Computer running slow on quite a few sites and start up page where I put in password appears to jump to another page right after page loads up. Would suspect google redirect virus.
Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
Malware suspected
Started by
turniphead
, Apr 13 2024 02:39 PM
19 replies to this topic
#1
turniphead
-
- Members
- 55 posts
- OFFLINE
- Local time:05:30 AM
Back to top
#2
DR_M
-
- Malware Response Team
- 872 posts
- OFFLINE
The Grecian Geek
- Gender:Male
- Local time:07:30 AM
Posted 14 April 2024 - 04:25 AM
Hello.
Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.
If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe
- Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
- Press Scan button and wait for a while.
- The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
- Please attach the content of these two logs in your next reply.
(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)
Count your blessings, remember your prayers...
"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night..
You, only you, will have stars that can laugh."
#3
turniphead
- Topic Starter
-
- Members
- 55 posts
- OFFLINE
- Local time:05:30 AM
Posted 14 April 2024 - 07:17 AM
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.04.2024
Ran by johnj (14-04-2024 13:01:05)
Running from C:\Users\johnj\AppData\Local\Temp\MicrosoftEdgeDownloads\12122976-3912-44b8-9855-06d8ecb04e3f
Microsoft Windows 11 Home Version 23H2 22631.3447 (X64) (2023-08-16 09:32:33)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1124472054-2262804997-3086618912-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1124472054-2262804997-3086618912-503 - Limited - Disabled)
Guest (S-1-5-21-1124472054-2262804997-3086618912-501 - Limited - Disabled)
johnj (S-1-5-21-1124472054-2262804997-3086618912-1001 - Administrator - Enabled) => C:\Users\johnj
WDAGUtilityAccount (S-1-5-21-1124472054-2262804997-3086618912-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 123.1.64.122 - Brave Software Inc)
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{4B612F58-6BA7-4095-A1C4-058C884269C5}) (Version: 28.1.1328.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{72B7E704-74EF-4BBF-BC8B-EF318E1DA1CE}) (Version: 28.1.1328.0 - Hewlett-Packard Co.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Microsoft .NET Host - 7.0.18 (x64) (HKLM\...\{8B68385D-2790-41EE-8D7C-3B82B4DF2E78}) (Version: 56.72.12030 - Microsoft Corporation) Hidden
Microsoft .NET Host - 7.0.18 (x86) (HKLM-x32\...\{389F17A6-E821-4C30-AD19-6C6F9A295808}) (Version: 56.72.12030 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.18 (x64) (HKLM\...\{97B1AA87-A6DA-474C-B607-7627F2D7B98A}) (Version: 56.72.12030 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.18 (x86) (HKLM-x32\...\{3E6B2806-21EF-4D42-85B6-96E043850F51}) (Version: 56.72.12030 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.18 (x64) (HKLM\...\{2BC88C2F-92B5-4BB0-B40E-EC88F0EEA057}) (Version: 56.72.12030 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.18 (x64) (HKLM-x32\...\{0ed9785f-3726-4782-b5f9-6e7190a21b2f}) (Version: 7.0.18.33519 - Microsoft Corporation)
Microsoft .NET Runtime - 7.0.18 (x86) (HKLM-x32\...\{5CE21DDB-895C-43B1-BAC6-61E65884FFB2}) (Version: 56.72.12030 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.18 (x86) (HKLM-x32\...\{f72ca416-c5ac-484c-b349-c1e72cf561f1}) (Version: 7.0.18.33519 - Microsoft Corporation)
Microsoft 365 - en-gb (HKLM\...\O365HomePremRetail - en-gb) (Version: 16.0.17425.20146 - Microsoft Corporation)
Microsoft ASP.NET Core 7.0.18 - Shared Framework (x64) (HKLM-x32\...\{18b6ac9e-c37f-4b56-825e-e8ccb5430cbb}) (Version: 7.0.18.24169 - Microsoft Corporation)
Microsoft ASP.NET Core 7.0.18 - Shared Framework (x86) (HKLM-x32\...\{7f65fae2-11ca-4610-8e43-a7897d8c6bf6}) (Version: 7.0.18.24169 - Microsoft Corporation)
Microsoft ASP.NET Core 7.0.18 Shared Framework (x64) (HKLM\...\{D9DA4FA8-A5C9-39A5-A6BE-7FD7CBEB4FB6}) (Version: 7.0.18.24169 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 7.0.18 Shared Framework (x86) (HKLM-x32\...\{80344068-0B48-3E92-B17B-4FB97857397D}) (Version: 7.0.18.24169 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 123.0.2420.97 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 123.0.2420.81 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1124472054-2262804997-3086618912-1001\...\OneDriveSetup.exe) (Version: 24.055.0317.0002 - Microsoft Corporation)
Microsoft OneNote - en-gb (HKLM\...\OneNoteFreeRetail - en-gb) (Version: 16.0.17425.20146 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30139 (HKLM-x32\...\{2c673fb6-3e65-4751-965d-33d30b68a8a6}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30139 (HKLM\...\{7F4A9F52-173F-4B0D-B1EA-269C32EDA827}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30139 (HKLM\...\{A6D3F752-BF11-4D7C-B19C-F6F96A35CF50}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.18 (x64) (HKLM\...\{F91C5C9A-FDEF-44D0-88D8-40113345FAA7}) (Version: 56.72.12035 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.18 (x64) (HKLM-x32\...\{9926fb6d-a007-472d-b0dc-38d7e8c475e0}) (Version: 7.0.18.33520 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 7.0.18 (x86) (HKLM-x32\...\{76BE2305-940F-4B0D-9B46-6F4EEEF8B17D}) (Version: 56.72.12035 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.18 (x86) (HKLM-x32\...\{909f452d-77d0-4433-91a8-e6d5c5e40ede}) (Version: 7.0.18.33520 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
Surfshark (HKLM-x32\...\{4B6BA141-7ABC-4E0F-AF6D-A984E7C97253}) (Version: 5.6.3999 - Surfshark) Hidden
Surfshark (HKLM-x32\...\Surfshark 5.6.3999) (Version: 5.6.3999 - Surfshark)
Zoom (HKU\S-1-5-21-1124472054-2262804997-3086618912-1001\...\ZoomUMX) (Version: 5.17.11 (34827) - Zoom Video Communications, Inc.)
Packages:
=========
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5435.0_x64__8j3eq9eme6ctt [2024-04-11] (INTEL CORP) [Startup Task]
Cool File Viewer -> C:\Program Files\WindowsApps\20815shootingapp.AirFileViewer_1.5.7.0_x86__xcg28tkrsnqww [2023-11-09] (Cool File Viewer)
Dev Home -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1200.442.0_x64__8wekyb3d8bbwe [2024-03-20] (Microsoft Corporation)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_23.4.23.0_x64__xbfy0k16fey96 [2024-02-06] (Dropbox Inc.)
HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.47.308.0_x64__v10z8vjag6ke6 [2024-04-11] (HP Inc.)
