www.bleepingcomputer.com
Open in
urlscan Pro
104.20.59.209
Public Scan
Submitted URL: https://www.bleepingcomputer.com/forums/t/770851/what-is-googleadsgdoubleclicknet-and-should-i-be-worried/#entry5345505
Effective URL: https://www.bleepingcomputer.com/forums/t/770851/what-is-googleadsgdoubleclicknet-and-should-i-be-worried/
Submission: On April 13 via api from US — Scanned from DE
Effective URL: https://www.bleepingcomputer.com/forums/t/770851/what-is-googleadsgdoubleclicknet-and-should-i-be-worried/
Submission: On April 13 via api from US — Scanned from DE
Form analysis 3 forms found in the DOM
POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=search&fromMainBar=1
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=search&fromMainBar=1" method="post" id="search-box">
<fieldset>
<label for="main_search" class="hide">Search</label>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&search_in=forums" title="Advanced Search" accesskey="4" rel="search" id="adv_search" class="right">Advanced</a>
<span id="search_wrap" class="right">
<input type="text" id="main_search" name="search_term" class="" size="17" tabindex="100" placeholder="Search...">
<span class="choice ipbmenu clickable" id="search_options" style="">This topic</span>
<ul id="search_options_menucontent" class="ipbmenu_content ipsPad" style="display: none; position: absolute; z-index: 9999;">
<li class="title" style="z-index: 10000;"><strong style="z-index: 10000;">Search section:</strong></li>
<li class="special" style="z-index: 10000;">
<label for="s_topic" title="This topic" style="z-index: 10000;">
<input type="radio" name="search_app" value="forums:topic:770851" class="input_radio" id="s_topic" checked="checked" style="z-index: 10000;"><strong style="z-index: 10000;">This topic</strong>
</label>
</li>
<li class="app" style="z-index: 10000;"><label for="s_forums" title="Forums" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_forums" value="forums" style="z-index: 10000;">Forums</label></li>
<li class="app" style="z-index: 10000;"><label for="s_members" title="Members" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_members" value="members" style="z-index: 10000;">Members</label></li>
<li class="app" style="z-index: 10000;"><label for="s_core" title="Help Files" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_core" value="core" style="z-index: 10000;">Help Files</label></li>
<li class="app" style="z-index: 10000;">
<label for="s_calendar" title="Calendar" style="z-index: 10000;">
<input type="radio" name="search_app" class="input_radio" id="s_calendar" value="calendar" style="z-index: 10000;">Calendar </label>
</li>
</ul>
<input aria-label="Search the forum" type="submit" class="submit_input clickable" value="">
</span>
</fieldset>
</form>POST https://www.bleepingcomputer.com/forums/index.php?
<form id="modform" method="post" action="https://www.bleepingcomputer.com/forums/index.php?">
<input type="hidden" name="app" value="forums">
<input type="hidden" name="module" value="moderate">
<input type="hidden" name="section" value="moderate">
<input type="hidden" name="do" value="postchoice">
<input type="hidden" name="f" value="22">
<input type="hidden" name="t" value="770851">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="hidden" name="st" value="">
<input type="hidden" name="page" value="">
<input type="hidden" value="" name="selectedpidsJS" id="selectedpidsJS">
<input type="hidden" name="tact" id="tact" value="">
</form>POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=login&do=process
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&do=process" method="post" id="login">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="hidden" name="referer" value="https://www.bleepingcomputer.com/forums/t/770851/what-is-googleadsgdoubleclicknet-and-should-i-be-worried/">
<h3>Sign In</h3>
<div class="ipsBox_notice">
<ul class="ipsList_inline">
<li>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&serviceClick=twitter" class="ipsButton_secondary"><img src="https://www.bleepingcomputer.com/forums/public/style_images/master/loginmethods/twitter.png" alt="Twitter"> Use Twitter</a>
</li>
</ul>
</div>
<br>
<div class="ipsForm ipsForm_horizontal">
<fieldset>
<ul>
<li class="ipsField">
<div class="ipsField_content"> Need an account? <a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=register" title="Register now!">Register now!</a>
</div>
</li>
<li class="ipsField ipsField_primary">
<label for="ips_username" class="ipsField_title">Username</label>
<div class="ipsField_content">
<input id="ips_username" type="text" class="input_text" name="ips_username" size="30" tabindex="0">
</div>
</li>
<li class="ipsField ipsField_primary">
<label for="ips_password" class="ipsField_title">Forum Password</label>
<div class="ipsField_content">
<input id="ips_password" type="password" class="input_text" name="ips_password" size="30" tabindex="0"><br>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=lostpass" title="Retrieve password">I've forgotten my password</a>
</div>
</li>
<li class="ipsField ipsField_checkbox">
<input type="checkbox" id="inline_remember" checked="checked" name="rememberMe" value="1" class="input_check" tabindex="0">
<div class="ipsField_content">
<label for="inline_remember">
<strong>Remember me</strong><br>
<span class="desc lighter">This is not recommended for shared computers</span>
</label>
</div>
</li>
<li class="ipsField ipsField_checkbox">
<input type="checkbox" id="inline_invisible" name="anonymous" value="1" class="input_check" tabindex="0">
<div class="ipsField_content">
<label for="inline_invisible">
<strong>Sign in anonymously</strong><br>
<span class="desc lighter">Don't add me to the active users list</span>
</label>
</div>
</li>
<li class="ipsPad_top ipsForm_center desc ipsType_smaller">
<a rel="nofollow" href="https://www.bleepingcomputer.com/forums/privacypolicy/">Privacy Policy</a>
</li>
</ul>
</fieldset>
<div class="ipsForm_submit ipsForm_center">
<input type="submit" class="ipsButton" value="Sign In" tabindex="0">
</div>
</div>
</form>Text Content
WE VALUE YOUR PRIVACY
We and our partners store and/or access information on a device, such as cookies
and process personal data, such as unique identifiers and standard information
sent by a device for personalised ads and content, ad and content measurement,
and audience insights, as well as to develop and improve products.
With your permission we and our partners may use precise geolocation data and
identification through device scanning. You may click to consent to our and our
partners’ processing as described above. Alternatively you may access more
detailed information and change your preferences before consenting or to refuse
consenting. Please note that some processing of your personal data may not
require your consent, but you have a right to object to such processing. Your
preferences will apply to this website only. You can change your preferences at
any time by returning to this site or visit our privacy policy.
MORE OPTIONSAGREE
* Sign In
* Create Account
Search Advanced This topic
* Search section:
* This topic
* Forums
* Members
* Help Files
* Calendar
*
* View New Content
* Forum Rules
* BleepingComputer.com
* Forums
* Members
* Tutorials
* Startup List
* Virus Removal
* Downloads
* Uninstall List
* Welcome Guide
* More
1. BleepingComputer.com
2. → Security
3. → Virus, Trojan, Spyware, and Malware Removal Help
Javascript Disabled Detected
You currently have javascript disabled. Several functions may not work. Please
re-enable javascript to access full functionality.
Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come
together to discuss and learn how to use their computers. Using the site is easy
and fun. As a guest, you can browse and view the various discussions in the
forums, but can not create a new topic or reply to an existing one unless you
are logged in. Other benefits of registering an account are subscribing to
topics and forums, creating a blog, and having no ads shown anywhere on the
site.
