www.bleepingcomputer.com
Open in
urlscan Pro
104.20.60.209
Public Scan
Submitted URL: https://www.bleepingcomputer.com/forums/t/770533/need-a-scanshipt/#entry5341358
Effective URL: https://www.bleepingcomputer.com/forums/t/770533/need-a-scanshipt/
Submission: On April 04 via api from US — Scanned from DE
Effective URL: https://www.bleepingcomputer.com/forums/t/770533/need-a-scanshipt/
Submission: On April 04 via api from US — Scanned from DE
Form analysis 3 forms found in the DOM
POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=search&fromMainBar=1
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=search&fromMainBar=1" method="post" id="search-box">
<fieldset>
<label for="main_search" class="hide">Search</label>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&search_in=forums" title="Advanced Search" accesskey="4" rel="search" id="adv_search" class="right">Advanced</a>
<span id="search_wrap" class="right">
<input type="text" id="main_search" name="search_term" class="" size="17" tabindex="100" placeholder="Search...">
<span class="choice ipbmenu clickable" id="search_options" style="">This topic</span>
<ul id="search_options_menucontent" class="ipbmenu_content ipsPad" style="display: none; position: absolute; z-index: 9999;">
<li class="title" style="z-index: 10000;"><strong style="z-index: 10000;">Search section:</strong></li>
<li class="special" style="z-index: 10000;">
<label for="s_topic" title="This topic" style="z-index: 10000;">
<input type="radio" name="search_app" value="forums:topic:770533" class="input_radio" id="s_topic" checked="checked" style="z-index: 10000;"><strong style="z-index: 10000;">This topic</strong>
</label>
</li>
<li class="app" style="z-index: 10000;"><label for="s_forums" title="Forums" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_forums" value="forums" style="z-index: 10000;">Forums</label></li>
<li class="app" style="z-index: 10000;"><label for="s_members" title="Members" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_members" value="members" style="z-index: 10000;">Members</label></li>
<li class="app" style="z-index: 10000;"><label for="s_core" title="Help Files" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_core" value="core" style="z-index: 10000;">Help Files</label></li>
<li class="app" style="z-index: 10000;">
<label for="s_calendar" title="Calendar" style="z-index: 10000;">
<input type="radio" name="search_app" class="input_radio" id="s_calendar" value="calendar" style="z-index: 10000;">Calendar </label>
</li>
</ul>
<input aria-label="Search the forum" type="submit" class="submit_input clickable" value="">
</span>
</fieldset>
</form>POST https://www.bleepingcomputer.com/forums/index.php?
<form id="modform" method="post" action="https://www.bleepingcomputer.com/forums/index.php?">
<input type="hidden" name="app" value="forums">
<input type="hidden" name="module" value="moderate">
<input type="hidden" name="section" value="moderate">
<input type="hidden" name="do" value="postchoice">
<input type="hidden" name="f" value="22">
<input type="hidden" name="t" value="770533">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="hidden" name="st" value="">
<input type="hidden" name="page" value="">
<input type="hidden" value="" name="selectedpidsJS" id="selectedpidsJS">
<input type="hidden" name="tact" id="tact" value="">
</form>POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=login&do=process
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&do=process" method="post" id="login">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="hidden" name="referer" value="https://www.bleepingcomputer.com/forums/t/770533/need-a-scanshipt/">
<h3>Sign In</h3>
<div class="ipsBox_notice">
<ul class="ipsList_inline">
<li>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&serviceClick=twitter" class="ipsButton_secondary"><img src="https://www.bleepingcomputer.com/forums/public/style_images/master/loginmethods/twitter.png" alt="Twitter"> Use Twitter</a>
</li>
</ul>
</div>
<br>
<div class="ipsForm ipsForm_horizontal">
<fieldset>
<ul>
<li class="ipsField">
<div class="ipsField_content"> Need an account? <a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=register" title="Register now!">Register now!</a>
</div>
</li>
<li class="ipsField ipsField_primary">
<label for="ips_username" class="ipsField_title">Username</label>
<div class="ipsField_content">