HP Enhanced Lighting -> C:\Program Files\WindowsApps\AD2F1837.HPEnhance_1.3.5.0_x64__v10z8vjag6ke6 [2024-02-04] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_2.5.1.0_x64__v10z8vjag6ke6 [2024-03-29] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.3.7.0_x64__v10z8vjag6ke6 [2023-08-18] (HP Inc.)
HP QuickDrop -> C:\Program Files\WindowsApps\AD2F1837.HPQuickDrop_2.5.10921.0_x64__v10z8vjag6ke6 [2023-08-16] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_152.1.1099.0_x64__v10z8vjag6ke6 [2024-03-06] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.34.32.0_x64__v10z8vjag6ke6 [2024-04-09] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.4.11.0_x64__v10z8vjag6ke6 [2024-02-07] (HP Inc.)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2403.21002.0_x64__8wekyb3d8bbwe [2024-04-11] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-15] (Microsoft Corp.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.21110.548.0_x64__8wekyb3d8bbwe [2024-03-06] (Microsoft Corporation)
Microsoft.AV1VideoExtension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-08-18] (Microsoft Corporation)
Microsoft.Windows.Ai.Copilot.Provider -> C:\Program Files\WindowsApps\Microsoft.Windows.Ai.Copilot.Provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-03-29] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-03-13] (Microsoft Corporation)
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24031.69.0_x64__cw5n1h2txyewy [2024-04-09] (Microsoft Windows) [Startup Task]
myHP -> C:\Program Files\WindowsApps\AD2F1837.myHP_31.52412.288.0_x64__v10z8vjag6ke6 [2024-04-06] (HP Inc.) [Startup Task]
sMedio True DVD for HP -> C:\Program Files\WindowsApps\0E3921EB.sMedioTrueDVDforHP_1.1.156.0_x64__agwrg61xdd7p4 [2024-03-27] (sMedio Inc.)
Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.3899848563C1F_1.0.137.0_x64__kx24dqmazqk8j [2024-03-27] (Random Salad Games LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0 [2024-04-11] (Spotify AB) [Startup Task]
Trio Office: DOCX & XLSX Editor -> C:\Program Files\WindowsApps\64343GTDocStudio.OfficeDocOpener_3.3.7.0_x86__3h5nez1g3qt2c [2024-01-25] (GT Office PDF Studio)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2414.8.0_x64__cv1g1gvanyjgm [2024-04-13] (WhatsApp Inc.) [Startup Task]
Windows Feature Experience Pack -> C:\windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-03-13] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1124472054-2262804997-3086618912-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> "C:\Program Files\NordVPN\NordVPN.exe" -ToastActivated => No File
ContextMenuHandlers1: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\x64\shellex.dll -> No File
ContextMenuHandlers2: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\x64\shellex.dll -> No File
ContextMenuHandlers4: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\x64\shellex.dll -> No File
ContextMenuHandlers6: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\x64\shellex.dll -> No File
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\johnj\AppData\Local\Microsoft\Edge\User Data\Default\Pinned Sites\MSEdge._pin_imdajkchfeodnfnpihejhejdgo\Amazon.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --pin-url=hxxps://www.amazon.co.uk/ --profile-directory=Default
ShortcutWithArgument: C:\Users\johnj\AppData\Local\Microsoft\Edge\User Data\Default\Pinned Sites\MSEdge._pin_fdlpcnpjbdlbokopiklgmlboef\BT.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --pin-url=hxxps://www.bt.com/ --profile-directory=Default
ShortcutWithArgument: C:\Users\johnj\AppData\Local\Microsoft\Edge\User Data\Default\Pinned Sites\MSEdge._pin_adnlfjpnmiaohpidplnoimahfh\YouTube.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --pin-url=hxxps://www.youtube.com/ --profile-directory=Default
ShortcutWithArgument: C:\Users\johnj\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\BT.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --pin-url=hxxps://www.bt.com/ --profile-directory=Default
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com.lnk -> C:\Program Files (x86)\Online Services\Amazon\WizLink.exe () -> hxxp://www.amazon.com/gp/ubp/oneButton/config/redirectHome?tagbase=hpga1-ubpl&ref=aagateway-taskbar-hp
==================== Loaded Modules (Whitelisted) =============
2023-05-19 21:29 - 2023-05-19 21:29 - 001250304 _____ () [File not signed] C:\Program Files (x86)\Surfshark\e_sqlite3.DLL
2024-04-04 12:37 - 2024-04-04 12:37 - 000214528 _____ () [File not signed] C:\Program Files (x86)\Surfshark\Resources\x32\Surfshark.Firewall.dll
2024-04-04 13:30 - 2024-04-04 13:30 - 002850816 _____ () [File not signed] C:\Program Files (x86)\Surfshark\SurfsharkWireGuard\tunnel.dll
2020-12-06 03:39 - 2020-12-06 03:39 - 000194048 _____ (Chris Patterson;Dru Sellers;Travis Smith) [File not signed] [File is in use] C:\Program Files (x86)\Surfshark\Topshelf.dll
2024-04-11 09:11 - 2024-04-11 09:11 - 000431616 _____ (HP Inc.) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\LauncherSDK\c7c3f9bfdf012d4158514dd5c47171d0\LauncherSDK.ni.dll
2024-04-11 09:11 - 2024-04-11 09:11 - 000037888 _____ (HP Inc.) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\Logging\981d0020e47687911d5c614cba329bf1\Logging.ni.dll
2024-04-11 09:11 - 2024-04-11 09:11 - 000152576 _____ (HP Inc.) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\RpcClient\e141927122dd3d5a56fdd4dcc6daf0fd\RpcClient.ni.dll
2024-04-11 09:11 - 2024-04-11 09:11 - 000118272 _____ (HP Inc.) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\WMISDK\62185b4056e5b7d4e29c3c5c602b34ed\WMISDK.ni.dll
2023-03-25 16:28 - 2023-03-25 16:28 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2023-03-25 16:28 - 2023-03-25 16:28 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2024-04-11 09:11 - 2024-04-11 09:11 - 003863040 _____ (Newtonsoft) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\Newtonsoft.Json\f31aa80771f5cae5c9c98560e9873d1b\Newtonsoft.Json.ni.dll
2023-05-19 21:36 - 2023-05-19 21:36 - 000005120 _____ (SourceGear) [File not signed] [File is in use] C:\Program Files (x86)\Surfshark\SQLitePCLRaw.batteries_v2.dll
2023-05-19 21:34 - 2023-05-19 21:34 - 000050688 _____ (SourceGear) [File not signed] [File is in use] C:\Program Files (x86)\Surfshark\SQLitePCLRaw.core.dll
2023-05-19 21:34 - 2023-05-19 21:34 - 000036352 _____ (SourceGear) [File not signed] [File is in use] C:\Program Files (x86)\Surfshark\SQLitePCLRaw.provider.e_sqlite3.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2024-03-25] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2024-03-25] (HP Inc. -> HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2022-05-07 06:24 - 2022-05-07 06:22 - 000000824 _____ C:\windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1124472054-2262804997-3086618912-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\johnj\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 162.252.172.57 - 149.154.159.92
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "ExpressVPNNotificationService"
HKU\S-1-5-21-1124472054-2262804997-3086618912-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{F202A3AD-B8D6-4390-853E-78BC5EDF7E14}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{469CE811-5CE2-4CE5-A338-A13D69CD6001}] => (Allow) C:\Users\johnj\AppData\Local\Temp\7zS06C7\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{D5E4BBFD-1BF0-4543-BED1-8C5764B644BC}] => (Allow) C:\Users\johnj\AppData\Local\Temp\7zS06C7\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{6C0E26FA-27D9-4D5D-8486-FDC7360616B6}] => (Allow) C:\Users\johnj\AppData\Local\Temp\7zS59DA\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{9D0B987E-6668-45EF-BE04-D819FD3A70BC}] => (Allow) C:\Users\johnj\AppData\Local\Temp\7zS59DA\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{6485FAC3-28D2-4F10-8B36-DF4D234E4F70}] => (Allow) C:\hp\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{A2E33DF6-8A2F-4BC1-8F3B-FDC2DACF929B}] => (Allow) C:\hp\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{1A3A6212-2E54-4283-A5BD-F710CA30839B}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe (HP Inc. -> Hewlett-Packard Co.)
