at the time the scan was made ...
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <76>
... so either you had an inordinately large number of tabs open, or there's something wrong with Chrome, possibly an infection.
Next ....
You have a large number of sites that you have allowed to send you notifications in Chrome ...
CHR Notifications: Default -> hxxps://aei-push.os.tc; hxxps://app.gotowebinar.com; hxxps://calendar.google.com; hxxps://drive.google.com; hxxps://learnbuildearn.os.tc; hxxps://mentalfloss.com; hxxps://mg.mail.yahoo.com; hxxps://pulse.tenstreet.com; hxxps://sidehustleschool.com; hxxps://thepodcastfactory.pushconnectnotify.net; hxxps://tomshardware.onesignal.com; hxxps://us-mg5.mail.yahoo.com; hxxps://www.aei.org; hxxps://www.businessnewsdaily.com; hxxps://www.cyberlink.com; hxxps://www.earlytorise.com; hxxps://www.harryanddavid.com; hxxps://www.investors.com; hxxps://www.moneytalksnews.com; hxxps://www.nestmann.com; hxxps://www.princetonreview.com; hxxps://www.tomshardware.com
... please check through them to see whether they are all sites that you have allowed. Notifications can be used as a vehicle to hijack Chrome.
Next ....
You have a large number of extensions installed on Chrome, this will greatly affect it's performance. Most of them appear to be legit, however it's not really a good idea to have so many extensions, even legit ones.
The extensions I've listed below, each raised questions when I researched them, and unless you specifically know them to be from legit sources, I would recommend you uninstall them ...
CHR Extension: (Google Search) - C:\Users\mwalg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (AutoCAD 360) - C:\Users\mwalg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjeclnkejmbepoibfnamioojinoopln [2014-10-24]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\mwalg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mwalg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Floor Plan Creator) - C:\Users\mwalg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogbnemfckmdpkeeccieeahplnemmbcfg [2014-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\mwalg_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-27]
CHR HKU\S-1-5-21-1478717658-117861286-2969353822-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
... see ...
https://www.timeatlas.com/uninstall-chrome-extensions/
Next ....
- Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
- Press Ctrl+y (Ctrl and y keys at the same time)
- A blank randomly named .txt Notepad file will open.
- Copy and paste the following into it ....
Code:
SystemRestore: On
CreateRestorePoint:
VirusTotal: C:\ProgramData\SharewareOnSale Notifier\SharewareOnSale Notifier.exe
HKU\S-1-5-21-1478717658-117861286-2969353822-1001\...\MountPoints2: {3cb648ce-c1e5-11e8-8095-74867a530035} - "F:\LG_PC_Programs.exe"
Task: {2DDFA6AC-B14C-4397-9F40-2618043A837C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3049ABA0-C946-4459-865A-9CC83C015304} - System32\Tasks\G2MUploadTask-S-1-5-21-1478717658-117861286-2969353822-1001 => C:\Users\TEMP\AppData\Local\GoToMeeting\17359\g2mupload.exe <==== ATTENTION
Task: {32F35C06-6ABD-475C-8DEC-151E0C87C725} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {34FC0AA2-4088-4048-A226-AAA119BE3AEE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {404D06B3-DDC5-4588-9E76-3A75E872DFF6} - System32\Tasks\G2MUpdateTask-S-1-5-21-1478717658-117861286-2969353822-1001 => C:\Users\TEMP\AppData\Local\GoToMeeting\17359\g2mupdate.exe <==== ATTENTION