Click here to Register a free account now! or read our Welcome Guide to learn
how to use this site.
Latest News: Ethereum dev imprisoned for helping North Korea evade sanctions
Featured Deal: Add to your IT skill set with this cybersecurity training super
bundle
WHAT IS GOOGLEADS.G.DOUBLECLICK.NET AND SHOULD I BE WORRIED?
Started by shake_n_vac , Apr 11 2022 01:46 PM
* Please log in to reply
6 replies to this topic
#1 SHAKE_N_VAC
shake_n_vac
*
* Members
* 73 posts
* OFFLINE
* Local time:12:46 PM
Posted 11 April 2022 - 01:46 PM
I did a cleanup with CC Cleaner to get rid of cookies. I then did a search using
my usual browser, Mozilla (nothing major, just to be nosey to see what car a
celeb drives!). I got the options from Google to run through regarding cookies
and search optimsation. When I clicked 'continue' a warning came up from from
Malwarebytes Browserguard.
I then clicked the back button and then the forwards buttin to try to see what
the warning said again and it threw me to Google with the search term I had
entered - did this bypass the Broswer Guard and am I now infected?
I have seen from a cursory search that this can be a nasty infection and so I am
panicking.
(If it is relevant I did a search on - complete with the spelling mistake! -
'gary linekr car'.)
Edited by shake_n_vac, 11 April 2022 - 01:50 PM.
* Back to top
--------------------------------------------------------------------------------
BC ADBOT (LOGIN TO REMOVE)
*
* BleepingComputer.com
*
* Register to remove ads
PLAY Top Articles Video Settings Full Screen About Connatix V158743 Read More
Read More Read More Read More Read More Read More Ethereum dev imprisoned for
helping North Koreaevade sanctions 1/1 Skip Ad Continue watching after the ad
Visit Advertiser websiteGO TO PAGE
--------------------------------------------------------------------------------
#2 NASDAQ
nasdaq
*
* Malware Response Team
* 47,838 posts
* OFFLINE
* Gender:Male
* Location:Montreal, QC. Canada
* Local time:07:46 AM
Posted 11 April 2022 - 01:54 PM
Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
If you can please print this topic it will make it easier for you to follow the
instructions and complete all of the necessary steps in the order listed.
===
Let's check it out.
Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy
and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please
attach it to your reply.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options"
button.
Attach the file(s). A 2 Steps process.
Reply to this topic.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach. <- Step 1.
Click Attach this file. <- Step 2.
Click the Add reply button.
Please post the logs for my review.
Let me know what problems persists.
Wait for further instructions
p.s.
The Farbar program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if
Downloaded from the link I provided.
You should restore the program from the Quarantine folder.
<<<>>>
* Back to top
--------------------------------------------------------------------------------
#3 SHAKE_N_VAC
shake_n_vac
* Topic Starter
*
* Members
* 73 posts
* OFFLINE
* Local time:12:46 PM
Posted 11 April 2022 - 02:02 PM
Hi Nasdaq. Thanks for the reply!
Just for the sake of completeness - I already had FRST downloaded and clicked on
it and it updated. But when I selected it again, AVG my antivirus moved it to
quarantine but I think (hope!) that will be a false positive.
If it is okay I will upload the FRST logs as copy and pasted because I am
worried about there being an infection passed on by anything I may upload (which
escaped my thinking in the original post, sorry about that).
EDIT: I edited because I re-ran the scan as I trid to click on a Quora page to
do some reading about whatever this thing is and the same warning popped-up from
Malwarebytes Browser Guard so I thought it wise to re-run the scan. Sorry for
any inconvenience.
Here is the FRST log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-04-2022 03
Ran by Winger (administrator) on LAPTOP-COA3FH0G (LENOVO 81NC) (11-04-2022
20:12:31)
Running from C:\Users\Winger\Downloads
Loaded Profiles: Winger
Platform: Microsoft Windows 10 Home Version 21H2 19044.1586 (X64) Language:
English (United States)
Default browser not detected!
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file
will not be moved.)
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program
Files\AVG\Antivirus\AVGUI.exe <4>
(C:\Program Files\AVG\Antivirus\AVGSvc.exe ->) (AVG Technologies USA, LLC -> AVG
Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes
Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->)
(Lenovo -> Lenovo Group Ltd.)
C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(DriverStore\FileRepository͡456.inf_amd64_23e88333e0901bd6\B358570\atiesrxx.exe
->) (Advanced Micro Devices, Inc. -> AMD)
C:\Windows\System32\DriverStore\FileRepository͡456.inf_amd64_23e88333e0901bd6\B358570\atieclxx.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(Microsoft Windows -> Microsoft Corporation)
C:\Windows\System32\MusNotifyIcon.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla
Firefox\firefox.exe <15>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program
Files\CCleaner\CCleaner64.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD)
C:\Windows\System32\DriverStore\FileRepository͡456.inf_amd64_23e88333e0901bd6\B358570\atiesrxx.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\Antivirus\aswidsagent.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\Antivirus\AVGSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(services.exe ->) (Dolby Laboratories, Inc. -> )
C:\Windows\System32\dolbyaposvc\DAX3API.exe <2>
(services.exe ->) (Lenovo -> Lenovo Group Ltd.)
C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited)
C:\Windows\System32\LNBITSSvc.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program
Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher ->
Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows
® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Qualcomm Atheros -> Qualcomm Technologies Inc.)
C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor)
C:\Windows\System32\RtkAudUService64.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation)
C:\Windows\System32\MoUsoCoreWorker.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to
default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe
[1141536 2020-09-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [190904
2022-03-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ZaAntiRansomware] => "C:\Program Files
(x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe" (No File)
HKU\S-1-5-21-2359693894-3551999487-3289365916-1001\...\Run: [CCleaner Smart
Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [36705520 2022-04-07]
(Piriform Software Ltd -> Piriform Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components:
[{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program
Files\Google\Chrome\Application\100.0.4896.75\Installer\chrmstp.exe [2022-04-06]
(Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components:
[{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files
(x86)\BraveSoftware\Brave-Browser\Application\100.1.37.111\Installer\chrmstp.exe
[2022-04-05] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
Task: {0773DDCD-1B5D-4661-AE28-8858D6161913} -
System32\Tasks\Lenovo\ImController\TimeBasedEvents\392b23cb-753f-4de9-a574-3235548c11d5
=> C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240
2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {1320A2ED-45DA-4738-B76C-E6DCA7CC6986} -
System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance =>
"%windir%\system32\sc.exe" START ImControllerService
Task: {19F49244-6FCD-4E91-A527-479427880299} -
System32\Tasks\Lenovo\ImController\TimeBasedEvents\60c9f75b-ec08-474b-ac5e-c3b48a27eb3d
=> C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240
2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {33ABF669-BC7D-41DA-A84E-4904B7B06C82} - System32\Tasks\CCleanerSkipUAC -
Winger => C:\Program Files\CCleaner\CCleaner.exe [30836464 2022-04-07] (Piriform
Software Ltd -> Piriform Software Ltd)
Task: {3FD2071A-BFDB-4E2C-A75B-9366A6EC40F8} - System32\Tasks\EOSv3 Scheduler
onLogOn =>
C:\Users\Winger\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
[18007968 2021-07-29] (ESET, spol. s r.o. -> ESET)
Task: {4BE70160-388E-4049-B175-A94AF91B3F65} - System32\Tasks\Mirkat =>
C:\Users\Winger\AppData\Local\Microsoft\WindowsApps\MirkatService.exe /logon (No
File)
Task: {4FCB7C83-9CBE-4D44-A204-03F57A8592A9} -
System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor =>
C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo ->
Lenovo Group Ltd.)
