www.bleepingcomputer.com
Open in
urlscan Pro
104.20.59.209
Public Scan
Submitted URL: https://www.bleepingcomputer.com/forums/t/770851/what-is-googleadsgdoubleclicknet-and-should-i-be-worried/#entry5345505
Effective URL: https://www.bleepingcomputer.com/forums/t/770851/what-is-googleadsgdoubleclicknet-and-should-i-be-worried/
Submission: On April 13 via api from US — Scanned from DE
Effective URL: https://www.bleepingcomputer.com/forums/t/770851/what-is-googleadsgdoubleclicknet-and-should-i-be-worried/
Submission: On April 13 via api from US — Scanned from DE
Form analysis
3 forms found in the DOMPOST https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=search&fromMainBar=1
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=search&fromMainBar=1" method="post" id="search-box">
<fieldset>
<label for="main_search" class="hide">Search</label>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&search_in=forums" title="Advanced Search" accesskey="4" rel="search" id="adv_search" class="right">Advanced</a>
<span id="search_wrap" class="right">
<input type="text" id="main_search" name="search_term" class="" size="17" tabindex="100" placeholder="Search...">
<span class="choice ipbmenu clickable" id="search_options" style="">This topic</span>
<ul id="search_options_menucontent" class="ipbmenu_content ipsPad" style="display: none; position: absolute; z-index: 9999;">
<li class="title" style="z-index: 10000;"><strong style="z-index: 10000;">Search section:</strong></li>
<li class="special" style="z-index: 10000;">
<label for="s_topic" title="This topic" style="z-index: 10000;">
<input type="radio" name="search_app" value="forums:topic:770851" class="input_radio" id="s_topic" checked="checked" style="z-index: 10000;"><strong style="z-index: 10000;">This topic</strong>
</label>
</li>
<li class="app" style="z-index: 10000;"><label for="s_forums" title="Forums" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_forums" value="forums" style="z-index: 10000;">Forums</label></li>
<li class="app" style="z-index: 10000;"><label for="s_members" title="Members" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_members" value="members" style="z-index: 10000;">Members</label></li>
<li class="app" style="z-index: 10000;"><label for="s_core" title="Help Files" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_core" value="core" style="z-index: 10000;">Help Files</label></li>
<li class="app" style="z-index: 10000;">
<label for="s_calendar" title="Calendar" style="z-index: 10000;">
<input type="radio" name="search_app" class="input_radio" id="s_calendar" value="calendar" style="z-index: 10000;">Calendar </label>
</li>
</ul>
<input aria-label="Search the forum" type="submit" class="submit_input clickable" value="">
</span>
</fieldset>
</form>
POST https://www.bleepingcomputer.com/forums/index.php?
<form id="modform" method="post" action="https://www.bleepingcomputer.com/forums/index.php?">
<input type="hidden" name="app" value="forums">
<input type="hidden" name="module" value="moderate">
<input type="hidden" name="section" value="moderate">
<input type="hidden" name="do" value="postchoice">
<input type="hidden" name="f" value="22">
<input type="hidden" name="t" value="770851">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="hidden" name="st" value="">
<input type="hidden" name="page" value="">
<input type="hidden" value="" name="selectedpidsJS" id="selectedpidsJS">
<input type="hidden" name="tact" id="tact" value="">
</form>
POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=login&do=process
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&do=process" method="post" id="login">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="hidden" name="referer" value="https://www.bleepingcomputer.com/forums/t/770851/what-is-googleadsgdoubleclicknet-and-should-i-be-worried/">
<h3>Sign In</h3>
<div class="ipsBox_notice">
<ul class="ipsList_inline">
<li>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&serviceClick=twitter" class="ipsButton_secondary"><img src="https://www.bleepingcomputer.com/forums/public/style_images/master/loginmethods/twitter.png" alt="Twitter"> Use Twitter</a>
</li>
</ul>
</div>
<br>
<div class="ipsForm ipsForm_horizontal">
<fieldset>
<ul>
<li class="ipsField">
<div class="ipsField_content"> Need an account? <a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=register" title="Register now!">Register now!</a>
</div>
</li>
<li class="ipsField ipsField_primary">
<label for="ips_username" class="ipsField_title">Username</label>
<div class="ipsField_content">
<input id="ips_username" type="text" class="input_text" name="ips_username" size="30" tabindex="0">
</div>
</li>
<li class="ipsField ipsField_primary">
<label for="ips_password" class="ipsField_title">Forum Password</label>
<div class="ipsField_content">
<input id="ips_password" type="password" class="input_text" name="ips_password" size="30" tabindex="0"><br>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=lostpass" title="Retrieve password">I've forgotten my password</a>
</div>
</li>
<li class="ipsField ipsField_checkbox">
<input type="checkbox" id="inline_remember" checked="checked" name="rememberMe" value="1" class="input_check" tabindex="0">
<div class="ipsField_content">
<label for="inline_remember">
<strong>Remember me</strong><br>
<span class="desc lighter">This is not recommended for shared computers</span>
</label>
</div>
</li>
<li class="ipsField ipsField_checkbox">
<input type="checkbox" id="inline_invisible" name="anonymous" value="1" class="input_check" tabindex="0">
<div class="ipsField_content">
<label for="inline_invisible">
<strong>Sign in anonymously</strong><br>
<span class="desc lighter">Don't add me to the active users list</span>
</label>
</div>
</li>
<li class="ipsPad_top ipsForm_center desc ipsType_smaller">
<a rel="nofollow" href="https://www.bleepingcomputer.com/forums/privacypolicy/">Privacy Policy</a>
</li>
</ul>
</fieldset>
<div class="ipsForm_submit ipsForm_center">
<input type="submit" class="ipsButton" value="Sign In" tabindex="0">
</div>
</div>
</form>
Text Content