<input id="ips_username" type="text" class="input_text" name="ips_username" size="30" tabindex="0">
</div>
</li>
<li class="ipsField ipsField_primary">
<label for="ips_password" class="ipsField_title">Forum Password</label>
<div class="ipsField_content">
<input id="ips_password" type="password" class="input_text" name="ips_password" size="30" tabindex="0"><br>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=lostpass" title="Retrieve password">I've forgotten my password</a>
</div>
</li>
<li class="ipsField ipsField_checkbox">
<input type="checkbox" id="inline_remember" checked="checked" name="rememberMe" value="1" class="input_check" tabindex="0">
<div class="ipsField_content">
<label for="inline_remember">
<strong>Remember me</strong><br>
<span class="desc lighter">This is not recommended for shared computers</span>
</label>
</div>
</li>
<li class="ipsField ipsField_checkbox">
<input type="checkbox" id="inline_invisible" name="anonymous" value="1" class="input_check" tabindex="0">
<div class="ipsField_content">
<label for="inline_invisible">
<strong>Sign in anonymously</strong><br>
<span class="desc lighter">Don't add me to the active users list</span>
</label>
</div>
</li>
<li class="ipsPad_top ipsForm_center desc ipsType_smaller">
<a rel="nofollow" href="https://www.bleepingcomputer.com/forums/privacypolicy/">Privacy Policy</a>
</li>
</ul>
</fieldset>
<div class="ipsForm_submit ipsForm_center">
<input type="submit" class="ipsButton" value="Sign In" tabindex="0">
</div>
</div>
</form>Text Content
WE VALUE YOUR PRIVACY
We and our partners store and/or access information on a device, such as cookies
and process personal data, such as unique identifiers and standard information
sent by a device for personalised ads and content, ad and content measurement,
and audience insights, as well as to develop and improve products.
With your permission we and our partners may use precise geolocation data and
identification through device scanning. You may click to consent to our and our
partners’ processing as described above. Alternatively you may access more
detailed information and change your preferences before consenting or to refuse
consenting. Please note that some processing of your personal data may not
require your consent, but you have a right to object to such processing. Your
preferences will apply to this website only. You can change your preferences at
any time by returning to this site or visit our privacy policy.
MORE OPTIONSAGREE
* Sign In
* Create Account
Search Advanced This topic
* Search section:
* This topic
* Forums
* Members
* Help Files
* Calendar
*
* View New Content
* Forum Rules
* BleepingComputer.com
* Forums
* Members
* Tutorials
* Startup List
* Virus Removal
* Downloads
* Uninstall List
* Welcome Guide
* More
1. BleepingComputer.com
2. → Security
3. → Virus, Trojan, Spyware, and Malware Removal Help
Javascript Disabled Detected
You currently have javascript disabled. Several functions may not work. Please
re-enable javascript to access full functionality.
Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come
together to discuss and learn how to use their computers. Using the site is easy
and fun. As a guest, you can browse and view the various discussions in the
forums, but can not create a new topic or reply to an existing one unless you
are logged in. Other benefits of registering an account are subscribing to
topics and forums, creating a blog, and having no ads shown anywhere on the
site.
Click here to Register a free account now! or read our Welcome Guide to learn
how to use this site.
Latest News: Fake Trezor data breach emails used to steal cryptocurrency
wallets
Featured Deal: Earn the cybersecurity training you need with this course bundle
NEED A SCAN/SHIPT
Started by lisabreee , Yesterday, 06:34 PM
* Please log in to reply
2 replies to this topic
#1 LISABREEE
lisabreee
*
* Members
* 66 posts
* OFFLINE
* Local time:07:19 AM
Posted Yesterday, 06:35 PM
i had issues with my shipt account. also sometimes i use public wifi. is
something like nordvpn dependable?
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-04-2022
Ran by Owner (administrator) on DESKTOP-3GINQIN (Dell Inc. Latitude E7440)
(03-04-2022 19:28:02)
Running from C:\Users\Owner\Downloads\FRST-OlderVersion
Loaded Profiles: Owner
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1586 (X64) Language:
English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file
will not be moved.)
(ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) C:\Program
Files\DellTPad\ApntEx.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST
Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST
Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe
(C:\Program Files\DellTPad\Apoint.exe ->) (ALPS ALPINE CO., LTD. -> ALPSALPINE
Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(C:\Program Files\DellTPad\Apoint.exe ->) (ALPS ELECTRIC CO., LTD. -> ALPSALPINE
CO., LTD.) C:\Program Files\DellTPad\hidfind.exe
(C:\Program Files\DellTPad\HidMonitorSvc.exe ->) (ALPS ALPINE CO., LTD. ->
ALPSALPINE Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe
->) (Microsoft Windows Publisher -> Microsoft Corporation)
C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2202.4-0\MpCopyAccelerator.exe
(C:\Users\Owner\AppData\Local\Programs\Opera\opera.exe ->) (Opera Software AS ->
Opera Software)
C:\Users\Owner\AppData\Local\Programs\Opera\84.0.4316.42\opera_crashreporter.exe
(explorer.exe ->) (Apple Inc.) C:\Program
Files\WindowsApps\AppleInc.iTunes_12123.5.56009.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(explorer.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files
(x86)\AVAST Software\Browser\Application\AvastBrowser.exe <13>
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation)
C:\Windows\System32\rundll32.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor)
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe <10>
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files
(x86)\Microsoft\Edge\Application\msedge.exe <11>
(Microsoft Windows Publisher -> Microsoft Corporation)
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe
(Opera Software AS -> Opera Software)
C:\Users\Owner\AppData\Local\Programs\Opera\opera.exe <20>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common
Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) C:\Program
Files\DellTPad\HidMonitorSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation)
C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation)
C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ecb9604542bb4ba6\RstMwService.exe
(services.exe ->) (Intel® Wireless Connectivity Solutions -> Intel Corporation)
C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation)
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation)
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor)
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation)
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation)
C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation)
C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to
default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
[8474880 2015-05-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
[1403800 2015-05-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [779152
2019-12-12] (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.)
HKU\S-1-5-21-850940307-2662099542-345136612-1001\...\Run:
[AvastBrowserAutoLaunch_2EF41AAE0EFA048B29BD0C1048B2D149] => C:\Program Files
(x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2724952 2022-03-21]
(Avast Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-850940307-2662099542-345136612-1001\...\Run: [Opera Browser
Assistant] =>
C:\Users\Owner\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
[4105424 2021-10-14] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-850940307-2662099542-345136612-1001\...\Run:
[MicrosoftEdgeAutoLaunch_B5EF8F7A20842FF61C6E8DE6B6A1456E] => "C:\Program Files
(x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
--win-session-start /prefetch:5
HKLM\Software\Microsoft\Active Setup\Installed Components:
[{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files
(x86)\Google\Chrome\Application\100.0.4896.60\Installer\chrmstp.exe [2022-03-31]
(Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components:
[{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST
Software\Browser\Application\99.0.15283.83\Installer\chrmstp.exe [2022-03-31]
(Avast Software s.r.o. -> AVAST Software)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
Task: {174FD3B3-20E6-41FF-A670-64354462EBCE} - System32\Tasks\Opera scheduled
assistant Autoupdate 1582754112 =>
C:\Users\Owner\AppData\Local\Programs\Opera\launcher.exe [2470608 2022-03-16]
(Opera Software AS -> Opera Software) -> --scheduledautoupdate
--component-name=assistant