Task: {502F4AFF-7275-4F50-BD98-0F7EB52549E7} - System32\Tasks\CCleaner Update =>
C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-04-07] (Piriform Software
Ltd -> Piriform)
Task: {6D9CB881-C87D-4040-9C84-7E8738A949C3} - System32\Tasks\Antivirus
Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [5025720
2022-03-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {74E47939-096D-4794-8BF3-AC86C446A7D9} - System32\Tasks\LenovoUtility
Startup => C:\Windows\explorer.exe lenovo-utility://
Task: {8063F307-5180-4686-9C12-7BFC1A8322FE} - System32\Tasks\Mozilla\Firefox
Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla
Firefox\firefox.exe --MOZ_LOG
sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log
--backgroundtask backgroundupdate
Task: {9A396854-19FF-4A43-9C19-43A861CFA1F0} -
System32\Tasks\Lenovo\ImController\TimeBasedEvents\bf5b7604-d5bc-4a19-adf8-9b84971fcafa
=> C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240
2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {9BF1819B-2EE1-4D60-BFEC-796C610B16E5} -
System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask
=> %windir%\System32\reg.exe add
hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f
/reg:32
Task: {A8A5841D-82CA-4931-BE81-B49F609080EA} -
System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files
(x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-07-17] (Brave Software,
Inc. -> BraveSoftware Inc.)
Task: {ACE35BED-F8B6-4B83-A3F6-BEEB638A5099} - System32\Tasks\EOSv3 Scheduler
onTime =>
C:\Users\Winger\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
[18007968 2021-07-29] (ESET, spol. s r.o. -> ESET)
Task: {B66BE657-3D2B-44A5-96B3-A58032FEF0BA} -
System32\Tasks\Lenovo\ImController\TimeBasedEvents\a5fea5f2-13e2-45c5-b58a-a4ff24531538
=> C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240
2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {BE97A3BC-ADA3-4AD5-A8E8-5C603966B113} -
System32\Tasks\Lenovo\ImController\TimeBasedEvents\5f4a1938-1feb-4b91-9d22-3a41a4ff3a01
=> C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240
2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {BF300283-33B1-42BC-94C2-60EEDBB05C6E} -
System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [154440 2021-03-30] (Google LLC -> Google
LLC)
Task: {C2CE1CC9-98DD-4041-BA50-F818DD05714C} -
System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance =>
C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe
[145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {D459BE07-57F4-4AAA-B13D-9F52F2679E5E} -
System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files
(x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-07-17] (Brave Software,
Inc. -> BraveSoftware Inc.)
Task: {DF561AF1-CFC8-475E-871D-D21ED004C6D1} -
System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [154440 2021-03-30] (Google LLC -> Google
LLC)
Task: {EFD334DB-A7AF-4674-B9C1-9F4CB7A33EB2} - System32\Tasks\AVG\Overseer =>
C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2332984 2022-03-08]
(AVG Technologies USA, LLC -> AVG Technologies)
(If an entry is included in the fixlist, the task (.job) file will be moved. The
file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be
removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6fe794b9-9dc8-4a48-9501-7d0a8aca6713}: [DhcpNameServer]
192.168.1.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
FireFox:
========
FF DefaultProfile: pt6jsytg.default
FF ProfilePath:
C:\Users\Winger\AppData\Roaming\Mozilla\Firefox\Profiles\pt6jsytg.default
[2020-04-25]
FF ProfilePath:
C:\Users\Winger\AppData\Roaming\Mozilla\Firefox\Profiles\iisptihh.default-release
[2022-04-11]
FF Extension: (Malwarebytes Browser Guard) -
C:\Users\Winger\AppData\Roaming\Mozilla\Firefox\Profiles\iisptihh.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi
[2022-03-16]
FF Extension: (Adblock Plus - free ad blocker) -
C:\Users\Winger\AppData\Roaming\Mozilla\Firefox\Profiles\iisptihh.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2021-11-24]
Chrome:
=======
CHR Profile: C:\Users\Winger\AppData\Local\Google\Chrome\User Data\Default
[2022-04-11]
CHR Extension: (Slides) - C:\Users\Winger\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-03-30]
CHR Extension: (Docs) - C:\Users\Winger\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-03-30]
CHR Extension: (Google Drive) - C:\Users\Winger\AppData\Local\Google\Chrome\User
Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-03-30]
CHR Extension: (YouTube) - C:\Users\Winger\AppData\Local\Google\Chrome\User
Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-30]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) -
C:\Users\Winger\AppData\Local\Google\Chrome\User
Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2021-11-10]
CHR Extension: (Sheets) - C:\Users\Winger\AppData\Local\Google\Chrome\User
Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-03-30]
CHR Extension: (Google Docs Offline) -
C:\Users\Winger\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-10]
CHR Extension: (Malwarebytes Browser Guard) -
C:\Users\Winger\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-10]
CHR Extension: (Chrome Web Store Payments) -
C:\Users\Winger\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-30]
CHR Extension: (Gmail) - C:\Users\Winger\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-03-30]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Opera:
=======
OPR Profile: C:\Users\Winger\AppData\Roaming\Opera Software\Opera Stable
[2022-04-11]
OPR DefaultSuggestURL: Opera Stable ->
hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Winger\AppData\Roaming\Opera
Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-03-29]
OPR Extension: (Amazon Assistant Promotion) -
C:\Users\Winger\AppData\Roaming\Opera Software\Opera
Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2022-03-29]
Brave:
=======
BRA Profile: C:\Users\Winger\AppData\Local\BraveSoftware\Brave-Browser\User
Data\Default [2022-04-11]
BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=brave
BRA DefaultSearchKeyword: Default -> :d
BRA DefaultSuggestURL: Default ->
hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
BRA Extension: (Adblock Plus - free ad blocker) -
C:\Users\Winger\AppData\Local\BraveSoftware\Brave-Browser\User
Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-01-12]
BRA Extension: (Brave Local Data Files Updater) -
C:\Users\Winger\AppData\Local\BraveSoftware\Brave-Browser\User
Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-04-11]
BRA Extension: (Brave NTP background images) -
C:\Users\Winger\AppData\Local\BraveSoftware\Brave-Browser\User
Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-03-10]
BRA Extension: (Wallet Data Files Updater) -
C:\Users\Winger\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet
[2022-03-09]
BRA Extension: (Brave Ad Block Updater (Default)) -
C:\Users\Winger\AppData\Local\BraveSoftware\Brave-Browser\User
Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-04-11]
BRA Extension: (Brave Tor Client Updater (Windows)) -
C:\Users\Winger\AppData\Local\BraveSoftware\Brave-Browser\User
Data\cpoalefficncklhjfpglfiplenlpccdb [2022-03-25]
BRA Extension: (Brave SpeedReader Updater) -
C:\Users\Winger\AppData\Local\BraveSoftware\Brave-Browser\User
Data\jicbkmdloagakknpihibphagfckhjdih [2022-03-10]
BRA Extension: (Brave NTP sponsored images) -
C:\Users\Winger\AppData\Local\BraveSoftware\Brave-Browser\User
Data\mjpbonbjgpinifgnneajcbigekbpfige [2022-04-11]
BRA Extension: (Brave HTTPS Everywhere Updater) -
C:\Users\Winger\AppData\Local\BraveSoftware\Brave-Browser\User
Data\oofiananboodjbbmdelgdommihjbkfag [2022-04-07]
StartMenuInternet: Brave - C:\Program Files
(x86)\BraveSoftware\Brave-Browser\Application\brave.exe
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [597432 2022-03-24]
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [596920 2022-03-24]
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [8520816
2022-03-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480
2022-02-14] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544
2020-07-17] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544
2020-07-17] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [1646536 2019-05-29]
(Dolby Laboratories, Inc. -> )
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [330720 2018-12-21]
(Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ImControllerService;
C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240
2022-01-28] (Lenovo -> Lenovo Group Ltd.)