FirewallRules: [{EAB421B0-EE7B-4D63-84A4-101C30D0A679}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe (HP Inc. -> Hewlett-Packard Co.)
FirewallRules: [{9B8D3E77-1BED-4F82-B81B-82CDBBEDB792}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> Hewlett-Packard Co.)
FirewallRules: [TCP Query User{C5A66EB9-CC52-4369-B365-223A7A673F6A}C:\users\johnj\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\johnj\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{320E6BE9-66E1-407E-B5FD-AEEED27BA1E2}C:\users\johnj\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\johnj\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{C50771D2-7CD0-4A96-B3B6-102B77806529}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2312.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{D9F487C5-090E-4578-86B0-04CCD5A4404E}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2312.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{C22BE4A5-A9A2-4EC9-BE41-69B7A6A06B83}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2312.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{E02F3DC4-AC89-4966-BF39-C52F8FD93E71}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2312.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{C3727828-704D-489D-88A7-A08797555F4A}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2312.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{BC069220-0034-40D8-B3CB-CCA948A5C82D}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2312.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{A5B83411-C528-48D1-847B-A958EA6DBBC1}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2312.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{EEBC2158-4014-479B-AA85-9901FA962A46}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2312.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{A7CB7566-0428-444D-B9F8-94BC7E12CD14}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2312.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{C70F59DA-E39F-4228-B823-B839E47BE82A}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2312.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{904B731A-B9CB-443D-B941-1C72731D41E6}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2312.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{A88FA738-AE92-4E04-A0D1-2A80C4DED0FE}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2312.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{3B90BC06-7676-4912-AF07-22DF3E1BFEA8}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2312.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{3117CDA2-1507-4069-B9A0-2804B6E3C5F1}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2312.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{93DE4C9F-4358-4DB4-8420-025C7C2CC54B}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2312.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\OmenCommandCenterBackground.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{146BA073-64F5-4072-A5F8-DEADCDA27ECA}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2312.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\OmenCommandCenterBackground.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{DB653862-29C7-40E2-9BD4-D34298E0BD21}] => (Allow) C:\Users\johnj\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{981A80ED-2CE7-44E6-917D-FF903D6C9648}] => (Allow) C:\Users\johnj\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{CBB36E5E-6A1A-40E4-95F4-3C832E10B7B2}] => (Allow) C:\Users\johnj\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{57B30C91-D143-4C81-BAB0-3CF77B99CD5E}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24060.3102.2733.5911_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E43415F0-944E-461D-89D6-00A27FE0902F}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24060.3102.2733.5911_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{273D3EBB-466B-4CFB-81FB-12E64312C6F5}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{825B6C45-B074-430B-946C-B050BA061137}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{2BCD1AFB-8D43-44E9-86D2-3FB4F32B4B9A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CB88F48D-25AB-4921-A6D7-1B11EDDBCF5A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{764E88F7-3559-4942-827F-455E546DFBBB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{19E550F4-3535-46B5-9100-EBA21922AFEA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{804296EC-0A76-4274-BBAC-49778BA5DD68}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E19FD3D9-9957-4406-9F11-3CE320BDCBAD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{EB82B035-6D84-4EAF-AD2C-A48F1EF64B16}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{858FE703-6E7C-47AF-B43B-729AF43FDB41}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{6D8076D9-A616-4647-A6C2-7A7D83112A7E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{30B0F08E-8826-4C80-A2E9-B8F17F8F0014}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
==================== Restore Points =========================
05-04-2024 05:00:09 Windows Update
09-04-2024 05:44:42 Windows Update
10-04-2024 07:31:35 Installed Surfshark
13-04-2024 23:50:04 Windows Update
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (04/13/2024 11:39:29 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x305; CorrelationId: {B6EEBD84-F9A8-4BCD-A1E7-0C6948269DBE}
Error: (04/06/2024 03:21:06 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x305; CorrelationId: {2D6B8423-83FA-45D4-B46F-B187FBF7FFE8}
Error: (03/29/2024 04:48:44 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x305; CorrelationId: {8E38150B-2DE8-4FAA-BB92-FCD958EF8118}
Error: (03/19/2024 04:56:02 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: JOHNPC)
Description: Application or service 'Microsoft Office SDX Helper' could not be shut down.
Error: (02/16/2024 03:50:55 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: JOHNPC)
Description: Application or service 'Microsoft Office SDX Helper' could not be shut down.
Error: (02/03/2024 09:18:21 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: JOHNPC)
Description: Application or service 'Microsoft Office SDX Helper' could not be shut down.
Error: (01/09/2024 10:55:57 PM) (Source: Application Error) (EventID: 1000) (User: JOHNPC)
Description: Faulting application name: Civ3Conquests.exe, version: 1.22.0.0, time stamp: 0x40fec9ab
Faulting module name: apphelp.dll, version: 10.0.22621.2506, time stamp: 0xe206b5ff
Exception code: 0xc0000005
Fault offset: 0x0007204b
Faulting process ID: 0x0x3824
Faulting application start time: 0x0x1da43463795c0cb
Faulting application path: C:\Program Files (x86)\Firaxis Games\Civilization III Complete\Conquests\Civ3Conquests.exe
Faulting module path: C:\windows\SYSTEM32\apphelp.dll
Report ID: 7c6477c5-ab9f-48e2-9724-f0b17de0df65
Faulting package full name:
Faulting package-relative application ID:
Error: (01/08/2024 11:50:21 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: JOHNPC)
Description: Application or service 'Microsoft Office SDX Helper' could not be shut down.
System errors:
=============
Error: (04/14/2024 11:08:27 AM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.
Error: (04/14/2024 11:08:27 AM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.
Error: (04/13/2024 09:47:17 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
Error: (04/13/2024 09:47:10 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
Error: (04/13/2024 08:09:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Comm Recover service failed to start due to the following error:
The system cannot find the file specified.