--component-path="C:\Users\Owner\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {24BBDBAC-9C00-4EE8-82E5-A3BB1B88ED7F} -
System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [155432 2020-01-29] (Google Inc -> Google
LLC)
Task: {2CCFFD85-5EBF-4BD7-A3D2-5D792712DAC5} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled
Scan => C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-12] (Microsoft
Windows Publisher -> Microsoft Corporation)
Task: {33CB8BB5-1598-4446-B9C2-62A15370B497} - System32\Tasks\Opera scheduled
Autoupdate 1582408457 =>
C:\Users\Owner\AppData\Local\Programs\Opera\launcher.exe [2470608 2022-03-16]
(Opera Software AS -> Opera Software)
Task: {36E71ED4-587A-4608-9CBD-47D8D8629F19} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup =>
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe
[979568 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {39A5E745-FD2A-4E29-A83D-1EC39AB6442F} - System32\Tasks\Adobe Acrobat
Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {3EDF23D6-9787-4D36-80D8-6AE1CC13B2DD} -
System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST
Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-26] (Avast
Software s.r.o. -> AVAST Software)
Task: {57FFC957-5F41-4532-B1BE-F56BBFAA7199} - System32\Tasks\RtHDVBg_PushButton
=> C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1403800 2015-05-27] (Realtek
Semiconductor Corp -> Realtek Semiconductor)
Task: {A34CF35D-317F-48A5-8FDC-048E8D175460} - System32\Tasks\Avast Secure
Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST
Software\Browser\Application\AvastBrowser.exe [2724952 2022-03-21] (Avast
Software s.r.o. -> AVAST Software)
Task: {AD093D23-1424-4EA1-B767-53BBAB3D15E6} - System32\Tasks\EOSv3 Scheduler
onLogOn => C:\Users\Owner\Desktop\esetonlinescanner_enu.exe [11697056
2021-05-09] (ESET, spol. s r.o. -> ESET)
Task: {B8FA1942-96A1-479D-916D-0443EB1BCF61} -
System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [155432 2020-01-29] (Google Inc -> Google
LLC)
Task: {BE8C5C3B-ECF4-43BA-800D-8CBFBD958BE6} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache
Maintenance => C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-12] (Microsoft
Windows Publisher -> Microsoft Corporation)
Task: {C1C3DD03-5560-4971-8246-4D0D4246AF42} - System32\Tasks\Avast Secure
Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST
Software\Browser\Application\AvastBrowser.exe [2724952 2022-03-21] (Avast
Software s.r.o. -> AVAST Software)
Task: {CBF65983-7548-44CC-B48B-61CF87F7D4A0} - System32\Tasks\EOSv3 Scheduler
onTime => C:\Users\Owner\Desktop\esetonlinescanner_enu.exe [11697056 2021-05-09]
(ESET, spol. s r.o. -> ESET)
Task: {D7FA2D84-EB6C-45D5-9584-B0E35CC9248C} -
System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST
Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-26] (Avast
Software s.r.o. -> AVAST Software)
Task: {F1809AAD-BD2F-4367-88CB-6D1C6808324E} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification
=> C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe
[979568 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The
file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be
removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 9.9.9.9 8.8.8.8
Tcpip\..\Interfaces\{3d1489f3-1cde-4eae-b4cd-2a3af2d6e0f9}: [DhcpNameServer]
9.9.9.9 8.8.8.8
Tcpip\..\Interfaces\{81cd3285-2bbd-4ba0-8e76-63276511b8aa}: [DhcpNameServer]
192.168.42.129
Edge:
=======
DownloadDir: C:\Users\Owner\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\Owner\AppData\Local\Microsoft\Edge\User Data\Default
[2022-04-03]
Edge DownloadDir: Default -> C:\Users\Owner\Downloads
Edge Extension: (Bitwarden - Free Password Manager) -
C:\Users\Owner\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2022-04-01]
FireFox:
========
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program
Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll
[2021-01-26] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program
Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll
[2021-01-26] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader
DC\Reader\AIR\nppdf32.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-850940307-2662099542-345136612-1001:
@zoom.us/ZoomVideoPlugin ->
C:\Users\Owner\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-22] (Zoom
Video Communications, Inc. -> Zoom Video Communications, Inc.)
Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
[2022-04-03]
CHR Session Restore: Default -> is enabled.