R2 LITSSVC; C:\WINDOWS\System32\LNBITSSvc.exe [1643688 2019-05-06] (Lenovo ->
Lenovo(beijing) Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
[7997112 2022-02-20] (Malwarebytes Inc -> Malwarebytes)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-27] (Microsoft
Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-27] (Microsoft
Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [36920 2022-03-24] (AVG
Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [229064 2022-03-24] (AVG
Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [370824
2022-03-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [253064 2022-03-24] (AVG
Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [100464 2022-03-24] (AVG
Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [21960 2022-02-14]
(Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ,
s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [42528 2022-03-24] (AVG
Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [269576 2022-03-24] (AVG
Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [546432 2022-03-24] (AVG
Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [109032 2022-03-24] (AVG
Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [84120 2022-03-24] (AVG
Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [855480 2022-03-24] (AVG
Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [552088 2022-03-24] (AVG
Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [216080 2022-03-24] (AVG
Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [318904 2022-03-24] (AVG
Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2021-09-15]
(Microsoft Corporation) [File not signed]
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [221096
2022-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-11-27]
(Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992
2021-11-28] (Malwarebytes Inc -> Malwarebytes)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48520 2021-11-27]
(Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [435424 2021-11-27]
(Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-27]
(Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29680 2021-11-28] (Microsoft
Windows Hardware Compatibility Publisher -> WireGuard LLC)
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
U3 iswSvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-04-11 19:58 - 2022-04-11 20:12 - 000021295 _____
C:\Users\Winger\Downloads\FRST.txt
2022-04-11 19:57 - 2022-04-11 19:57 - 002365952 _____ (Farbar)
C:\Users\Winger\Downloads\FRST64.exe
2022-04-11 00:42 - 2022-04-11 00:42 - 000221096 _____ (Malwarebytes)
C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-04-06 09:43 - 2022-04-11 00:42 - 000000000 ____D C:\Program Files\Mozilla
Firefox
2022-03-28 17:07 - 2022-03-28 17:07 - 000000000 ____D
C:\WINDOWS\system32\gf2engine
2022-03-24 16:49 - 2022-03-24 16:49 - 000337336 _____ (AVG Technologies CZ,
s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2022-03-24 16:49 - 2022-03-24 16:49 - 000216080 _____ (AVG Technologies CZ,
s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2022-03-12 14:54 - 2022-03-12 14:54 - 002254336 _____
C:\WINDOWS\system32\dwmscene.dll
2022-03-12 14:54 - 2022-03-12 14:54 - 000223744 _____
C:\WINDOWS\SysWOW64\TpmTool.exe
2022-03-12 14:54 - 2022-03-12 14:54 - 000011911 _____
C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-03-12 14:53 - 2022-03-12 14:53 - 002260992 _____
C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-03-12 14:53 - 2022-03-12 14:53 - 000272896 _____
C:\WINDOWS\system32\TpmTool.exe
2022-03-12 14:45 - 2022-03-12 14:46 - 000000000 ___HD C:\$WinREAgent
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-04-11 20:12 - 2020-12-15 21:32 - 000000000 ____D C:\FRST
2022-04-11 20:12 - 2020-03-29 20:29 - 000000000 ____D C:\Program Files
(x86)\Google
2022-04-11 20:00 - 2020-04-27 19:28 - 000026024 _____
C:\Users\Winger\Downloads\Addition.txt
2022-04-11 19:56 - 2021-11-27 21:48 - 000000000 ____D
C:\Users\Winger\Documents\FRST-OlderVersion
2022-04-11 19:43 - 2019-12-07 10:14 - 000000000 ____D
C:\ProgramData\regid.1991-06.com.microsoft
2022-04-11 19:34 - 2020-04-10 00:46 - 000000000 ____D C:\Program Files\CCleaner
2022-04-11 19:34 - 2020-04-06 16:09 - 000000000 ____D
C:\Users\Winger\AppData\LocalLow\Mozilla
2022-04-11 19:06 - 2021-03-29 04:43 - 000003936 _____
C:\WINDOWS\system32\Tasks\CCleaner Update
2022-04-11 19:06 - 2020-01-10 07:59 - 000000000 ____D
C:\Users\Winger\AppData\Local\D3DSCache
2022-04-11 18:01 - 2020-09-27 15:50 - 000000000 ____D
C:\WINDOWS\system32\SleepStudy
2022-04-11 08:32 - 2021-03-29 04:47 - 000795738 _____
C:\WINDOWS\system32\PerfStringBackup.INI
2022-04-11 08:32 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2022-04-11 00:42 - 2021-12-12 18:06 - 000000000 ____D C:\ProgramData\AVG
2022-04-11 00:42 - 2020-09-27 15:50 - 000008192 ___SH C:\DumpStack.log.tmp
2022-04-11 00:42 - 2020-09-27 15:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-04-11 00:42 - 2020-04-06 16:09 - 000000000 ____D C:\Program Files
(x86)\Mozilla Maintenance Service
2022-04-11 00:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-04-11 00:42 - 2019-09-05 21:25 - 000000134 _____
C:\WINDOWS\system32\regtest.txt
2022-04-11 00:41 - 2019-12-07 10:03 - 000524288 _____
C:\WINDOWS\system32\config\BBI
2022-04-10 17:50 - 2021-07-29 12:20 - 000003862 _____
C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2022-04-10 17:50 - 2021-07-29 12:20 - 000003420 _____
C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2022-04-10 17:50 - 2020-09-06 13:25 - 000001394 _____
C:\Users\Winger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET
Online Scanner.lnk
2022-04-10 14:53 - 2022-02-14 01:06 - 000003250 _____
C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
2022-04-10 14:53 - 2021-12-25 14:10 - 000000000 ____D
C:\WINDOWS\system32\Tasks\AVAST Software
2022-04-10 14:53 - 2021-12-11 20:04 - 000003066 _____
C:\WINDOWS\system32\Tasks\OneDrive Reporting
Task-S-1-5-21-2359693894-3551999487-3289365916-1001