Error: (04/13/2024 07:36:46 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.
Error: (04/13/2024 07:36:46 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.
Error: (04/13/2024 06:26:09 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.
Windows Defender:
================
Date: 2024-04-13 11:30:55
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-04-12 10:29:09
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-04-11 08:57:55
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-04-09 05:34:07
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-04-08 05:11:22
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
Date: 2023-12-12 21:08:59
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.383.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
CodeIntegrity:
===============
Date: 2023-12-10 16:06:39
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\360\Total Security\safemon\WscReg.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\360\Total Security\360Base.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-12-10 15:58:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\x64\com_antivirus.dll that did not meet the Windows signing level requirements.
Date: 2023-11-30 09:26:53
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_bf17c8caffe277b3\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: AMI F.21 10/23/2023
Motherboard: HP 8B3C
Processor: 13th Gen Intel® Core™ i7-13700
Percentage of memory in use: 47%
Total physical RAM: 16068.49 MB
Available physical RAM: 8491.13 MB
Total Virtual: 17092.49 MB
Available Virtual: 8937.47 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:952.97 GB) (Free:881.95 GB) (Model: WD PC SN560 SDDPNQE-1T00-1006) NTFS
Drive d: (DISK1) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS
\\?\Volume{a52f56b1-0158-4287-be01-789df3f97b15}\ (Windows RE tools) (Fixed) (Total:0.62 GB) (Free:0.06 GB) NTFS
\\?\Volume{47c5d4f7-3d05-483a-b8f4-d92bb0dbf9d5}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.15 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 953.9 GB) (Disk ID: ECFB7EDF)
Partition: GPT.
==================== End of Addition.txt =======================
#4
DR_M
-
- Malware Response Team
- 872 posts
- OFFLINE
The Grecian Geek
- Gender:Male
- Local time:07:30 AM
Posted 14 April 2024 - 08:15 AM
Hello.
I'll need the FRST.txt too. It is in the same location the Addition.txt is located:
Running from C:\Users\johnj\AppData\Local\Temp\MicrosoftEdgeDownloads\12122976-3912-44b8-9855-06d8ecb04e3f
After that, please move the FRST tool directly on to your Desktop.
Count your blessings, remember your prayers...
"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night..
You, only you, will have stars that can laugh."
#5
turniphead
- Topic Starter
-
- Members
- 55 posts
- OFFLINE
- Local time:05:30 AM
Posted 14 April 2024 - 08:59 AM
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.04.2024
Ran by johnj (administrator) on JOHNPC (HP HP Slim Desktop S01-pF3xxx) (14-04-2024 14:56:58)
Running from C:\Users\johnj\Downloads\FRST64.exe
Loaded Profiles: johnj
Platform: Microsoft Windows 11 Home Version 23H2 22631.3447 (X64) Language: English (United Kingdom)
Default browser: Brave
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler64.exe
(C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.4.11.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityBackground.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.4.11.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.450.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe <6>
(DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6666c94b7ce92349\x64\NetworkCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6666c94b7ce92349\x64\BridgeCommunication.exe
(ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.4.11.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityBackground.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <16>
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(explorer.exe ->) (Surfshark B.V. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(SECOMN64.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOCL64.exe
(services.exe ->) (HON HAI PRECISION INDUSTRY CO.LTD. -> ) C:\Program Files\FanControlApp\FanControlApp.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_c3ef1d31421e9aea\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6666c94b7ce92349\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6666c94b7ce92349\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6666c94b7ce92349\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6666c94b7ce92349\x64\SysInfoCap.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_07bea76bdbdaf3eb\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_bf17c8caffe277b3\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9d3a92437ffb40b7\RtkAudUService64.exe <2>
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(services.exe ->) (Surfshark B.V. -> Surfshark.Service) C:\Program Files (x86)\Surfshark\Surfshark.Service.exe
(services.exe ->) (Surfshark B.V. -> Surfshark.WireguardService) C:\Program Files (x86)\Surfshark\SurfsharkWireGuard\Surfshark.WireguardService.exe
(sihost.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPEnhance_1.3.5.0_x64__v10z8vjag6ke6\Win32\HPEnhancedLighting.Bg.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2414.8.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.450.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1124472054-2262804997-3086618912-1001\...\Run: [MicrosoftEdgeAutoLaunch_6CE76428EA3C9E9A74BD2BD3FBB38B0B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4063800 2024-04-12] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1124472054-2262804997-3086618912-1001\...\Run: [Surfshark] => C:\Program Files (x86)\Surfshark\Surfshark.exe [238688 2024-04-04] (Surfshark B.V. -> Surfshark)
HKU\S-1-5-21-1124472054-2262804997-3086618912-1001\...\MountPoints2: {b9599b80-3c17-11ee-966b-806e6f6e6963} - "D:\AUTORUN.EXE"
HKLM\...\Print\Monitors\HP 9311 Status Monitor: C:\windows\system32\hpinksts9311LM.dll [332176 2012-09-12] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Deskjet 3050 J610 series): C:\windows\system32\HPDiscoPM9311.dll [741536 2021-12-06] (HP Inc. -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\123.1.64.122\Installer\chrmstp.exe [2024-04-11] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\Users\johnj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050 J610 series.lnk [2024-04-14]
ShortcutAndArgument: Monitor Ink Alerts - HP Deskjet 3050 J610 series.lnk -> C:\windows\system32\RunDll32.exe => "C:\Program Files\HP\HP Deskjet 3050 J610 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN08C1N31J05HX;CONNECTION=USB;MONITOR=1;
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {65AF9A7A-195B-4FEC-8B0B-8A524147BE58} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{647AFD34-8EAC-42C4-82A0-7E81AF9097E9} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [175424 2023-10-25] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {62AFED80-8A3D-463E-A711-8E058B479C0E} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{CA4382C3-7344-4E0A-A526-6EE82D6FDF53} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [175424 2023-10-25] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {2B5275F6-8221-4AFB-9993-47EA137A21A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [703536 2024-03-25] (HP Inc. -> HP Inc.) -> C:\Program Files (x86)\HP\HP Support Framework\\/show
Task: {68FCBB9C-C930-46D9-BF98-4A2E1753A7A3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2024-03-25] (HP Inc. -> HP Inc.)
Task: {5CE91250-09A3-4BB9-9723-CF2D5E5A594B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161744 2024-03-25] (HP Inc. -> HP Inc.)
Task: {27135F97-E25F-45C1-B51F-8B71F5B9C8A5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161744 2024-03-25] (HP Inc. -> HP Inc.)
Task: {B1393E4D-F84B-4DB5-A2A0-3B5A96D59598} - System32\Tasks\HP\Consent Manager Launcher => C:\windows\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> start hptouchpointanalyticsservice
Task: {9C4A133C-7109-4309-BC5B-32AB62D02AA8} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64464 2024-03-06] (HP Inc. -> HP Inc.)
Task: {D87EEC41-236F-4405-9B76-BFF2D07CF0C6} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64464 2024-03-06] (HP Inc. -> HP Inc.)