CHR Extension: (Adblock Plus - free ad blocker) -
C:\Users\Owner\AppData\Local\Google\Chrome\User
Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-01-15]
CHR Extension: (Chrome Web Store Payments) -
C:\Users\Owner\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Bitwarden - Free Password Manager) -
C:\Users\Owner\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nngceckbapebfimnlniiiahkandclblb [2022-03-27]
Opera:
=======
OPR Profile: C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable
[2022-04-03]
OPR DefaultSuggestURL: Opera Stable ->
hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Bitwarden - Free Password Manager) -
C:\Users\Owner\AppData\Roaming\Opera Software\Opera
Stable\Extensions\ccnckbpmaceehanjmeomladnmlffdjgn [2022-03-27]
OPR Extension: (Rich Hints Agent) - C:\Users\Owner\AppData\Roaming\Opera
Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-03-11]
OPR Extension: (Popup Blocker (strict)) - C:\Users\Owner\AppData\Roaming\Opera
Software\Opera Stable\Extensions\jabcemjkhjfpkhakphioakkhcnbgeomm [2020-02-22]
OPR Extension: (Amazon Assistant Promotion) -
C:\Users\Owner\AppData\Roaming\Opera Software\Opera
Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-22]
OPR Extension: (Adblock Plus - free ad blocker) -
C:\Users\Owner\AppData\Roaming\Opera Software\Opera
Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2022-01-15]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
[169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [114960
2019-12-12] (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.)
S2 avast; C:\Program Files (x86)\AVAST
Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-26] (Avast
Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST
Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-26] (Avast
Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST
Software\Browser\Application\99.0.15283.83\elevation_service.exe [1876832
2022-03-21] (Avast Software s.r.o. -> AVAST Software)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat
Protection\MsSense.exe [6228008 2022-03-10] (Microsoft Windows Publisher ->
Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2202.4-0\NisSrv.exe [3046608 2022-03-12] (Microsoft
Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2202.4-0\MsMpEng.exe [132504 2022-03-12] (Microsoft
Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [284672 2021-04-15]
(Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07]
(Microsoft Corporation) [File not signed]
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [29160 2018-07-27] (Dell
Inc -> OSR Open Systems Resources, Inc.)
R0 stdcfltn; C:\WINDOWS\System32\DRIVERS\stdcfltn.sys [23216 2015-01-09]
(STMicroelectronics -> ST Microelectronics)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-03-12]
(Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26]
(WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [439544 2022-03-12]
(Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-03-12]
(Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-03-10 20:56 - 2022-03-10 20:56 - 000195584 _____
C:\WINDOWS\system32\uwfcfgmgmt.dll
2022-03-10 20:56 - 2022-03-10 20:56 - 000011911 _____
C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-03-10 20:55 - 2022-03-10 20:55 - 002260992 _____
C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-03-10 20:55 - 2022-03-10 20:55 - 002254336 _____
C:\WINDOWS\system32\dwmscene.dll
2022-03-10 20:55 - 2022-03-10 20:55 - 000272896 _____
C:\WINDOWS\system32\TpmTool.exe
2022-03-10 20:55 - 2022-03-10 20:55 - 000223744 _____
C:\WINDOWS\SysWOW64\TpmTool.exe
2022-03-10 20:47 - 2022-03-10 20:47 - 000000000 ___HD C:\$WinREAgent
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-04-03 19:28 - 2020-02-02 00:27 - 000000000 ____D C:\FRST
2022-04-03 19:27 - 2020-02-21 01:26 - 000000000 ____D
C:\Users\Owner\Downloads\FRST-OlderVersion
2022-04-03 19:22 - 2020-02-02 00:26 - 000653312 _____
C:\Users\Owner\Downloads\FRST64.exe
2022-04-03 19:21 - 2019-12-07 05:14 - 000000000 ____D
C:\ProgramData\regid.1991-06.com.microsoft
2022-04-03 19:13 - 2020-02-02 00:30 - 000024635 _____