WE VALUE YOUR PRIVACY We and our partners store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning. You may click to consent to our and our partners’ processing as described above. Alternatively you may access more detailed information and change your preferences before consenting or to refuse consenting. Please note that some processing of your personal data may not require your consent, but you have a right to object to such processing. Your preferences will apply to this website only. You can change your preferences at any time by returning to this site or visit our privacy policy. MORE OPTIONSAGREE * Sign In * Create Account Search Advanced This topic * Search section: * This topic * Forums * Members * Help Files * Calendar * * View New Content * Forum Rules * BleepingComputer.com * Forums * Members * Tutorials * Startup List * Virus Removal * Downloads * Uninstall List * Welcome Guide * More 1. BleepingComputer.com 2. → Security 3. → Virus, Trojan, Spyware, and Malware Removal Help Javascript Disabled Detected You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Click here to Register a free account now! or read our Welcome Guide to learn how to use this site. Latest News: Ethereum dev imprisoned for helping North Korea evade sanctions Featured Deal: Add to your IT skill set with this cybersecurity training super bundle WHAT IS GOOGLEADS.G.DOUBLECLICK.NET AND SHOULD I BE WORRIED? Started by shake_n_vac , Apr 11 2022 01:46 PM * Please log in to reply 6 replies to this topic #1 SHAKE_N_VAC shake_n_vac * * Members * 73 posts * OFFLINE * Local time:12:46 PM Posted 11 April 2022 - 01:46 PM I did a cleanup with CC Cleaner to get rid of cookies. I then did a search using my usual browser, Mozilla (nothing major, just to be nosey to see what car a celeb drives!). I got the options from Google to run through regarding cookies and search optimsation. When I clicked 'continue' a warning came up from from Malwarebytes Browserguard. I then clicked the back button and then the forwards buttin to try to see what the warning said again and it threw me to Google with the search term I had entered - did this bypass the Broswer Guard and am I now infected? I have seen from a cursory search that this can be a nasty infection and so I am panicking. (If it is relevant I did a search on - complete with the spelling mistake! - 'gary linekr car'.) Edited by shake_n_vac, 11 April 2022 - 01:50 PM. * Back to top -------------------------------------------------------------------------------- BC ADBOT (LOGIN TO REMOVE) * * BleepingComputer.com * * Register to remove ads PLAY Top Articles Video Settings Full Screen About Connatix V158743 Read More Read More Read More Read More Read More Read More Ethereum dev imprisoned for helping North Koreaevade sanctions 1/1 Skip Ad Continue watching after the ad Visit Advertiser websiteGO TO PAGE -------------------------------------------------------------------------------- #2 NASDAQ nasdaq * * Malware Response Team * 47,838 posts * OFFLINE * Gender:Male * Location:Montreal, QC. Canada * Local time:07:46 AM Posted 11 April 2022 - 01:54 PM Hello, Welcome to BleepingComputer. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Let's check it out. Download the Farbar Recovery Scan Tool (FRST). Choose the 32 or 64 bit version for your system. and save it to a folder on your computer's Desktop. Ensure that you are in an Administrator Account Double-click to run it. When the tool opens click Yes to disclaimer. Check the boxes as seen here: Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file(s). A 2 Steps process. Reply to this topic. Select the "Choose a File" navigate to the location of the File. Click the file you wish to Attach. <- Step 1. Click Attach this file. <- Step 2. Click the Add reply button. Please post the logs for my review. Let me know what problems persists. Wait for further instructions p.s. The Farbar program is updated often. If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided. You should restore the program from the Quarantine folder. <<<>>> * Back to top -------------------------------------------------------------------------------- #3 SHAKE_N_VAC shake_n_vac * Topic Starter * * Members * 73 posts * OFFLINE * Local time:12:46 PM Posted 11 April 2022 - 02:02 PM Hi Nasdaq. Thanks for the reply! Just for the sake of completeness - I already had FRST downloaded and clicked on it and it updated. But when I selected it again, AVG my antivirus moved it to quarantine but I think (hope!) that will be a false positive. If it is okay I will upload the FRST logs as copy and pasted because I am worried about there being an infection passed on by anything I may upload (which escaped my thinking in the original post, sorry about that). EDIT: I edited because I re-ran the scan as I trid to click on a Quora page to do some reading about whatever this thing is and the same warning popped-up from Malwarebytes Browser Guard so I thought it wise to re-run the scan. Sorry for any inconvenience. Here is the FRST log: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-04-2022 03 Ran by Winger (administrator) on LAPTOP-COA3FH0G (LENOVO 81NC) (11-04-2022 20:12:31) Running from C:\Users\Winger\Downloads Loaded Profiles: Winger Platform: Microsoft Windows 10 Home Version 21H2 19044.1586 (X64) Language: English (United States) Default browser not detected! Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <4> (C:\Program Files\AVG\Antivirus\AVGSvc.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe (DriverStore\FileRepository͡456.inf_amd64_23e88333e0901bd6\B358570\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository͡456.inf_amd64_23e88333e0901bd6\B358570\atieclxx.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <15> (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository͡456.inf_amd64_23e88333e0901bd6\B358570\atiesrxx.exe (services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe (services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe (services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe (services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe (services.exe ->) (Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe <2> (services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe (services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe (services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe (services.exe ->) (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1141536 2020-09-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [190904 2022-03-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [ZaAntiRansomware] => "C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe" (No File) HKU\S-1-5-21-2359693894-3551999487-3289365916-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [36705520 2022-04-07] (Piriform Software Ltd -> Piriform Software Ltd) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\100.0.4896.75\Installer\chrmstp.exe [2022-04-06] (Google LLC -> Google LLC) HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\100.1.37.111\Installer\chrmstp.exe [2022-04-05] (Brave Software, Inc. -> Brave Software, Inc.) HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0773DDCD-1B5D-4661-AE28-8858D6161913} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\392b23cb-753f-4de9-a574-3235548c11d5 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.) Task: {1320A2ED-45DA-4738-B76C-E6DCA7CC6986} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService Task: {19F49244-6FCD-4E91-A527-479427880299} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\60c9f75b-ec08-474b-ac5e-c3b48a27eb3d => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.) Task: {33ABF669-BC7D-41DA-A84E-4904B7B06C82} - System32\Tasks\CCleanerSkipUAC - Winger => C:\Program Files\CCleaner\CCleaner.exe [30836464 2022-04-07] (Piriform Software Ltd -> Piriform Software Ltd) Task: {3FD2071A-BFDB-4E2C-A75B-9366A6EC40F8} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Winger\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-07-29] (ESET, spol. s r.o. -> ESET) Task: {4BE70160-388E-4049-B175-A94AF91B3F65} - System32\Tasks\Mirkat => C:\Users\Winger\AppData\Local\Microsoft\WindowsApps\MirkatService.exe /logon (No File) Task: {4FCB7C83-9CBE-4D44-A204-03F57A8592A9} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.) Task: {502F4AFF-7275-4F50-BD98-0F7EB52549E7} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-04-07] (Piriform Software Ltd -> Piriform) Task: {6D9CB881-C87D-4040-9C84-7E8738A949C3} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [5025720 2022-03-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) Task: {74E47939-096D-4794-8BF3-AC86C446A7D9} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe lenovo-utility:// Task: {8063F307-5180-4686-9C12-7BFC1A8322FE} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {9A396854-19FF-4A43-9C19-43A861CFA1F0} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\bf5b7604-d5bc-4a19-adf8-9b84971fcafa => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.) Task: {9BF1819B-2EE1-4D60-BFEC-796C610B16E5} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32 Task: {A8A5841D-82CA-4931-BE81-B49F609080EA} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-07-17] (Brave Software, Inc. -> BraveSoftware Inc.) Task: {ACE35BED-F8B6-4B83-A3F6-BEEB638A5099} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Winger\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-07-29] (ESET, spol. s r.o. -> ESET) Task: {B66BE657-3D2B-44A5-96B3-A58032FEF0BA} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\a5fea5f2-13e2-45c5-b58a-a4ff24531538 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.) Task: {BE97A3BC-ADA3-4AD5-A8E8-5C603966B113} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5f4a1938-1feb-4b91-9d22-3a41a4ff3a01 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.) Task: {BF300283-33B1-42BC-94C2-60EEDBB05C6E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-03-30] (Google LLC -> Google LLC) Task: {C2CE1CC9-98DD-4041-BA50-F818DD05714C} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.) Task: {D459BE07-57F4-4AAA-B13D-9F52F2679E5E} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-07-17] (Brave Software, Inc. -> BraveSoftware Inc.) Task: {DF561AF1-CFC8-475E-871D-D21ED004C6D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-03-30] (Google LLC -> Google LLC) Task: {EFD334DB-A7AF-4674-B9C1-9F4CB7A33EB2} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2332984 2022-03-08] (AVG Technologies USA, LLC -> AVG Technologies) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{6fe794b9-9dc8-4a48-9501-7d0a8aca6713}: [DhcpNameServer] 192.168.1.1 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION FireFox: ======== FF DefaultProfile: pt6jsytg.default FF ProfilePath: C:\Users\Winger\AppData\Roaming\Mozilla\Firefox\Profiles\pt6jsytg.default [2020-04-25] FF ProfilePath: C:\Users\Winger\AppData\Roaming\Mozilla\Firefox\Profiles\iisptihh.default-release [2022-04-11] FF Extension: (Malwarebytes Browser Guard) - C:\Users\Winger\AppData\Roaming\Mozilla\Firefox\Profiles\iisptihh.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-03-16] FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Winger\AppData\Roaming\Mozilla\Firefox\Profiles\iisptihh.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-11-24] Chrome: ======= CHR Profile: C:\Users\Winger\AppData\Local\Google\Chrome\User Data\Default [2022-04-11] CHR Extension: (Slides) - C:\Users\Winger\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-03-30] CHR Extension: (Docs) - C:\Users\Winger\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-03-30] CHR Extension: (Google Drive) - C:\Users\Winger\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-03-30] CHR Extension: (YouTube) - C:\Users\Winger\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-30] CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Winger\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2021-11-10] CHR Extension: (Sheets) - C:\Users\Winger\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-03-30] CHR Extension: (Google Docs Offline) - C:\Users\Winger\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-10] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Winger\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-10] CHR Extension: (Chrome Web Store Payments) - C:\Users\Winger\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-30] CHR Extension: (Gmail) - C:\Users\Winger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-03-30] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] Opera: ======= OPR Profile: C:\Users\Winger\AppData\Roaming\Opera Software\Opera Stable [2022-04-11] OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding} OPR Extension: (Rich Hints Agent) - C:\Users\Winger\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-03-29] OPR Extension: (Amazon Assistant Promotion) - C:\Users\Winger\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2022-03-29] Brave: ======= BRA Profile: C:\Users\Winger\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-04-11] BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=brave BRA DefaultSearchKeyword: Default -> :d BRA DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list BRA Extension: (Adblock Plus - free ad