Task: {E9015B24-1028-498E-92CC-26F32CF713BA} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [4119200 2021-12-06] (HP Inc. -> Hewlett-Packard Co.)
Task: {F9852331-C7CA-44FF-91C9-E24A0401D46C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452976 2024-03-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {0F73B580-509D-47F7-841B-D171FE41A9E6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452976 2024-03-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {5DFF5C30-F45C-471C-A780-4A31114DDDDA} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309696 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {3EA638BE-2B1F-4811-840A-5361913AB4DA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309696 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {081D44CE-DA7E-47D5-94A5-70AE7DC948BE} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [168488 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {ABE38438-D46B-4894-8BAA-7B3BD50BBFD9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8E5F153C-9431-49AF-854D-B3E1D5FC1F0C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3D8F649C-BD86-4F94-AB57-63A82BB08050} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0E865F76-7B11-402E-BBAC-2DE9DBA75C36} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {12A36806-7BD2-45CD-B875-0EECEB4C83BC} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-1124472054-2262804997-3086618912-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\windows\System32\wpninprc.dll [65536 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {2858795D-E5D9-4619-8EB7-EB22F1ACC11F} - System32\Tasks\RtkAudUService64_BG => C:\windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9d3a92437ffb40b7\RtkAudUService64.exe [1994024 2023-12-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{82c12371-ec02-4c6d-8114-752ea049bae6}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{82c12371-ec02-4c6d-8114-752ea049bae6}: [DhcpDomain] home
Tcpip\..\Interfaces\{8d69708d-ddec-a599-bb02-0475a5d2150e}: [NameServer] 162.252.172.57,149.154.159.92
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\johnj\AppData\Local\Microsoft\Edge\User Data\Default [2024-04-14]
Edge Notifications: Default -> hxxps://www.chess.com
Edge HomePage: Default -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
Edge Extension: (Google Docs Offline) - C:\Users\johnj\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-26]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\johnj\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2024-04-03]
Edge Extension: (WOT Website Security & Privacy Protection) - C:\Users\johnj\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iiclaphjclecagpkkaacljnpcppnoibi [2023-08-16]
Edge Extension: (Channel Blocker) - C:\Users\johnj\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmeeefhmapfgbcogfhcfghkpobdacfic [2024-03-16]
Edge Extension: (Edge relevant text changes) - C:\Users\johnj\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
Edge Extension: (Coupert - Automatic Coupon Finder & Cashback) - C:\Users\johnj\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pefhciejnkgdgoahgfeklebcbpmhnhhd [2024-04-08]
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Brave:
=======
BRA Profile: C:\Users\johnj\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2024-04-14]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block First Party Filters (plaintext))) - C:\Users\johnj\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2024-04-14]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\johnj\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2024-04-14]
BRA Extension: (Brave NTP background images) - C:\Users\johnj\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2024-02-01]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\johnj\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2024-04-14]
BRA Extension: (Wallet Data Files Updater) - C:\Users\johnj\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2024-01-22]
BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\johnj\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2024-04-14]
BRA Extension: (Brave Ads Resources) - C:\Users\johnj\AppData\Local\BraveSoftware\Brave-Browser\User Data\cmdlemldhabgmejfognbhdejendfeikd [2024-02-28]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\johnj\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2024-03-31]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\johnj\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2024-03-09]
BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\johnj\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2023-10-25]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block Updater (plaintext))) - C:\Users\johnj\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2024-04-14]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\johnj\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2024-01-25]
BRA Extension: (Brave NTP sponsored images) - C:\Users\johnj\AppData\Local\BraveSoftware\Brave-Browser\User Data\mjpbonbjgpinifgnneajcbigekbpfige [2024-04-14]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\johnj\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2023-10-25]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [175424 2023-10-25] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveElevationService; C:\Program Files\BraveSoftware\Brave-Browser\Application\123.1.64.122\elevation_service.exe [2671128 2024-04-11] (Brave Software, Inc. -> Brave Software, Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [175424 2023-10-25] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14221312 2024-03-29] (Microsoft Corporation -> Microsoft Corporation)
R2 HPAppHelperCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6666c94b7ce92349\x64\AppHelperCap.exe [895536 2024-03-04] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6666c94b7ce92349\x64\DiagsCap.exe [894400 2024-03-04] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6666c94b7ce92349\x64\NetworkCap.exe [890928 2024-03-04] (HP Inc. -> HP Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [234968 2024-03-06] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6666c94b7ce92349\x64\SysInfoCap.exe [894912 2024-03-04] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_c3ef1d31421e9aea\x64\TouchpointAnalyticsClientService.exe [493216 2024-03-03] (HP Inc. -> HP Inc.)
R2 ID19 HP Fan Control Service; C:\Program Files\FanControlApp\FanControlApp.exe [283168 2020-04-29] (HON HAI PRECISION INDUSTRY CO.LTD. -> )
S2 Intel® Platform License Manager Service; C:\windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_45efd8a6478e15ce\lib\PlatformLicenseManagerService.exe [746984 2023-02-08] (Intel Corporation -> Intel® Corporation)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe [1459968 2024-04-03] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Surfshark Service; C:\Program Files (x86)\Surfshark\Surfshark.Service.exe [130656 2024-04-04] (Surfshark B.V. -> Surfshark.Service)
R3 Surfshark WireGuard; C:\Program Files (x86)\Surfshark\SurfsharkWireGuard\Surfshark.WireGuardService.exe [131168 2024-04-04] (Surfshark B.V. -> Surfshark.WireguardService)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-04-03] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-04-03] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 HP Comm Recover; "C:\Program Files\HPCommRecovery\HPCommRecovery.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AcxHdAudio; C:\windows\System32\drivers\AcxHdAudio.sys [561152 2023-11-15] (Microsoft Windows -> Microsoft Corporation)
S3 BthA2dp; C:\windows\System32\drivers\BthA2dp.sys [532480 2023-03-26] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\windows\System32\drivers\bthhfenum.sys [184320 2023-03-26] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\windows\System32\drivers\bthmodem.sys [106496 2023-03-26] (Microsoft Corporation) [File not signed]
R0 fse; C:\windows\System32\drivers\fse.sys [218592 2023-11-15] (Microsoft Windows -> Microsoft Corporation)
R3 HPCustomCapDriver; C:\windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [26648 2022-06-24] (HP Inc. -> HP Inc.)