2022-04-10 14:53 - 2021-08-18 19:12 - 000002256 _____
C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Winger
2022-04-10 14:53 - 2021-04-13 09:33 - 000003214 _____
C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7244d85b3b4d9
2022-04-10 14:53 - 2021-03-30 19:55 - 000003348 _____
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-04-10 14:53 - 2021-03-30 19:55 - 000003124 _____
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-04-10 14:53 - 2021-03-29 04:43 - 000003554 _____
C:\WINDOWS\system32\Tasks\LenovoUtility Startup
2022-04-10 14:53 - 2021-03-29 04:43 - 000003370 _____
C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2022-04-10 14:53 - 2021-03-29 04:43 - 000003146 _____
C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore
2022-04-10 14:53 - 2021-03-29 04:43 - 000002862 _____
C:\WINDOWS\system32\Tasks\OneDrive Standalone Update
Task-S-1-5-21-2359693894-3551999487-3289365916-1001
2022-04-10 14:53 - 2021-03-29 04:43 - 000002860 _____
C:\WINDOWS\system32\Tasks\OneDrive Standalone Update
Task-S-1-5-21-2359693894-3551999487-3289365916-1002
2022-04-10 14:53 - 2021-03-29 04:43 - 000002858 _____
C:\WINDOWS\system32\Tasks\OneDrive Standalone Update
Task-S-1-5-21-2359693894-3551999487-3289365916-500
2022-04-10 14:53 - 2021-03-29 04:43 - 000002016 _____
C:\WINDOWS\system32\Tasks\Mirkat
2022-04-10 14:53 - 2020-09-27 15:53 - 000003408 _____
C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-04-10 14:53 - 2020-09-27 15:53 - 000003182 _____
C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-04-09 20:48 - 2019-12-07 10:14 - 000000000 ___HD C:\Program
Files\WindowsApps
2022-04-09 20:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-04-09 20:40 - 2021-02-03 02:27 - 000001288 _____
C:\Users\Winger\Desktop\ESET Online Scanner.lnk
2022-04-09 16:08 - 2020-01-10 07:58 - 000000000 ____D
C:\Users\Winger\AppData\Local\Packages
2022-04-07 09:39 - 2021-03-30 19:23 - 000000000 ____D C:\Program Files\Microsoft
Update Health Tools
2022-04-07 09:37 - 2020-04-06 16:09 - 000001016 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-04-06 21:13 - 2021-03-30 19:55 - 000002258 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-04-06 21:13 - 2021-03-30 19:55 - 000002217 _____
C:\Users\Public\Desktop\Google Chrome.lnk
2022-04-05 19:29 - 2020-07-17 19:43 - 000002429 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2022-04-05 19:29 - 2020-07-17 19:43 - 000002388 _____
C:\Users\Public\Desktop\Brave.lnk
2022-03-29 10:11 - 2020-03-29 20:25 - 000000000 ____D
C:\Users\Winger\AppData\Local\Opera Software
2022-03-29 10:10 - 2020-03-29 20:22 - 000000000 ____D
C:\Users\Winger\AppData\Roaming\Opera Software
2022-03-29 09:57 - 2021-03-29 04:39 - 000002397 _____
C:\Users\Winger\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\OneDrive.lnk
2022-03-24 16:49 - 2022-02-14 01:05 - 000855480 _____ (AVG Technologies CZ,
s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2022-03-24 16:49 - 2022-02-14 01:05 - 000552088 _____ (AVG Technologies CZ,
s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2022-03-24 16:49 - 2022-02-14 01:05 - 000546432 _____ (AVG Technologies CZ,
s.r.o.) C:\WINDOWS\system32\Drivers\avgNetHub.sys
2022-03-24 16:49 - 2022-02-14 01:05 - 000370824 _____ (AVG Technologies CZ,
s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2022-03-24 16:49 - 2022-02-14 01:05 - 000318904 _____ (AVG Technologies CZ,
s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2022-03-24 16:49 - 2022-02-14 01:05 - 000269576 _____ (AVG Technologies CZ,
s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2022-03-24 16:49 - 2022-02-14 01:05 - 000253064 _____ (AVG Technologies CZ,
s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2022-03-24 16:49 - 2022-02-14 01:05 - 000229064 _____ (AVG Technologies CZ,
s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2022-03-24 16:49 - 2022-02-14 01:05 - 000109032 _____ (AVG Technologies CZ,
s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2022-03-24 16:49 - 2022-02-14 01:05 - 000100464 _____ (AVG Technologies CZ,
s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2022-03-24 16:49 - 2022-02-14 01:05 - 000084120 _____ (AVG Technologies CZ,
s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2022-03-24 16:49 - 2022-02-14 01:05 - 000042528 _____ (AVG Technologies CZ,
s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2022-03-24 16:49 - 2022-02-14 01:05 - 000036920 _____ (AVG Technologies CZ,
s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys
2022-03-24 16:49 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-03-23 21:13 - 2021-03-30 19:23 - 000601432 _____ (Microsoft Corporation)
C:\WINDOWS\system32\sedplugins.dll
2022-03-23 21:12 - 2021-03-30 19:23 - 000483664 _____ (Microsoft Corporation)
C:\WINDOWS\system32\QualityUpdateAssistant.dll
2022-03-23 16:13 - 2020-09-27 15:54 - 000000000 ____D C:\ProgramData\Packages
2022-03-22 16:00 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-03-19 01:16 - 2020-09-27 15:50 - 000435384 _____
C:\WINDOWS\system32\FNTCACHE.DAT
2022-03-19 01:15 - 2019-12-07 10:14 - 000000000 ___RD
C:\WINDOWS\ImmersiveControlPanel
2022-03-19 01:15 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-03-19 01:15 - 2019-12-07 10:14 - 000000000 ____D
C:\WINDOWS\system32\WinBioPlugIns
2022-03-19 01:15 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-03-19 01:15 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-03-19 01:15 - 2019-12-07 10:14 - 000000000 ____D
C:\WINDOWS\PolicyDefinitions
2022-03-19 01:15 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-03-19 01:15 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2022-03-18 21:15 - 2021-10-07 03:36 - 000025267 _____
C:\Users\Winger\Documents\Addition.txt
2022-03-18 21:15 - 2021-10-07 03:34 - 000028604 _____
C:\Users\Winger\Documents\FRST.txt
2022-03-12 14:53 - 2020-09-27 15:53 - 002877952 _____ (Microsoft Corporation)
C:\WINDOWS\SysWOW64\PrintConfig.dll
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Edited by shake_n_vac, 11 April 2022 - 02:16 PM.