blocker) - C:\Users\Winger\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-01-12] BRA Extension: (Brave Local Data Files Updater) - C:\Users\Winger\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-04-11] BRA Extension: (Brave NTP background images) - C:\Users\Winger\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-03-10] BRA Extension: (Wallet Data Files Updater) - C:\Users\Winger\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2022-03-09] BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Winger\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-04-11] BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\Winger\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2022-03-25] BRA Extension: (Brave SpeedReader Updater) - C:\Users\Winger\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-03-10] BRA Extension: (Brave NTP sponsored images) - C:\Users\Winger\AppData\Local\BraveSoftware\Brave-Browser\User Data\mjpbonbjgpinifgnneajcbigekbpfige [2022-04-11] BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Winger\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-04-07] StartMenuInternet: Brave - C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [597432 2022-03-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [596920 2022-03-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [8520816 2022-03-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2022-02-14] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-07-17] (Brave Software, Inc. -> BraveSoftware Inc.) S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-07-17] (Brave Software, Inc. -> BraveSoftware Inc.) R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [1646536 2019-05-29] (Dolby Laboratories, Inc. -> ) R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [330720 2018-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.) R2 LITSSVC; C:\WINDOWS\System32\LNBITSSvc.exe [1643688 2019-05-06] (Lenovo -> Lenovo(beijing) Limited) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7997112 2022-02-20] (Malwarebytes Inc -> Malwarebytes) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-27] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-27] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [36920 2022-03-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [229064 2022-03-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [370824 2022-03-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [253064 2022-03-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [100464 2022-03-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [21960 2022-02-14] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.) R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [42528 2022-03-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [269576 2022-03-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [546432 2022-03-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [109032 2022-03-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [84120 2022-03-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [855480 2022-03-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [552088 2022-03-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [216080 2022-03-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [318904 2022-03-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2021-09-15] (Microsoft Corporation) [File not signed] R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [221096 2022-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-11-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-28] (Malwarebytes Inc -> Malwarebytes) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48520 2021-11-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [435424 2021-11-27] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-27] (Microsoft Windows -> Microsoft Corporation) S3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29680 2021-11-28] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC) S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X] U3 iswSvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2022-04-11 19:58 - 2022-04-11 20:12 - 000021295 _____ C:\Users\Winger\Downloads\FRST.txt 2022-04-11 19:57 - 2022-04-11 19:57 - 002365952 _____ (Farbar) C:\Users\Winger\Downloads\FRST64.exe 2022-04-11 00:42 - 2022-04-11 00:42 - 000221096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2022-04-06 09:43 - 2022-04-11 00:42 - 000000000 ____D C:\Program Files\Mozilla Firefox 2022-03-28 17:07 - 2022-03-28 17:07 - 000000000 ____D C:\WINDOWS\system32\gf2engine 2022-03-24 16:49 - 2022-03-24 16:49 - 000337336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe 2022-03-24 16:49 - 2022-03-24 16:49 - 000216080 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys 2022-03-12 14:54 - 2022-03-12 14:54 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll 2022-03-12 14:54 - 2022-03-12 14:54 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe 2022-03-12 14:54 - 2022-03-12 14:54 - 000011911 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2022-03-12 14:53 - 2022-03-12 14:53 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll 2022-03-12 14:53 - 2022-03-12 14:53 - 000272896 _____ C:\WINDOWS\system32\TpmTool.exe 2022-03-12 14:45 - 2022-03-12 14:46 - 000000000 ___HD C:\$WinREAgent ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2022-04-11 20:12 - 2020-12-15 21:32 - 000000000 ____D C:\FRST 2022-04-11 20:12 - 2020-03-29 20:29 - 000000000 ____D C:\Program Files (x86)\Google 2022-04-11 20:00 - 2020-04-27 19:28 - 000026024 _____ C:\Users\Winger\Downloads\Addition.txt 2022-04-11 19:56 - 2021-11-27 21:48 - 000000000 ____D C:\Users\Winger\Documents\FRST-OlderVersion 2022-04-11 19:43 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2022-04-11 19:34 - 2020-04-10 00:46 - 000000000 ____D C:\Program Files\CCleaner 2022-04-11 19:34 - 2020-04-06 16:09 - 000000000 ____D C:\Users\Winger\AppData\LocalLow\Mozilla 2022-04-11 19:06 - 2021-03-29 04:43 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2022-04-11 19:06 - 2020-01-10 07:59 - 000000000 ____D C:\Users\Winger\AppData\Local\D3DSCache 2022-04-11 18:01 - 2020-09-27 15:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2022-04-11 08:32 - 2021-03-29 04:47 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2022-04-11 08:32 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF 2022-04-11 00:42 - 2021-12-12 18:06 - 000000000 ____D C:\ProgramData\AVG 2022-04-11 00:42 - 2020-09-27 15:50 - 000008192 ___SH C:\DumpStack.log.tmp 