R3 IntelGNA; C:\windows\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88760 2023-02-23] (Intel Corporation -> Intel Corporation)
R3 MpKslddbcfc69; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5DA36A6C-FC2B-4020-A736-B40119891746}\MpKslDrv.sys [301336 2024-04-14] (Microsoft Windows -> Microsoft Corporation)
R3 ovpn-dco; C:\windows\System32\drivers\ovpn-dco.sys [91560 2023-08-14] (WDKTestCert lev,132435948852968539 -> OpenVPN, Inc)
S3 rtcx21; C:\windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_516e5c9b75c49dc2\rtcx21x64.sys [539648 2022-05-06] (Microsoft Windows -> Realtek)
S3 SurfsharkBypasser; C:\windows\System32\drivers\SurfsharkBypasser.sys [130904 2024-03-29] (WDKTestCert simasbakus,133455488182636482 -> Surfshark)
S3 tapnordvpn; C:\windows\System32\drivers\tapnordvpn.sys [49744 2023-10-10] (nordvpn s.a. -> The OpenVPN Project)
S3 vmbusproxy; C:\windows\system32\drivers\vmbusproxy.sys [94208 2023-11-15] (Microsoft Windows -> )
R0 WdBoot; C:\windows\System32\drivers\wd\WdBoot.sys [20936 2024-04-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\windows\System32\drivers\wd\WdFilter.sys [601376 2024-04-03] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [105760 2024-04-03] (Microsoft Windows -> Microsoft Corporation)
R3 WireGuard; C:\windows\System32\drivers\wireguard.sys [489368 2023-11-05] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-04-14 14:56 - 2024-04-14 14:57 - 000024875 _____ C:\Users\johnj\Downloads\FRST.txt
2024-04-14 14:54 - 2024-04-14 14:54 - 000001166 _____ C:\Users\johnj\Desktop\FRST64 - Shortcut.lnk
2024-04-14 14:53 - 2024-04-14 14:53 - 002394112 _____ (Farbar) C:\Users\johnj\Downloads\FRST64.exe
2024-04-14 12:59 - 2024-04-14 14:57 - 000000000 ____D C:\FRST
2024-04-14 11:08 - 2024-04-14 11:08 - 000004040 _____ C:\windows\system32\Tasks\PostponeDeviceSetupToast_S-1-5-21-1124472054-2262804997-3086618912-1001_1
2024-04-11 15:19 - 2024-04-11 15:19 - 000005036 _____ C:\Users\johnj\Documents\sub personalities.txt
2024-04-11 15:14 - 2024-04-11 15:14 - 000000000 ____D C:\Users\johnj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2024-04-11 11:02 - 2024-04-11 11:02 - 000004502 _____ C:\Users\johnj\Documents\SAR debt.txt
2024-04-10 14:44 - 2024-04-10 14:44 - 000000000 ____D C:\windows\SysWOW64\DDFs
2024-04-10 07:56 - 2024-04-10 07:56 - 000024320 _____ C:\windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-04-10 07:56 - 2024-04-10 07:56 - 000024320 _____ C:\windows\system32\IntegratedServicesRegionPolicySet.json
2024-04-10 07:53 - 2024-04-10 07:55 - 000000000 ___HD C:\$WinREAgent
2024-04-10 07:32 - 2024-04-10 07:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Surfshark
2024-04-04 04:39 - 2024-04-04 04:39 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-03-29 13:50 - 2024-03-29 13:50 - 000130904 _____ (Surfshark) C:\windows\system32\Drivers\SurfsharkBypasser.sys
2024-03-27 19:36 - 2024-04-10 07:32 - 000001025 _____ C:\Users\Public\Desktop\Surfshark.lnk
2024-03-24 20:03 - 2024-03-24 20:03 - 000000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-04-14 14:56 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-04-14 14:48 - 2022-05-07 06:24 - 000000000 ____D C:\windows\SystemTemp
2024-04-14 14:43 - 2023-11-18 02:31 - 000000000 ____D C:\Users\johnj\AppData\Roaming\Surfshark
2024-04-14 11:07 - 2022-11-03 05:32 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-04-14 11:07 - 2022-11-03 05:32 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-04-14 11:07 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-04-14 11:07 - 2022-05-07 06:24 - 000000000 ____D C:\windows\AppReadiness
2024-04-13 20:15 - 2022-11-03 05:39 - 000864586 _____ C:\windows\system32\PerfStringBackup.INI
2024-04-13 20:15 - 2022-05-07 06:22 - 000000000 ____D C:\windows\INF
2024-04-13 20:09 - 2023-03-25 16:19 - 000001623 _____ C:\windows\system32\config\VSMIDK
2024-04-13 20:09 - 2022-11-03 05:32 - 000012288 ___SH C:\DumpStack.log.tmp
2024-04-13 20:09 - 2022-11-03 05:32 - 000000006 ____H C:\windows\Tasks\SA.DAT
2024-04-13 20:09 - 2022-05-07 06:17 - 000524288 _____ C:\windows\system32\config\BBI
2024-04-13 19:31 - 2022-11-03 05:32 - 000000000 ____D C:\windows\system32\SleepStudy
2024-04-12 14:10 - 2023-11-18 02:32 - 000000000 ____D C:\ProgramData\Surfshark
2024-04-11 18:49 - 2023-10-25 22:19 - 000002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2024-04-11 18:49 - 2023-10-25 22:19 - 000002330 _____ C:\Users\Public\Desktop\Brave.lnk
2024-04-11 15:14 - 2023-09-15 12:25 - 000001938 _____ C:\Users\johnj\Desktop\Zoom.lnk
2024-04-11 15:14 - 2023-09-13 07:56 - 000000000 ____D C:\Users\johnj\AppData\Roaming\Zoom
2024-04-11 09:02 - 2023-03-25 16:44 - 000003366 _____ C:\windows\system32\Tasks\RtkAudUService64_BG
2024-04-10 15:00 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-04-10 14:44 - 2023-10-11 07:50 - 000000000 ____D C:\windows\system32\Microsoft-Edge-WebView
2024-04-10 14:44 - 2023-03-26 00:40 - 000000000 ____D C:\windows\HoloShell
2024-04-10 14:44 - 2022-11-03 05:32 - 000592264 _____ C:\windows\system32\FNTCACHE.DAT
2024-04-10 14:44 - 2022-05-07 06:24 - 000000000 ___RD C:\windows\ImmersiveControlPanel
2024-04-10 14:44 - 2022-05-07 06:24 - 000000000 ____D C:\windows\SysWOW64\WinMetadata
2024-04-10 14:44 - 2022-05-07 06:24 - 000000000 ____D C:\windows\SystemResources
2024-04-10 14:44 - 2022-05-07 06:24 - 000000000 ____D C:\windows\system32\WinMetadata
2024-04-10 14:44 - 2022-05-07 06:24 - 000000000 ____D C:\windows\system32\ShellExperiences
2024-04-10 14:44 - 2022-05-07 06:24 - 000000000 ____D C:\windows\system32\Sgrm
2024-04-10 14:44 - 2022-05-07 06:24 - 000000000 ____D C:\windows\system32\SecureBootUpdates
2024-04-10 14:44 - 2022-05-07 06:24 - 000000000 ____D C:\windows\system32\oobe
2024-04-10 14:44 - 2022-05-07 06:24 - 000000000 ____D C:\windows\system32\HealthAttestationClient
2024-04-10 14:44 - 2022-05-07 06:24 - 000000000 ____D C:\windows\system32\DDFs
2024-04-10 14:44 - 2022-05-07 06:24 - 000000000 ____D C:\windows\ShellComponents
2024-04-10 14:44 - 2022-05-07 06:24 - 000000000 ____D C:\windows\Provisioning
2024-04-10 14:44 - 2022-05-07 06:24 - 000000000 ____D C:\windows\bcastdvr