* Back to top
--------------------------------------------------------------------------------
#4 SHAKE_N_VAC
shake_n_vac
* Topic Starter
*
* Members
* 73 posts
* OFFLINE
* Local time:12:46 PM
Posted 11 April 2022 - 02:03 PM
Here is the Addition text.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2022 03
Ran by Winger (11-04-2022 20:13:26)
Running from C:\Users\Winger\Downloads
Microsoft Windows 10 Home Version 21H2 19044.1586 (X64) (2021-03-29 03:43:39)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2359693894-3551999487-3289365916-500 - Administrator -
Disabled)
DefaultAccount (S-1-5-21-2359693894-3551999487-3289365916-503 - Limited -
Disabled)
Guest (S-1-5-21-2359693894-3551999487-3289365916-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2359693894-3551999487-3289365916-504 - Limited -
Disabled)
Winger (S-1-5-21-2359693894-3551999487-3289365916-1001 - Administrator -
Enabled) => C:\Users\Winger
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date)
{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
FW: ZoneAlarm Free Firewall Firewall (Disabled)
{217C3BCF-3FBD-7C30-A427-2D11E16F3BEB}
FW: ZoneAlarm Free Firewall Firewall (Disabled)
{841A2C1E-F526-E32F-8E57-7FBF8B0698E4}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to
unhide them. The adware programs should be uninstalled manually.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.10.16.05 -
Advanced Micro Devices, Inc.)
AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 22.2.3223 - AVG
Technologies)
Branding64 (HKLM\...\{E6D2F9D5-4122-4945-B145-1E791DE4C5CA}) (Version: 1.00.0003
- Advanced Micro Devices, Inc.) Hidden
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 100.1.37.111 - Brave
Software Inc)
CCleaner (HKLM\...\CCleaner) (Version: 5.92 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.75 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2})
(Version: 1.3.101.0 - Google LLC) Hidden
Malwarebytes version 4.5.4.168
(HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.4.168 -
Malwarebytes)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version:
100.0.1185.36 - Microsoft Corporation)
Microsoft OneDrive
(HKU\S-1-5-21-2359693894-3551999487-3289365916-1001\...\OneDriveSetup.exe)
(Version: 22.055.0313.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C})
(Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
(HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 -
Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
(HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 -
Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
(HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 -
Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
(HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 -
Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
(HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 -
Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
(HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 -
Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429
(HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 -
Microsoft Corporation)
Mozilla Firefox (x64 en-GB) (HKLM\...\Mozilla Firefox 99.0 (x64 en-GB))
(Version: 99.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version:
74.0.1 - Mozilla)
OEM Application Profile (HKLM-x32\...\{3DEE814D-F1DB-315D-E627-63B6B600643A})
(Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Revo Uninstaller 2.3.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1)
(Version: 2.3.5 - VS Revo Group, Ltd.)
Update for Windows 10 for x64-based Systems (KB5001716)
(HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft
Corporation)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91})
(Version: 3.2.2110.14001 - Microsoft Corporation)
Packages:
=========
AMD Radeon™ Settings Lite -> C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.59462344778C5_10.19.10006.0_x64__0a9344xs7nr4m
[2020-03-30] (Advanced Micro Devices Inc.)
Dolby Audio -> C:\Program
Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.20402.409.0_x64__rz1tebttyb220
[2020-04-17] (Dolby Laboratories)
Microsoft Advertising SDK for XAML -> C:\Program
Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe
[2020-03-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program
Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe
[2020-03-29] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program
Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe
[2022-03-26] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program
Files\WindowsApps\Microsoft.Todos_2.67.5901.0_x64__8wekyb3d8bbwe [2022-04-09]
(Microsoft Corporation) [Startup Task]
MPEG-2 Video Extension -> C:\Program
Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe
[2021-08-25] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program
Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe
[2021-07-07] (Microsoft Corporation)
Realtek Audio Control -> C:\Program
Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.16.228.0_x64__dt26b99r8h8gj
[2020-12-04] (Realtek Semiconductor Corp)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24}
=> C:\Program Files\AVG\Antivirus\ashShell.dll [2022-03-24] (AVG Technologies
USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers-x32: [00avg] ->
{472083B1-C522-11CF-8763-00608CC02F24} => C:\Program
Files\AVG\Antivirus\ashShell.dll [2022-03-24] (AVG Technologies USA, LLC -> AVG
Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} =>
C:\Program Files\AVG\Antivirus\ashShell.dll [2022-03-24] (AVG Technologies USA,
LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} =>
C:\Program Files\AVG\Antivirus\ashShell.dll [2022-03-24] (AVG Technologies USA,
LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} =>
C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-11-27]
(Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} =>
C:\Program Files\AVG\Antivirus\ashShell.dll [2022-03-24] (AVG Technologies USA,
LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} =>
C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-11-27]
(Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry.
The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService =>
""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService =>
""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-2359693894-3551999487-3289365916-1001\Software\Microsoft\Internet
Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-2359693894-3551999487-3289365916-1001\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-2359693894-3551999487-3289365916-1001\Software\Microsoft\Internet
Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-2359693894-3551999487-3289365916-1001 -> DefaultScope
{B413736D-0AEE-46B3-9186-D0DC8DF3053B} URL =
SearchScopes: HKU\S-1-5-21-2359693894-3551999487-3289365916-1001 ->
{B413736D-0AEE-46B3-9186-D0DC8DF3053B} URL =
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____
C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2359693894-3551999487-3289365916-1001\Control
Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System =>
(ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled:
Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
FirewallRules: [{D2002ADB-0F24-4B65-92A9-9C252B53582C}] => (Allow) C:\Program
Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{281B6E9F-9E0F-4D0A-B133-6C341D9739CF}] => (Allow) C:\Program
Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9F3825FA-CEFA-4E06-BDC6-5813FED7BCE6}] => (Allow) C:\Program
Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe => No File
FirewallRules: [{A0AB30FA-72BE-42F2-BEBD-0D8CE170B50F}] => (Allow) C:\Program
Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe => No File
FirewallRules: [{ABB26515-F0A2-4493-B677-E6A80309E011}] => (Allow) C:\Program
Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe => No File
FirewallRules: [{4E3F6C14-85D8-41CB-BA7F-20F2AFCF6C4F}] => (Allow) C:\Program
Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe => No File
FirewallRules: [{815B423D-058A-4235-B729-004CE10AE0C9}] => (Block) C:\Program
Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ,
s.r.o.)
FirewallRules: [{3FDE7AFE-4392-4766-945F-E6C2BB5F846C}] => (Block) C:\Program
Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ,
s.r.o.)
FirewallRules: [{7E63CB2A-F3AE-432B-8C0D-FCB1E231D732}] => (Block) C:\Program
Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ,
s.r.o.)
FirewallRules: [{0883A979-C73E-4E89-8B36-39926C113DA1}] => (Block) C:\Program
Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ,
s.r.o.)
FirewallRules: [{FD692347-ECDD-4BE8-8089-9B12A476556A}] => (Allow) C:\Program
Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DF1E17EC-3D35-42FB-9F48-3681CDDFFEB4}] => (Allow) C:\Program
Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6F9DB729-F6A8-4F5B-A886-070B05ACFE33}] => (Allow) C:\Program
Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AC7F89A4-D27C-45B3-9457-38D77A95AEC0}] => (Allow) C:\Program
Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1F52C157-5E59-4FCB-A3DB-13AB3D90FB80}] => (Block) C:\Program
Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ,
s.r.o.)
FirewallRules: [{A20FE0DC-EA66-412C-AFC7-B5F8F3DF4891}] => (Block) C:\Program
Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ,
s.r.o.)