2022-04-11 00:42 - 2020-09-27 15:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2022-04-11 00:42 - 2020-04-06 16:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2022-04-11 00:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState 2022-04-11 00:42 - 2019-09-05 21:25 - 000000134 _____ C:\WINDOWS\system32\regtest.txt 2022-04-11 00:41 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2022-04-10 17:50 - 2021-07-29 12:20 - 000003862 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn 2022-04-10 17:50 - 2021-07-29 12:20 - 000003420 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime 2022-04-10 17:50 - 2020-09-06 13:25 - 000001394 _____ C:\Users\Winger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk 2022-04-10 14:53 - 2022-02-14 01:06 - 000003250 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update 2022-04-10 14:53 - 2021-12-25 14:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software 2022-04-10 14:53 - 2021-12-11 20:04 - 000003066 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2359693894-3551999487-3289365916-1001 2022-04-10 14:53 - 2021-08-18 19:12 - 000002256 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Winger 2022-04-10 14:53 - 2021-04-13 09:33 - 000003214 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7244d85b3b4d9 2022-04-10 14:53 - 2021-03-30 19:55 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2022-04-10 14:53 - 2021-03-30 19:55 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2022-04-10 14:53 - 2021-03-29 04:43 - 000003554 _____ C:\WINDOWS\system32\Tasks\LenovoUtility Startup 2022-04-10 14:53 - 2021-03-29 04:43 - 000003370 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA 2022-04-10 14:53 - 2021-03-29 04:43 - 000003146 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore 2022-04-10 14:53 - 2021-03-29 04:43 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2359693894-3551999487-3289365916-1001 2022-04-10 14:53 - 2021-03-29 04:43 - 000002860 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2359693894-3551999487-3289365916-1002 2022-04-10 14:53 - 2021-03-29 04:43 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2359693894-3551999487-3289365916-500 2022-04-10 14:53 - 2021-03-29 04:43 - 000002016 _____ C:\WINDOWS\system32\Tasks\Mirkat 2022-04-10 14:53 - 2020-09-27 15:53 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2022-04-10 14:53 - 2020-09-27 15:53 - 000003182 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2022-04-09 20:48 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps 2022-04-09 20:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2022-04-09 20:40 - 2021-02-03 02:27 - 000001288 _____ C:\Users\Winger\Desktop\ESET Online Scanner.lnk 2022-04-09 16:08 - 2020-01-10 07:58 - 000000000 ____D C:\Users\Winger\AppData\Local\Packages 2022-04-07 09:39 - 2021-03-30 19:23 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2022-04-07 09:37 - 2020-04-06 16:09 - 000001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2022-04-06 21:13 - 2021-03-30 19:55 - 000002258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2022-04-06 21:13 - 2021-03-30 19:55 - 000002217 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2022-04-05 19:29 - 2020-07-17 19:43 - 000002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk 2022-04-05 19:29 - 2020-07-17 19:43 - 000002388 _____ C:\Users\Public\Desktop\Brave.lnk 2022-03-29 10:11 - 2020-03-29 20:25 - 000000000 ____D C:\Users\Winger\AppData\Local\Opera Software 2022-03-29 10:10 - 2020-03-29 20:22 - 000000000 ____D C:\Users\Winger\AppData\Roaming\Opera Software 2022-03-29 09:57 - 2021-03-29 04:39 - 000002397 _____ C:\Users\Winger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2022-03-24 16:49 - 2022-02-14 01:05 - 000855480 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys 2022-03-24 16:49 - 2022-02-14 01:05 - 000552088 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys 2022-03-24 16:49 - 2022-02-14 01:05 - 000546432 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetHub.sys 2022-03-24 16:49 - 2022-02-14 01:05 - 000370824 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys 2022-03-24 16:49 - 2022-02-14 01:05 - 000318904 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys 2022-03-24 16:49 - 2022-02-14 01:05 - 000269576 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys 2022-03-24 16:49 - 2022-02-14 01:05 - 000253064 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys 2022-03-24 16:49 - 2022-02-14 01:05 - 000229064 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys 2022-03-24 16:49 - 2022-02-14 01:05 - 000109032 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys 2022-03-24 16:49 - 2022-02-14 01:05 - 000100464 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys 2022-03-24 16:49 - 2022-02-14 01:05 - 000084120 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys 2022-03-24 16:49 - 2022-02-14 01:05 - 000042528 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys 2022-03-24 16:49 - 2022-02-14 01:05 - 000036920 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys 2022-03-24 16:49 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2022-03-23 21:13 - 2021-03-30 19:23 - 000601432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll 2022-03-23 21:12 - 2021-03-30 19:23 - 000483664 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll 2022-03-23 16:13 - 2020-09-27 15:54 - 000000000 ____D C:\ProgramData\Packages 2022-03-22 16:00 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2022-03-19 01:16 - 2020-09-27 15:50 - 000435384 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2022-03-19 01:15 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2022-03-19 01:15 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources 2022-03-19 01:15 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2022-03-19 01:15 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2022-03-19 01:15 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2022-03-19 01:15 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2022-03-19 01:15 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2022-03-19 01:15 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing 2022-03-18 21:15 - 2021-10-07 03:36 - 000025267 _____ C:\Users\Winger\Documents\Addition.txt 2022-03-18 21:15 - 2021-10-07 03:34 - 000028604 _____ C:\Users\Winger\Documents\FRST.txt 2022-03-12 14:53 - 2020-09-27 15:53 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Edited by shake_n_vac, 11 April 2022 - 02:16 PM. * Back to top -------------------------------------------------------------------------------- #4 SHAKE_N_VAC shake_n_vac * Topic Starter * * Members * 73 posts * OFFLINE * Local time:12:46 PM Posted 11 April 2022 - 02:03 PM Here is the Addition text. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2022 03 Ran by Winger (11-04-2022 20:13:26) Running from C:\Users\Winger\Downloads Microsoft Windows 10 Home Version 21H2 19044.1586 (X64) (2021-03-29 03:43:39) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-2359693894-3551999487-3289365916-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2359693894-3551999487-3289365916-503 - Limited - Disabled) Guest (S-1-5-21-2359693894-3551999487-3289365916-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-2359693894-3551999487-3289365916-504 - Limited - Disabled) Winger (S-1-5-21-2359693894-3551999487-3289365916-1001 - Administrator - Enabled) => C:\Users\Winger ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411} FW: ZoneAlarm Free Firewall Firewall (Disabled) {217C3BCF-3FBD-7C30-A427-2D11E16F3BEB} FW: ZoneAlarm Free Firewall Firewall (Disabled) {841A2C1E-F526-E32F-8E57-7FBF8B0698E4} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.10.16.05 - Advanced Micro Devices, Inc.) AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 22.2.3223 - AVG Technologies) Branding64 (HKLM\...\{E6D2F9D5-4122-4945-B145-1E791DE4C5CA}) (Version: 1.00.0003 - Advanced Micro Devices, Inc.) Hidden Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 100.1.37.111 - Brave Software Inc) CCleaner (HKLM\...\CCleaner) (Version: 5.92 - Piriform) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.75 - Google LLC) Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden Malwarebytes version 4.5.4.168 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.4.168 - Malwarebytes) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 100.0.1185.36 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2359693894-3551999487-3289365916-1001\...\OneDriveSetup.exe) (Version: 22.055.0313.0001 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation) Mozilla Firefox (x64 en-GB) (HKLM\...\Mozilla Firefox 99.0 (x64 en-GB)) (Version: 99.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 74.0.1 - Mozilla) OEM Application Profile (HKLM-x32\...\{3DEE814D-F1DB-315D-E627-63B6B600643A}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Revo Uninstaller 2.3.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.3.5 - VS Revo Group, Ltd.) Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation) Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation) Packages: ========= AMD Radeon™ Settings Lite -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.59462344778C5_10.19.10006.0_x64__0a9344xs7nr4m [2020-03-30] (Advanced Micro Devices Inc.) Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.20402.409.0_x64__rz1tebttyb220 [2020-04-17] (Dolby Laboratories) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-03-29] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-03-29] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-03-26] (Microsoft Studios) [MS Ad] Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.67.5901.0_x64__8wekyb3d8bbwe [2022-04-09] (Microsoft Corporation) [Startup Task] MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-25] (Microsoft Corporation) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-07-07] (Microsoft Corporation) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.16.228.0_x64__dt26b99r8h8gj [2020-12-04] (Realtek Semiconductor Corp) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-03-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-03-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-03-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-03-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-11-27] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2022-03-24] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-11-27] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-2359693894-3551999487-3289365916-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE HKU\S-1-5-21-2359693894-3551999487-3289365916-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE HKU\S-1-5-21-2359693894-3551999487-3289365916-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/ SearchScopes: HKU\S-1-5-21-2359693894-3551999487-3289365916-1001 -> DefaultScope {B413736D-0AEE-46B3-9186-D0DC8DF3053B} URL = SearchScopes: HKU\S-1-5-21-2359693894-3551999487-3289365916-1001 -> {B413736D-0AEE-46B3-9186-D0DC8DF3053B} URL = ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2359693894-3551999487-3289365916-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{D2002ADB-0F24-4B65-92A9-9C252B53582C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{281B6E9F-9E0F-4D0A-B133-6C341D9739CF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{9F3825FA-CEFA-4E06-BDC6-5813FED7BCE6}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe => No File FirewallRules: [{A0AB30FA-72BE-42F2-BEBD-0D8CE170B50F}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe => No File FirewallRules: [{ABB26515-F0A2-4493-B677-E6A80309E011}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe => No File FirewallRules: [{4E3F6C14-85D8-41CB-BA7F-20F2AFCF6C4F}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe => No File FirewallRules: [{815B423D-058A-4235-B729-004CE10AE0C9}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) FirewallRules: [{3FDE7AFE-4392-4766-945F-E6C2BB5F846C}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) FirewallRules: [{7E63CB2A-F3AE-432B-8C0D-FCB1E231D732}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) FirewallRules: [{0883A979-C73E-4E89-8B36-39926C113DA1}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) FirewallRules: [{FD692347-ECDD-4BE8-8089-9B12A476556A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{DF1E17EC-3D35-42FB-9F48-3681CDDFFEB4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{6F9DB729-F6A8-4F5B-A886-070B05ACFE33}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{AC7F89A4-D27C-45B3-9457-38D77A95AEC0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{1F52C157-5E59-4FCB-A3DB-13AB3D90FB80}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) FirewallRules: [{A20FE0DC-EA66-412C-AFC7-B5F8F3DF4891}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) FirewallRules: [TCP Query User{48B2C290-76E4-46C7-B5FA-2062473F7303}C:\users\winger\appdata\local\programs\opera\opera.exe] => (Block) C:\users\winger\appdata\local\programs\opera\opera.exe => No File FirewallRules: [UDP Query User{F9EFB9B4-1062-415E-9638-9FB280F52952}C:\users\winger\appdata\local\programs\opera\opera.exe] => (Block) C:\users\winger\appdata\local\programs\opera\opera.exe => No File FirewallRules: [{E7EAD3CF-3E05-4043-A9F8-EF7E183E67DE}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.) FirewallRules: [{2657F3C6-5C69-4BDB-91AF-F05FA129DC23}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{CBBBF592-7E9E-4F8D-9B27-499BF685600C}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Restore Points ========================= 19-03-2022 21:24:04 Scheduled Checkpoint 28-03-2022 20:49:20 Scheduled Checkpoint 06-04-2022 16:47:39 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============ Name: McAfeeIntegrationDriver Device Description: McAfeeIntegrationDriver Device Class Guid: {78a1c341-4539-11d3-b88d-00c04fad5171} Manufacturer: McAfee Service: McAfeeIntegrationDriver Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: Description: Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: WireGuard LLC Service: wintun Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: McAfeeIntegrationDriver Device Description: McAfeeIntegrationDriver Device Class Guid: {78a1c341-4539-11d3-b88d-00c04fad5171} Manufacturer: McAfee Service: McAfeeIntegrationDriver Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. ==================== Event log errors: ======================== Application errors: ================== Error: (04/11/2022 07:32:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamtray.exe, version: 4.0.0.1250, time stamp: 0x62023b8a Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x603971ce Exception code: 0xc0000005 Fault offset: 0x0000000000219dc5 Faulting process id: 0xbbc Faulting application start time: 0x01d84d349fcfbfc3 Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Report Id: cf2a2152-6bf2-4ce9-80e3-395331af1d6c Faulting package full name: Faulting package-relative application ID: Error: (04/11/2022 12:42:19 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-COA3FH0G$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Sun, 10 Apr 2022 23:42:19 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 961adf54-cfd5-4c6a-a32a-7873b4f3a01f Method: GET(516ms) Stage: GetCACaps Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (04/09/2022 06:36:22 PM) (Source: ESENT) (EventID: 489) (User: ) Description: CCleaner64 (1508,G,0) An attempt to open the file "C:\Users\Winger\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (04/06/2022 12:45:10 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamtray.exe, version: 4.0.0.1250, time stamp: 0x62023b8a Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x603971ce Exception code: 0xc0000005 Fault offset: 0x0000000000219dc5 Faulting process id: 0x2288 Faulting application start time: 0x01d848c3e94dd04b Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Report Id: abaf2409-c2b3-4f17-ae3a-a00d8290ed46 Faulting package full name: Faulting package-relative application ID: Error: (03/28/2022 05:07:40 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-COA3FH0G$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Mon, 28 Mar 2022 16:07:40 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 56674bde-7685-4bbf-af0e-a3e9475da931 Method: GET(375ms) Stage: GetCACaps Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (03/22/2022 10:48:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamtray.exe, version: 4.0.0.1250, time stamp: 0x62023b8a Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x603971ce Exception code: 0xc0000005 Fault offset: 0x0000000000219dc5 Faulting process id: 0x10d4 Faulting application start time: 0x01d83dd1d9936039 Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Report Id: 5e79ac52-84b8-463f-b0e9-70c41efef351 Faulting package full name: Faulting package-relative application ID: Error: (03/19/2022 11:00:05 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe_FrameServer, version: 10.0.19041.1566, time stamp: 0x1f37eb46 Faulting module name: KERNELBASE.dll, version: 10.0.19041.1566, time stamp: 0x0833f2d4 Exception code: 0xc00d4e24 Fault offset: 0x000000000010b362 Faulting process id: 0x2434 Faulting application start time: 0x01d83b77e03fd27e Faulting application path: C:\WINDOWS\System32\svchost.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: e1ec443b-594a-4014-a8ad-1640213307ec Faulting package full name: Faulting package-relative application ID: Error: (03/19/2022 03:27:52 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe_FrameServer, version: 10.0.19041.1566, time stamp: 0x1f37eb46 Faulting module name: KERNELBASE.dll, version: 10.0.19041.1566, time stamp: 0x0833f2d4 Exception code: 0xc00d4e24 Fault offset: 0x000000000010b362 Faulting process id: 0x123c Faulting application start time: 0x01d83b38c56a9e07 Faulting application path: C:\WINDOWS\System32\svchost.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 46ce5790-2310-4045-a42a-7f8cb6a39b14 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (04/11/2022 06:05:10 PM) (Source: DCOM) (EventID: 10000) (User: LAPTOP-COA3FH0G) Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error: "2147942767" Happened while starting this command: C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683} Error: (04/10/2022 06:01:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (04/10/2022 06:01:23 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Winger\AppData\Local\Temp\ehdrv.sys Error: (04/10/2022 06:01:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (04/10/2022 06:01:23 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Winger\AppData\Local\Temp\ehdrv.sys Error: (04/10/2022 06:01:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (04/10/2022 06:01:22 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Winger\AppData\Local\Temp\ehdrv.sys Error: (04/10/2022 06:01:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Windows Defender: ================ Date: 2021-12-11 23:31:22 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-12-10 22:25:11 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-12-09 23:41:27 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-12-08 21:26:34 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-12-07 22:03:50 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan CodeIntegrity: =============== Date: 2022-04-11 19:07:45 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2022-04-11 18:42:43 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: LENOVO AMCN25WW(V1.08) 07/25/2019 Motherboard: LENOVO LNVNB161216 Processor: AMD Ryzen 5 3500U with Radeon Vega Mobile Gfx Percentage of memory in use: 82% Total physical RAM: 6082.54 MB Available physical RAM: 1094.48 MB Total Virtual: 8258.54 MB Available Virtual: 2164.6 MB ==================== Drives ================================ Drive c: (Windows-SSD) (Fixed) (Total:237.23 GB) (Free:179.68 GB) NTFS \\?