2024-04-10 09:22 - 2023-08-16 16:18 - 000000000 ____D C:\windows\system32\MRT
2024-04-10 09:21 - 2023-08-16 16:18 - 192651728 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2024-04-10 07:57 - 2022-05-07 06:17 - 000000000 ____D C:\windows\CbsTemp
2024-04-10 07:56 - 2022-11-03 05:34 - 003213824 _____ (Microsoft Corporation) C:\windows\SysWOW64\PrintConfig.dll
2024-04-10 07:53 - 2023-08-24 20:05 - 000000000 ____D C:\ProgramData\Package Cache
2024-04-10 07:52 - 2023-11-18 02:32 - 000000000 ____D C:\Program Files\dotnet
2024-04-10 07:52 - 2023-11-18 02:31 - 000000000 ____D C:\Program Files (x86)\dotnet
2024-04-10 07:32 - 2023-12-07 10:38 - 000000000 ____D C:\Program Files (x86)\Surfshark
2024-04-10 07:30 - 2023-08-16 11:19 - 000000000 ____D C:\windows\system32\Tasks\Hewlett-Packard
2024-04-09 05:26 - 2023-08-16 11:04 - 000003592 _____ C:\windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1124472054-2262804997-3086618912-1001
2024-04-09 05:26 - 2023-08-16 11:04 - 000003362 _____ C:\windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1124472054-2262804997-3086618912-1001
2024-04-09 05:26 - 2023-08-16 11:04 - 000002390 _____ C:\Users\johnj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-04-08 15:43 - 2023-10-25 22:19 - 000003812 _____ C:\windows\system32\Tasks\BraveSoftwareUpdateTaskMachineUA{CA4382C3-7344-4E0A-A526-6EE82D6FDF53}
2024-04-08 15:43 - 2023-10-25 22:19 - 000003688 _____ C:\windows\system32\Tasks\BraveSoftwareUpdateTaskMachineCore{647AFD34-8EAC-42C4-82A0-7E81AF9097E9}
2024-04-07 14:19 - 2023-08-16 11:02 - 000000000 ____D C:\Users\johnj\AppData\Local\D3DSCache
2024-04-06 15:21 - 2023-08-16 10:46 - 000000000 ____D C:\Users\johnj\AppData\Local\Packages
2024-04-04 14:34 - 2022-11-03 05:32 - 000003536 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-04-04 14:34 - 2022-11-03 05:32 - 000003412 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-04-04 04:40 - 2023-03-25 16:27 - 000000000 ____D C:\Program Files\Microsoft Office
2024-04-04 04:40 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-04-03 02:02 - 2022-11-03 05:32 - 000000000 ____D C:\windows\system32\Drivers\wd
2024-03-29 04:48 - 2023-08-17 16:05 - 000000000 ____D C:\Users\johnj\AppData\Roaming\Microsoft\Word
2024-03-28 08:11 - 2022-05-07 06:24 - 000000000 ____D C:\windows\system32\SecurityHealth
2024-03-16 15:31 - 2023-03-25 16:43 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2024-03-16 13:37 - 2023-03-25 16:26 - 000000000 ____D C:\ProgramData\HP
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
#6
DR_M
-
- Malware Response Team
- 872 posts
- OFFLINE
The Grecian Geek
- Gender:Male
- Local time:07:30 AM
Posted 14 April 2024 - 09:17 AM
Thanks for the logs.
I'll ask you again these 2 things:
1. Move the FRST tool directly on to your Desktop.
2. It is easier for me to review the logs if you attach them instead of copy/paste them. As I explained to you in my first post above:
(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)
Please have the above in mind for your next reply.
=======================
Since we are ready to begin the process...
Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:
1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!
2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.
3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.
4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.
6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
========================
I'm currently reviewing your logs and be back to you as soon as I am ready.
Count your blessings, remember your prayers...
"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night..
You, only you, will have stars that can laugh."
#7
DR_M
-
- Malware Response Team
- 872 posts
- OFFLINE
The Grecian Geek
- Gender:Male
- Local time:07:30 AM
Posted 14 April 2024 - 09:54 AM
Hello, again.
1. Brave extensions
Do you need these Brave extensions?
BRA Extension: (Brave Ads Resources)
BRA Extension: (Brave NTP sponsored images)
If not, remove them.
2. FRST fix
Please do the following to run a FRST fix.
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
- Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-1124472054-2262804997-3086618912-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> "C:\Program Files\NordVPN\NordVPN.exe" -ToastActivated => No File
ContextMenuHandlers1: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\x64\shellex.dll -> No File
ContextMenuHandlers2: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\x64\shellex.dll -> No File
ContextMenuHandlers4: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\x64\shellex.dll -> No File
ContexHKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
tMenuHandlers6: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\x64\shellex.dll -> No File
FirewallRules: [{469CE811-5CE2-4CE5-A338-A13D69CD6001}] => (Allow) C:\Users\johnj\AppData\Local\Temp\7zS06C7\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{D5E4BBFD-1BF0-4543-BED1-8C5764B644BC}] => (Allow) C:\Users\johnj\AppData\Local\Temp\7zS06C7\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{6C0E26FA-27D9-4D5D-8486-FDC7360616B6}] => (Allow) C:\Users\johnj\AppData\Local\Temp\7zS59DA\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{9D0B987E-6668-45EF-BE04-D819FD3A70BC}] => (Allow) C:\Users\johnj\AppData\Local\Temp\7zS59DA\HPDiagnosticCoreUI.exe => No File
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1124472054-2262804997-3086618912-1001\...\MountPoints2: {b9599b80-3c17-11ee-966b-806e6f6e6963} - "D:\AUTORUN.EXE"
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
EmptyTemp:
End::
- Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt on your Desktop.
- Post the log in your next reply.
3. Explain your issue
I'll need more details about the issue you are dealing with. In your initial post, you said only a few things and I need more, so I can assist you more effectively.
In your next reply please post:
- A reply about the Brave extensions
- The fixlog.txt
- Explain your issues in more detail
Count your blessings, remember your prayers...
"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night..
You, only you, will have stars that can laugh."