C:\Users\Owner\Downloads\Addition.txt
2022-04-03 19:13 - 2020-02-02 00:28 - 000024112 _____
C:\Users\Owner\Downloads\FRST.txt
2022-04-03 19:13 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2022-04-03 17:52 - 2020-01-29 19:55 - 000000000 ____D C:\Program Files
(x86)\Google
2022-04-03 16:55 - 2021-04-12 00:22 - 000000000 ____D
C:\WINDOWS\system32\SleepStudy
2022-04-03 15:11 - 2019-12-07 05:14 - 000000000 ___HD C:\Program
Files\WindowsApps
2022-04-03 15:11 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-04-03 14:50 - 2020-06-18 03:20 - 000002438 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-04-03 14:50 - 2020-06-18 03:20 - 000002276 _____
C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-04-01 15:16 - 2021-04-12 00:31 - 000004460 _____
C:\WINDOWS\system32\PerfStringBackup.INI
2022-04-01 15:11 - 2021-04-12 00:29 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-04-01 15:11 - 2021-04-12 00:22 - 000008192 ___SH C:\DumpStack.log.tmp
2022-04-01 15:11 - 2020-01-29 19:52 - 000000180 _____
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-04-01 15:11 - 2020-01-29 19:52 - 000000000 __SHD
C:\Users\Owner\IntelGraphicsProfiles
2022-04-01 15:07 - 2019-12-07 05:03 - 000786432 _____
C:\WINDOWS\system32\config\BBI
2022-03-31 21:29 - 2020-01-29 19:56 - 000002301 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-03-31 21:29 - 2020-01-29 19:56 - 000002260 _____
C:\Users\Public\Desktop\Google Chrome.lnk
2022-03-31 21:06 - 2020-03-02 19:00 - 000000000 ____D
C:\Users\Owner\Desktop\meme
2022-03-31 15:20 - 2020-03-31 22:35 - 000002498 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2022-03-31 15:20 - 2020-03-31 22:35 - 000002463 _____
C:\Users\Public\Desktop\Avast Secure Browser.lnk
2022-03-27 16:44 - 2021-04-12 00:24 - 000000000 ____D C:\Users\Owner
2022-03-26 04:31 - 2020-02-04 19:09 - 000001272 _____
C:\Users\Owner\Desktop\ESET Online Scanner.lnk
2022-03-26 04:31 - 2020-02-04 19:08 - 000001378 _____
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online
Scanner.lnk
2022-03-26 02:05 - 2021-12-12 14:30 - 000003584 _____
C:\WINDOWS\system32\Tasks\OneDrive Reporting
Task-S-1-5-21-850940307-2662099542-345136612-1001
2022-03-26 02:05 - 2021-04-12 00:29 - 000003376 _____
C:\WINDOWS\system32\Tasks\OneDrive Standalone Update
Task-S-1-5-21-850940307-2662099542-345136612-1001
2022-03-26 02:05 - 2021-04-12 00:24 - 000002379 _____
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\OneDrive.lnk
2022-03-22 19:01 - 2020-01-29 20:01 - 000002136 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-03-21 13:06 - 2021-04-12 00:29 - 000004206 _____
C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1582408457
2022-03-21 13:06 - 2020-02-22 17:54 - 000001405 _____
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera
Browser.lnk
2022-03-20 03:24 - 2020-02-01 22:49 - 000004435 _____
C:\Users\Owner\AppData\Local\kdenliverc
2022-03-20 03:24 - 2020-02-01 20:29 - 000000000 ____D
C:\Users\Owner\AppData\Roaming\audacity
2022-03-18 12:24 - 2020-04-18 20:07 - 000000000 ____D
C:\Users\Owner\Desktop\froy
2022-03-12 13:46 - 2020-01-29 07:45 - 000000000 ____D
C:\WINDOWS\system32\Drivers\wd
2022-03-11 18:58 - 2021-04-12 00:22 - 000291064 _____
C:\WINDOWS\system32\FNTCACHE.DAT
2022-03-11 18:57 - 2019-12-07 05:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
2022-03-11 18:57 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files\Windows
Defender Advanced Threat Protection
2022-03-11 18:57 - 2019-12-07 05:14 - 000000000 ___RD
C:\WINDOWS\ImmersiveControlPanel
2022-03-11 18:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-03-11 18:57 - 2019-12-07 05:14 - 000000000 ____D
C:\WINDOWS\system32\WinBioPlugIns
2022-03-11 18:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-03-11 18:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-03-11 18:57 - 2019-12-07 05:14 - 000000000 ____D
C:\WINDOWS\PolicyDefinitions
2022-03-11 18:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-03-11 18:57 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2022-03-10 21:00 - 2020-08-22 00:45 - 000000000 ____D C:\Program Files\Microsoft