FirewallRules: [TCP Query
User{48B2C290-76E4-46C7-B5FA-2062473F7303}C:\users\winger\appdata\local\programs\opera\opera.exe]
=> (Block) C:\users\winger\appdata\local\programs\opera\opera.exe => No File
FirewallRules: [UDP Query
User{F9EFB9B4-1062-415E-9638-9FB280F52952}C:\users\winger\appdata\local\programs\opera\opera.exe]
=> (Block) C:\users\winger\appdata\local\programs\opera\opera.exe => No File
FirewallRules: [{E7EAD3CF-3E05-4043-A9F8-EF7E183E67DE}] => (Allow) C:\Program
Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software,
Inc. -> Brave Software, Inc.)
FirewallRules: [{2657F3C6-5C69-4BDB-91AF-F05FA129DC23}] => (Allow) C:\Program
Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{CBBBF592-7E9E-4F8D-9B27-499BF685600C}] => (Allow) C:\Program
Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe
(Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
19-03-2022 21:24:04 Scheduled Checkpoint
28-03-2022 20:49:20 Scheduled Checkpoint
06-04-2022 16:47:39 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
Name: McAfeeIntegrationDriver Device
Description: McAfeeIntegrationDriver Device
Class Guid: {78a1c341-4539-11d3-b88d-00c04fad5171}
Manufacturer: McAfee
Service: McAfeeIntegrationDriver
Problem: : Windows cannot start this hardware device because its configuration
information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is
a failure opening the service subkey, or if the driver name cannot be obtained
from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the
troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable
driver.
Name:
Description:
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: WireGuard LLC
Service: wintun
Problem: : This device is not working properly because Windows cannot load the
drivers required for this device. (Code 31)
Resolution: Update the driver
Name: McAfeeIntegrationDriver Device
Description: McAfeeIntegrationDriver Device
Class Guid: {78a1c341-4539-11d3-b88d-00c04fad5171}
Manufacturer: McAfee
Service: McAfeeIntegrationDriver
Problem: : Windows cannot start this hardware device because its configuration
information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is
a failure opening the service subkey, or if the driver name cannot be obtained
from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the
troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable
driver.
==================== Event log errors: ========================
Application errors:
==================
Error: (04/11/2022 07:32:49 PM) (Source: Application Error) (EventID: 1000)
(User: )
Description: Faulting application name: mbamtray.exe, version: 4.0.0.1250, time
stamp: 0x62023b8a
Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x603971ce
Exception code: 0xc0000005
Fault offset: 0x0000000000219dc5
Faulting process id: 0xbbc
Faulting application start time: 0x01d84d349fcfbfc3
Faulting application path: C:\Program
Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: cf2a2152-6bf2-4ce9-80e3-395331af1d6c
Faulting package full name:
Faulting package-relative application ID:
Error: (04/11/2022 12:42:19 AM) (Source: CertEnroll) (EventID: 86) (User: NT
AUTHORITY)
Description: SCEP Certificate enrollment initialization for
WORKGROUP\LAPTOP-COA3FH0G$ via
https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep
failed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority
\"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\"
does not exist."}
HTTP/1.1 404 Not Found
Date: Sun, 10 Apr 2022 23:42:19 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 961adf54-cfd5-4c6a-a32a-7873b4f3a01f
Method: GET(516ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (04/09/2022 06:36:22 PM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (1508,G,0) An attempt to open the file
"C:\Users\Winger\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for
read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).
Error: (04/06/2022 12:45:10 AM) (Source: Application Error) (EventID: 1000)
(User: )
Description: Faulting application name: mbamtray.exe, version: 4.0.0.1250, time
stamp: 0x62023b8a
Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x603971ce
Exception code: 0xc0000005
Fault offset: 0x0000000000219dc5
Faulting process id: 0x2288
Faulting application start time: 0x01d848c3e94dd04b
Faulting application path: C:\Program
Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: abaf2409-c2b3-4f17-ae3a-a00d8290ed46
Faulting package full name:
Faulting package-relative application ID:
Error: (03/28/2022 05:07:40 PM) (Source: CertEnroll) (EventID: 86) (User: NT
AUTHORITY)
Description: SCEP Certificate enrollment initialization for
WORKGROUP\LAPTOP-COA3FH0G$ via
https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep
failed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority
\"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\"
does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 28 Mar 2022 16:07:40 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 56674bde-7685-4bbf-af0e-a3e9475da931
Method: GET(375ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (03/22/2022 10:48:14 PM) (Source: Application Error) (EventID: 1000)
(User: )
Description: Faulting application name: mbamtray.exe, version: 4.0.0.1250, time
stamp: 0x62023b8a
Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x603971ce
Exception code: 0xc0000005
Fault offset: 0x0000000000219dc5
Faulting process id: 0x10d4
Faulting application start time: 0x01d83dd1d9936039
Faulting application path: C:\Program
Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 5e79ac52-84b8-463f-b0e9-70c41efef351
Faulting package full name:
Faulting package-relative application ID:
Error: (03/19/2022 11:00:05 AM) (Source: Application Error) (EventID: 1000)
(User: )
Description: Faulting application name: svchost.exe_FrameServer, version:
10.0.19041.1566, time stamp: 0x1f37eb46
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1566, time stamp:
0x0833f2d4
Exception code: 0xc00d4e24
Fault offset: 0x000000000010b362
Faulting process id: 0x2434
Faulting application start time: 0x01d83b77e03fd27e
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: e1ec443b-594a-4014-a8ad-1640213307ec
Faulting package full name:
Faulting package-relative application ID:
Error: (03/19/2022 03:27:52 AM) (Source: Application Error) (EventID: 1000)
(User: )
Description: Faulting application name: svchost.exe_FrameServer, version:
10.0.19041.1566, time stamp: 0x1f37eb46
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1566, time stamp:
0x0833f2d4
Exception code: 0xc00d4e24
Fault offset: 0x000000000010b362
Faulting process id: 0x123c
Faulting application start time: 0x01d83b38c56a9e07
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 46ce5790-2310-4045-a42a-7f8cb6a39b14
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (04/11/2022 06:05:10 PM) (Source: DCOM) (EventID: 10000) (User:
LAPTOP-COA3FH0G)
Description: Unable to start a DCOM Server:
{0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\WINDOWS\system32\DllHost.exe
/Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (04/10/2022 06:01:23 PM) (Source: Service Control Manager) (EventID:
7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (04/10/2022 06:01:23 PM) (Source: Application Popup) (EventID: 1060)
(User: )
Description: \??\C:\Users\Winger\AppData\Local\Temp\ehdrv.sys
Error: (04/10/2022 06:01:23 PM) (Source: Service Control Manager) (EventID:
7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (04/10/2022 06:01:23 PM) (Source: Application Popup) (EventID: 1060)
(User: )
Description: \??\C:\Users\Winger\AppData\Local\Temp\ehdrv.sys
Error: (04/10/2022 06:01:22 PM) (Source: Service Control Manager) (EventID:
7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (04/10/2022 06:01:22 PM) (Source: Application Popup) (EventID: 1060)
(User: )
Description: \??\C:\Users\Winger\AppData\Local\Temp\ehdrv.sys
Error: (04/10/2022 06:01:22 PM) (Source: Service Control Manager) (EventID:
7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Windows Defender:
================
Date: 2021-12-11 23:31:22
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-12-10 22:25:11
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-12-09 23:41:27
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-12-08 21:26:34
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-12-07 22:03:50
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===============
Date: 2022-04-11 19:07:45
Description:
Code Integrity determined that a process
(\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load
\Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not
meet the Windows signing level requirements.