#8
turniphead
- Topic Starter
-
- Members
- 55 posts
- OFFLINE
- Local time:05:30 AM
Posted 14 April 2024 - 05:08 PM
Fix result of Farbar Recovery Scan Tool (x64) Version: 10.04.2024
Ran by johnj (14-04-2024 23:04:34) Run:1
Running from C:\Users\johnj\Downloads
Loaded Profiles: johnj
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-1124472054-2262804997-3086618912-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> "C:\Program Files\NordVPN\NordVPN.exe" -ToastActivated => No File
ContextMenuHandlers1: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\x64\shellex.dll -> No File
ContextMenuHandlers2: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\x64\shellex.dll -> No File
ContextMenuHandlers4: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\x64\shellex.dll -> No File
ContexHKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
tMenuHandlers6: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\x64\shellex.dll -> No File
FirewallRules: [{469CE811-5CE2-4CE5-A338-A13D69CD6001}] => (Allow) C:\Users\johnj\AppData\Local\Temp\7zS06C7\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{D5E4BBFD-1BF0-4543-BED1-8C5764B644BC}] => (Allow) C:\Users\johnj\AppData\Local\Temp\7zS06C7\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{6C0E26FA-27D9-4D5D-8486-FDC7360616B6}] => (Allow) C:\Users\johnj\AppData\Local\Temp\7zS59DA\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{9D0B987E-6668-45EF-BE04-D819FD3A70BC}] => (Allow) C:\Users\johnj\AppData\Local\Temp\7zS59DA\HPDiagnosticCoreUI.exe => No File
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1124472054-2262804997-3086618912-1001\...\MountPoints2: {b9599b80-3c17-11ee-966b-806e6f6e6963} - "D:\AUTORUN.EXE"
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
EmptyTemp:
End::
*****************
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1124472054-2262804997-3086618912-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Kaspersky Free 21.15 => removed successfully
HKLM\Software\Classes\CLSID\{AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Kaspersky Free 21.15 => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Kaspersky Free 21.15 => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => removed successfully
tMenuHandlers6: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\x64\shellex.dll -> No File => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{469CE811-5CE2-4CE5-A338-A13D69CD6001}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D5E4BBFD-1BF0-4543-BED1-8C5764B644BC}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6C0E26FA-27D9-4D5D-8486-FDC7360616B6}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9D0B987E-6668-45EF-BE04-D819FD3A70BC}" => not found
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKU\S-1-5-21-1124472054-2262804997-3086618912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9599b80-3c17-11ee-966b-806e6f6e6963} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => removed successfully
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 32970376 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 81757450 B
Edge => 0 B
Brave => 567559019 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 15594 B
systemprofile32 => 15594 B
LocalService => 57998 B
NetworkService => 314814 B
johnj => 73623543 B
RecycleBin => 21867711 B
EmptyTemp: => 743.4 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 23:05:02 ====
#9
turniphead
- Topic Starter
-
- Members
- 55 posts
- OFFLINE
- Local time:05:30 AM
Posted 14 April 2024 - 05:17 PM
Hi,
Have no brace extensions that I can see.
I got sent some things from a person helping me and when it was finished I tried to remove all of them but one could not be deleted. I removed it anyway and about the same time was getting pop ups. I was phoning up Scammers to waste their time as part of a group ( since left) and a few weeks back one website was running slow and then more. The scammer idea was to take them to a point of putting on a software which would give them control of my computer, but since I have no IT skills, I would give them false information.
#10
DR_M
-
- Malware Response Team
- 872 posts
- OFFLINE
The Grecian Geek
- Gender:Male
- Local time:07:30 AM
Posted 15 April 2024 - 08:33 AM
Please, let me see the popups you are getting. Take screenshots when you see them and attach the screenshots in your next reply.
Also...
1. Run Malwarebytes (scan only)
- Download Malwarebytes and save it to your Desktop.
- Once downloaded, close all programs and Windows on your computer.
- Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
- Follow the instructions to install the program.
- When finished, double click the program's icon created on your Desktop.
- Click the little gear on the top right (Settings) and when it opens, click the General tab. Under the title Windows Security Center, make sure the option is disabled.
- Click the Scan and Detections tab and under the Scan options title, enable Scan for rootkits option. Do not change any other option.
- Return to the Dashboard and choose Scan.
- When finished, you will see the Threat Scan Summary window open.
- If threats are not found, click View Report and proceed to the two last steps below.
If threats are found, make sure that all threats are not selected,close the program and proceed to the next steps below.- Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
- Find the report with the most recent date and double click on it.
- Click on Export and then Copy to Clipboard.
- Paste its content here, in your next reply.
2. Run AdwCleaner (scan only)
Download AdwCleaner and save it to your desktop.
- Double click AdwCleaner.exe to run it.
- Click the Scan Now button.
- Once the scan completes, AdwCleaner shows you all detected PUPs and adware. DO NOT check anything found, and click Next.
- If any preinstalled software was detected on your device, a message notifies you that your action is requested. DO NOT check anything, and click Cancel to continue.
- Click the Log Files tab.
- Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
- A Notepad file will open containing the results of the removal.
- Please post the contents of the file in your next reply.
Note: Click Skip Basic Repair if you are asked to.
In your next reply, please post:
- The popup screenshots
- The Malwarebytes report
- The AdwCleaner[S0*].txt
Edited by DR_M, 15 April 2024 - 08:33 AM.
Count your blessings, remember your prayers...
"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night..
You, only you, will have stars that can laugh."
#11
turniphead
- Topic Starter
-
- Members
- 55 posts
- OFFLINE
- Local time:05:30 AM
Posted 15 April 2024 - 04:21 PM
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 4/15/2024
Scan Time: 10:15 PM
Log File: 5609471e-fb6d-11ee-a7b5-7c5758cb6436.json
-Software Information-
Version: 5.1.2.109
Components Version: 1.0.1214
Update Package Version: 1.0.83485
License: Trial
-System Information-
OS: Windows 11 (Build 22631.3447)
CPU: x64
File System: NTFS
User: johnpc\johnj
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 234776
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 35 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
File system: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
#12
turniphead
- Topic Starter
-
- Members
- 55 posts
- OFFLINE
- Local time:05:30 AM
Posted 15 April 2024 - 04:32 PM
# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build: 03-04-2024
# Database: 2024-03-04.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 04-15-2024
# Duration: 00:00:06
# OS: Windows 11 (Build 22631.3447)
# Scanned: 32084
# Detected: 7
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT
Preinstalled.HPTouchpointAnalyticsClient Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}
AdwCleaner[S00].txt - [3129 octets] - [10/12/2023 16:02:30]
AdwCleaner[C00].txt - [3479 octets] - [10/12/2023 16:03:46]
AdwCleaner[S01].txt - [2445 octets] - [16/03/2024 12:36:44]
AdwCleaner[C01].txt - [2724 octets] - [16/03/2024 12:37:19]
AdwCleaner[S02].txt - [2567 octets] - [15/04/2024 22:24:01]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########
#13
turniphead
- Topic Starter
-
- Members
- 55 posts
- OFFLINE
- Local time:05:30 AM
Posted 15 April 2024 - 04:35 PM
No pop up as they came earlier when persons e-mail could not be removed by simply pressing delete but had to be done manually. Then one site started running slow and then a few more. Also had start up page appear to change to a second one which looked the same.
#14
turniphead
- Topic Starter
-
- Members
- 55 posts
- OFFLINE
- Local time:05:30 AM
Posted 18 April 2024 - 07:35 PM
file:///C:/Users/johnj/Documents/amazon.uk.html
#15
turniphead
- Topic Starter
-
- Members
- 55 posts
- OFFLINE
- Local time:05:30 AM
Posted 19 April 2024 - 03:59 PM
file:///C:/Users/johnj/Documents/We're%20sorry.html
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