Update Health Tools
2022-03-10 21:00 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-03-10 20:55 - 2021-04-12 00:23 - 002877952 _____ (Microsoft Corporation)
C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-03-10 20:47 - 2020-01-29 19:59 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-03-10 20:45 - 2020-01-29 19:59 - 145666720 ____C (Microsoft Corporation)
C:\WINDOWS\system32\MRT.exe
2022-03-10 10:38 - 2021-04-25 23:32 - 000003386 _____
C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d72f542500ba19
2022-03-10 10:38 - 2021-04-12 00:29 - 000003480 _____
C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
==================== Files in the root of some directories ========
2020-02-01 22:49 - 2022-03-20 03:24 - 000004435 _____ ()
C:\Users\Owner\AppData\Local\kdenliverc
2020-05-12 19:14 - 2020-05-12 19:14 - 000000017 _____ ()
C:\Users\Owner\AppData\Local\resmon.resmoncfg
2020-02-01 22:49 - 2020-02-01 22:49 - 000000533 _____ ()
C:\Users\Owner\AppData\Local\user-places.xbel
2020-02-01 22:49 - 2020-02-01 22:49 - 000000000 _____ ()
C:\Users\Owner\AppData\Local\user-places.xbel.tbcache
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-04-2022
Ran by Owner (03-04-2022 19:29:53)
Running from C:\Users\Owner\Downloads\FRST-OlderVersion
Microsoft Windows 10 Pro Version 21H2 19044.1586 (X64) (2021-04-12 04:29:43)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-850940307-2662099542-345136612-500 - Administrator -
Disabled)
DefaultAccount (S-1-5-21-850940307-2662099542-345136612-503 - Limited -
Disabled)
Guest (S-1-5-21-850940307-2662099542-345136612-501 - Limited - Disabled)
Owner (S-1-5-21-850940307-2662099542-345136612-1001 - Administrator - Enabled)
=> C:\Users\Owner
WDAGUtilityAccount (S-1-5-21-850940307-2662099542-345136612-504 - Limited -
Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date)
{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to
unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100})
(Version: 22.001.20085 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-850940307-2662099542-345136612-1001\...\Amazon
Kindle) (Version: 1.30.0.59056 - Amazon)
Audacity 2.3.3 (HKLM-x32\...\Audacity_is1) (Version: 2.3.3 - Audacity Team)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 99.0.15283.83
- AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2})
(Version: 1.8.1065.0 - AVAST Software) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:
10.3201.101.215 - ALPSALPINE CO., LTD.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.60 - Google LLC)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA})
(Version: 20.19.15.5063 - Intel Corporation)
iPod Support (HKLM\...\{4B5933A1-A781-400E-B4A2-3ECC375375E4}) (Version:
120.7.3.55 - Apple Inc.)
kdenlive (HKU\S-1-5-21-850940307-2662099542-345136612-1001\...\kdenlive)
(Version: 19.12.1 - KDE e.V.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 100.0.1185.29 - Microsoft
Corporation)
Microsoft OneDrive
(HKU\S-1-5-21-850940307-2662099542-345136612-1001\...\OneDriveSetup.exe)
(Version: 22.045.0227.0004 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{5016990D-7F61-4A20-9451-A915D6616DD9})
(Version: 3.66.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
(HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
(HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 -
Microsoft Corporation)
OpenOffice 4.1.7 (HKLM-x32\...\{A09D951F-4BA3-4383-97B3-D1B91835E779}) (Version:
4.17.9800 - Apache Software Foundation)
Opera Stable 84.0.4316.42
(HKU\S-1-5-21-850940307-2662099542-345136612-1001\...\Opera 84.0.4316.42)
(Version: 84.0.4316.42 - Opera Software)
Realtek Audio COM Components
(HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek
Semiconductor Corp.)
Realtek High Definition Audio Driver
(HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6070 -
Realtek Semiconductor Corp.)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91})
(Version: 3.2.2110.14001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-850940307-2662099542-345136612-1001\...\ZoomUMX) (Version:
5.0 - Zoom Video Communications, Inc.)