Task: {481B354C-393C-41AF-8B82-ACE79F49905E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {725D36D3-39EC-452B-B574-18D231103B59} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {76AF4BC1-7E80-4BB2-9D8E-D0ACDE0CB319} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {7AE74350-285C-4119-8B0C-70309C429E52} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {93B3F208-13A4-4928-9A63-6F77B7811DBF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9F9CE659-0968-46C0-B7CA-FCC90C4F08A6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {AE641A21-6ABA-4D51-B2A9-52EACC092FD9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {CC5786D6-71E3-45FF-A5C3-1E852AF3C8D8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E534A6C3-3675-4520-BCC0-9A6424B24DCA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1478717658-117861286-2969353822-1001.job => C:\Users\TEMP\AppData\Local\GoToMeeting\17359\g2mupdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1478717658-117861286-2969353822-1001.job => C:\Users\TEMP\AppData\Local\GoToMeeting\17359\g2mupload.exe <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {41AD9944-DAD6-4794-830D-5DCF36C9A8D8} URL =
SearchScopes: HKLM -> {41AD9944-DAD6-4794-830D-5DCF36C9A8D8} URL =
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-1478717658-117861286-2969353822-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1478717658-117861286-2969353822-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKU\S-1-5-21-1478717658-117861286-2969353822-1001 -> {41AD9944-DAD6-4794-830D-5DCF36C9A8D8} URL =
Toolbar: HKU\S-1-5-21-1478717658-117861286-2969353822-1001 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
Toolbar: HKU\S-1-5-21-1478717658-117861286-2969353822-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
AlternateDataStreams: C:\Users\mwalg_000\Desktop\skitchsetup-2.3.1.168.exe:BDU [0]
AlternateDataStreams: C:\Users\mwalg_000\Downloads\Greenshot-INSTALLER-1.1.9.13.exe:BDU [0]
AlternateDataStreams: C:\Users\mwalg_000\Downloads\jing.exe:BDU [0]
IE trusted site: HKU\S-1-5-21-1478717658-117861286-2969353822-1001\...\genieo.com -> hxxp://search.genieo.com
IE trusted site: HKU\S-1-5-21-1478717658-117861286-2969353822-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1478717658-117861286-2969353822-1001\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [{07F9F723-A030-4065-B11D-32025E29967B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{32F9DB7E-A542-4083-B309-A6BC9847F47E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{4FB70716-497C-414B-9777-598D39E82704}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{00D635ED-F818-4E13-B4A2-DF572BB09A18}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{C5988234-DF9A-47FF-B3E2-AC9C53E0B609}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE => No File
FirewallRules: [{E451E5F2-F781-4B72-AA83-0742D5580675}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe => No File
FirewallRules: [{1EE52CF3-71EC-4281-AD98-07B2DB2CB9B4}] => (Allow) C:\Users\mwalg_000\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => No File
FirewallRules: [{D5594A63-2418-4854-A49F-886BC5FFAEBA}] => (Allow) C:\Users\mwalg_000\AppData\Roaming\Dropbox\bin\Dropbox.exe => No File
FirewallRules: [{732B90D5-10F7-42AD-8120-8E014E42BB70}] => (Allow) C:\Users\mwalg_000\AppData\Roaming\Dropbox\bin\Dropbox.exe => No File
FirewallRules: [{7CF59742-8EBE-470F-BF76-78F1AF74A28B}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe => No File
FirewallRules: [{B0F75A75-F423-4236-9764-01A948BA1B35}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe => No File
FirewallRules: [TCP Query User{1B7E407C-C3C0-4FB3-A6F5-3D21F47D4FDB}C:\program files (x86)\tencent\qqintl\bin\qq.exe] => (Allow) C:\program files (x86)\tencent\qqintl\bin\qq.exe => No File
FirewallRules: [UDP Query User{3A186174-3B86-415C-AF3F-DC6055AE9953}C:\program files (x86)\tencent\qqintl\bin\qq.exe] => (Allow) C:\program files (x86)\tencent\qqintl\bin\qq.exe => No File
FirewallRules: [{7B9C13B1-1114-4F66-91FD-B607841AAF1E}] => (Allow) C:\Program Files\CyberLink\PowerDirector14\PDR10.EXE => No File
EmptyTemp:
Hosts:
Cmd: ipconfig /flushdns
- Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
- Now press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
- Please post me the log, answer any questions I asked, and let me know how your computer is behaving now.