\Volume{0f7fcca0-e3dc-473b-83d1-4ff181b681a1}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.49 GB) NTFS \\?\Volume{e97ba6d0-6fd9-47b2-8bba-e29e887d9cc4}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: 7983F9DA) Partition: GPT. ==================== End of Addition.txt ======================= Edited by shake_n_vac, 11 April 2022 - 02:17 PM. * Back to top -------------------------------------------------------------------------------- #5 NASDAQ nasdaq * * Malware Response Team * 47,838 posts * OFFLINE * Gender:Male * Location:Montreal, QC. Canada * Local time:07:46 AM Posted Yesterday, 07:37 AM Hi, Quote > HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => > (SmartScreenEnabled: Off) Read this article and decide you you want to enable this security service. https://www.howtogeek.com/320711/what-is-smartscreen-and-why-is-it-running-on-my-pc/ === Nothing suspicious was found in your logs. This is just some maintenance and recommendations. Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX. Type Notepad and and click the OK key. Please copy the entire contents of the code box below to the a new file. start Comment: For your security a new restore point will be created. CreateRestorePoint: Comment: We need to close all processes to complete the fix. CloseProcesses: Comment: Items from the FRST.TXT log that will be removed from the Registry. HKLM-x32\...\Run: [ZaAntiRansomware] => "C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe" (No File) HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION Task: {4BE70160-388E-4049-B175-A94AF91B3F65} - System32\Tasks\Mirkat => C:\Users\Winger\AppData\Local\Microsoft\WindowsApps\MirkatService.exe /logon (No File) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X] U3 iswSvc; no ImagePath Comment: Items from the Addition.txt log that will be removed from the Registry. FirewallRules: [{9F3825FA-CEFA-4E06-BDC6-5813FED7BCE6}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe => No File FirewallRules: [{A0AB30FA-72BE-42F2-BEBD-0D8CE170B50F}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe => No File FirewallRules: [{ABB26515-F0A2-4493-B677-E6A80309E011}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe => No File FirewallRules: [{4E3F6C14-85D8-41CB-BA7F-20F2AFCF6C4F}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe => No File FirewallRules: [TCP Query User{48B2C290-76E4-46C7-B5FA-2062473F7303}C:\users\winger\appdata\local\programs\opera\opera.exe] => (Block) C:\users\winger\appdata\local\programs\opera\opera.exe => No File FirewallRules: [UDP Query User{F9EFB9B4-1062-415E-9638-9FB280F52952}C:\users\winger\appdata\local\programs\opera\opera.exe] => (Block) C:\users\winger\appdata\local\programs\opera\opera.exe => No File Comment: To rebuild the performance counter library values. CMD: "%WINDIR%\SYSTEM32\lodctr.exe /R" CMD: "%WINDIR%\SysWOW64\lodctr.exe /R" CMD: "C:\Windows\SYSTEM32\lodctr.exe /R" CMD: "C:\Windows\SysWOW64\lodctr.exe /R" Comment: Use Farbar routine to delete temp files C:\Windows\Temp\*.* C:\WINDOWS\system32\*.tmp C:\WINDOWS\syswow64\*.tmp C:\Program Files (x86)\Temp\*.tmp C:\Users\Winger\AppData\Local\Temp\ehdrv.sys Comment: The system will restart. Reboot: End Save the file as fixlist.txt in the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the Farbar log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. === Error message. Quote > Description: McAfeeIntegrationDriver Device If McAfee was uninstalled from this computer I suggest you run the Ununstaller to remove all traces of the program. Download and run their uninstaller tool from this site. https://service.mcafee.com/?articleId=TS101331&page=shell&shell=article-view Restart the computer when the removal is completed. ------ Please post the Fixlog.txt and let me know what problem persists. * Back to top -------------------------------------------------------------------------------- #6 SHAKE_N_VAC shake_n_vac * Topic Starter * * Members * 73 posts * OFFLINE * Local time:12:46 PM Posted Yesterday, 08:34 AM This has come as a huge relief, thank you so much. I will have a think about SmartScreen, the article would seem to suggest that you think it is a wise idea to use it? Saying that, the only things I download are policy papers from varios Government websites. But then again in relation to that, I guess that they could still contain nasty stuff. I will do the FRST maintenance later if it is okay and post the Fixlog, and remove the remnants of McAfee. Thanks again, Shakey * Back to top -------------------------------------------------------------------------------- #7 SHAKE_N_VAC shake_n_vac * Topic Starter * * Members * 73 posts * OFFLINE * Local time:12:46 PM Posted Yesterday, 03:40 PM A daft Q Nasdaq, if I may: a Firefox search (which is defaulted to use Google) has my location inaccurate. Not a bit, but a few hundred miles away. Earlier today it had my loaction in my near region, and I haven't switched the router off or done anything to change the location. Is this anything to be concerned about? * Back to top -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- Back to Virus, Trojan, Spyware, and Malware Removal Help * * * * * * * * * * 1 USER(S) ARE READING THIS TOPIC 0 members, 1 guests, 0 anonymous users Reply to quoted posts Clear 1. BleepingComputer.com 2. → Security 3. → Virus, Trojan, Spyware, and Malware Removal Help 4. Privacy Policy 5. Rules · * * Help Advertise | About Us | Terms of Use | Privacy Policy | Sitemap | Chat | RSS Feeds | Contact Us Tech Support Forums | Virus Removal Guides | Downloads | Tutorials | The Computer Glossary | Uninstall List | Startups | The File Database © 2004-2022 All Rights Reserved Bleeping Computer LLC . Site Changelog Community Forum Software by IP.Board SIGN IN * Use Twitter * Need an account? Register now! * Username * Forum Password I've forgotten my password * Remember me This is not recommended for shared computers * Sign in anonymously Don't add me to the active users list * Privacy Policy