Date: 2022-04-11 18:42:43
Description:
Code Integrity determined that a process
(\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load
\Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not
meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO AMCN25WW(V1.08) 07/25/2019
Motherboard: LENOVO LNVNB161216
Processor: AMD Ryzen 5 3500U with Radeon Vega Mobile Gfx
Percentage of memory in use: 82%
Total physical RAM: 6082.54 MB
Available physical RAM: 1094.48 MB
Total Virtual: 8258.54 MB
Available Virtual: 2164.6 MB
==================== Drives ================================
Drive c: (Windows-SSD) (Fixed) (Total:237.23 GB) (Free:179.68 GB) NTFS
\\?\Volume{0f7fcca0-e3dc-473b-83d1-4ff181b681a1}\ (WINRE_DRV) (Fixed)
(Total:0.98 GB) (Free:0.49 GB) NTFS
\\?\Volume{e97ba6d0-6fd9-47b2-8bba-e29e887d9cc4}\ (SYSTEM_DRV) (Fixed)
(Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 7983F9DA)
Partition: GPT.
==================== End of Addition.txt =======================
Edited by shake_n_vac, 11 April 2022 - 02:17 PM.
* Back to top
--------------------------------------------------------------------------------
#5 NASDAQ
nasdaq
*
* Malware Response Team
* 47,838 posts
* OFFLINE
* Gender:Male
* Location:Montreal, QC. Canada
* Local time:07:46 AM
Posted Yesterday, 07:37 AM
Hi,
Quote
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer =>
> (SmartScreenEnabled: Off)
Read this article and decide you you want to enable this security service.
https://www.howtogeek.com/320711/what-is-smartscreen-and-why-is-it-running-on-my-pc/
===
Nothing suspicious was found in your logs.
This is just some maintenance and recommendations.
Press the Windows key + r on your keyboard at the same time. This will open the
RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
start
Comment: For your security a new restore point will be created.
CreateRestorePoint:
Comment: We need to close all processes to complete the fix.
CloseProcesses:
Comment: Items from the FRST.TXT log that will be removed from the Registry.
HKLM-x32\...\Run: [ZaAntiRansomware] => "C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe" (No File)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {4BE70160-388E-4049-B175-A94AF91B3F65} - System32\Tasks\Mirkat => C:\Users\Winger\AppData\Local\Microsoft\WindowsApps\MirkatService.exe /logon (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
U3 iswSvc; no ImagePath
Comment: Items from the Addition.txt log that will be removed from the Registry.
FirewallRules: [{9F3825FA-CEFA-4E06-BDC6-5813FED7BCE6}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe => No File
FirewallRules: [{A0AB30FA-72BE-42F2-BEBD-0D8CE170B50F}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe => No File
FirewallRules: [{ABB26515-F0A2-4493-B677-E6A80309E011}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe => No File
FirewallRules: [{4E3F6C14-85D8-41CB-BA7F-20F2AFCF6C4F}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe => No File
FirewallRules: [TCP Query User{48B2C290-76E4-46C7-B5FA-2062473F7303}C:\users\winger\appdata\local\programs\opera\opera.exe] => (Block) C:\users\winger\appdata\local\programs\opera\opera.exe => No File
FirewallRules: [UDP Query User{F9EFB9B4-1062-415E-9638-9FB280F52952}C:\users\winger\appdata\local\programs\opera\opera.exe] => (Block) C:\users\winger\appdata\local\programs\opera\opera.exe => No File
Comment: To rebuild the performance counter library values.
CMD: "%WINDIR%\SYSTEM32\lodctr.exe /R"
CMD: "%WINDIR%\SysWOW64\lodctr.exe /R"
CMD: "C:\Windows\SYSTEM32\lodctr.exe /R"
CMD: "C:\Windows\SysWOW64\lodctr.exe /R"
Comment: Use Farbar routine to delete temp files
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
C:\Program Files (x86)\Temp\*.tmp
C:\Users\Winger\AppData\Local\Temp\ehdrv.sys
Comment: The system will restart.
Reboot:
End
Save the file as fixlist.txt in the same folder where the Farbar tool is running
from.
The location is listed in the 3rd line of the Farbar log you have submitted.
Run FRST and click Fix only once and wait.
The tool will create a log (Fixlog.txt) please post it to your reply.
===
Error message.
Quote
> Description: McAfeeIntegrationDriver Device
If McAfee was uninstalled from this computer I suggest you run the Ununstaller
to remove all traces of the program.
Download and run their uninstaller tool from this site.
https://service.mcafee.com/?articleId=TS101331&page=shell&shell=article-view
Restart the computer when the removal is completed.
------
Please post the Fixlog.txt and let me know what problem persists.
* Back to top
--------------------------------------------------------------------------------
#6 SHAKE_N_VAC
shake_n_vac
* Topic Starter
*
* Members
* 73 posts
* OFFLINE
* Local time:12:46 PM
Posted Yesterday, 08:34 AM
This has come as a huge relief, thank you so much.
I will have a think about SmartScreen, the article would seem to suggest that
you think it is a wise idea to use it? Saying that, the only things I download
are policy papers from varios Government websites. But then again in relation
to that, I guess that they could still contain nasty stuff.
I will do the FRST maintenance later if it is okay and post the Fixlog, and
remove the remnants of McAfee.
Thanks again,
Shakey
* Back to top
--------------------------------------------------------------------------------
#7 SHAKE_N_VAC
shake_n_vac
* Topic Starter
*
* Members
* 73 posts
* OFFLINE
* Local time:12:46 PM
Posted Yesterday, 03:40 PM
A daft Q Nasdaq, if I may: a Firefox search (which is defaulted to use Google)
has my location inaccurate. Not a bit, but a few hundred miles away. Earlier
today it had my loaction in my near region, and I haven't switched the router
off or done anything to change the location. Is this anything to be concerned
about?
* Back to top
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Back to Virus, Trojan, Spyware, and Malware Removal Help
*
*
*
*
*
*
*
*
*
*
1 USER(S) ARE READING THIS TOPIC
0 members, 1 guests, 0 anonymous users
Reply to quoted posts Clear
1. BleepingComputer.com
2. → Security
3. → Virus, Trojan, Spyware, and Malware Removal Help
4. Privacy Policy
5. Rules ·
*
* Help
Advertise | About Us | Terms of Use | Privacy Policy | Sitemap
| Chat | RSS Feeds | Contact Us Tech Support Forums | Virus
Removal Guides | Downloads | Tutorials | The Computer Glossary |
Uninstall List | Startups | The File Database
© 2004-2022 All Rights Reserved Bleeping Computer LLC .
Site Changelog
Community Forum Software by IP.Board
SIGN IN
* Use Twitter
* Need an account? Register now!
* Username
* Forum Password
I've forgotten my password
* Remember me
This is not recommended for shared computers
* Sign in anonymously
Don't add me to the active users list
* Privacy Policy