Packages:
=========
Farm Heroes Saga -> C:\Program
Files\WindowsApps\king.com.FarmHeroesSaga_5.78.7.0_x64__kgqvnymyfvs32
[2022-03-31] (king.com)
iTunes -> C:\Program
Files\WindowsApps\AppleInc.iTunes_12123.5.56009.0_x64__nzyj5cx40ttqa
[2022-03-12] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program
Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe
[2021-04-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program
Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe
[2021-04-12] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program
Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe
[2022-03-27] (Microsoft Studios) [MS Ad]
Photos Media Engine Add-on -> C:\Program
Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe
[2020-04-05] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} =>
C:\WINDOWS\system32\igfxDTCM.dll [2018-12-21] (Microsoft Windows Hardware
Compatibility Publisher -> Intel Corporation)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-19 00:49 - 2019-03-19 00:49 - 000000824 _____
C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-850940307-2662099542-345136612-1001\Control
Panel\Desktop\\Wallpaper ->
DNS Servers: 9.9.9.9 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System =>
(ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled:
)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
FirewallRules: [{575F9804-F082-4410-9B9F-4EC80B467321}] => (Allow)
C:\Users\Owner\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications,
Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query
User{B2A89664-95CF-4BB1-AF7F-18B9E12ABA51}C:\users\owner\appdata\local\programs\opera\76.0.4017.107\opera.exe]
=> (Block) C:\users\owner\appdata\local\programs\opera\76.0.4017.107\opera.exe
=> No File
FirewallRules: [UDP Query
User{909059F9-D12E-42FD-BAF6-01B6D68EC696}C:\users\owner\appdata\local\programs\opera\76.0.4017.107\opera.exe]
=> (Block) C:\users\owner\appdata\local\programs\opera\76.0.4017.107\opera.exe
=> No File
FirewallRules: [TCP Query
User{1DC68B96-49EF-466B-BA26-1068C471C55D}C:\users\owner\appdata\local\programs\opera\76.0.4017.123\opera.exe]
=> (Block) C:\users\owner\appdata\local\programs\opera\76.0.4017.123\opera.exe
=> No File
FirewallRules: [UDP Query
User{4AB11E93-767D-4F8F-9040-D6922146A16E}C:\users\owner\appdata\local\programs\opera\76.0.4017.123\opera.exe]
=> (Block) C:\users\owner\appdata\local\programs\opera\76.0.4017.123\opera.exe
=> No File
FirewallRules: [TCP Query
User{D3A8BE36-17C3-4818-A12C-39E1DC456835}C:\users\owner\appdata\local\programs\opera\76.0.4017.177\opera.exe]
=> (Block) C:\users\owner\appdata\local\programs\opera\76.0.4017.177\opera.exe
=> No File
FirewallRules: [UDP Query
User{F33453AC-53EA-47F2-BDC4-8A12245F7CA4}C:\users\owner\appdata\local\programs\opera\76.0.4017.177\opera.exe]
=> (Block) C:\users\owner\appdata\local\programs\opera\76.0.4017.177\opera.exe
=> No File
FirewallRules: [TCP Query
User{007CE770-F996-478A-9D87-9F17B04C7552}C:\users\owner\appdata\local\programs\opera\77.0.4054.90\opera.exe]
=> (Block) C:\users\owner\appdata\local\programs\opera\77.0.4054.90\opera.exe =>
No File
FirewallRules: [UDP Query
User{A017255A-1378-4252-B08D-8FA3EC8DA184}C:\users\owner\appdata\local\programs\opera\77.0.4054.90\opera.exe]
=> (Block) C:\users\owner\appdata\local\programs\opera\77.0.4054.90\opera.exe =>
No File
FirewallRules: [TCP Query
User{71CD534D-6880-4489-A8CD-6F31BDB2EB22}C:\users\owner\appdata\local\programs\opera\77.0.4054.172\opera.exe]
=> (Block) C:\users\owner\appdata\local\programs\opera\77.0.4054.172\opera.exe
=> No File
FirewallRules: [UDP Query
User{13E48014-71BC-472E-ADA9-24DF66B348D6}C:\users\owner\appdata\local\programs\opera\77.0.4054.172\opera.exe]
=> (Block) C:\users\owner\appdata\local\programs\opera\77.0.4054.172\opera.exe
=> No File
FirewallRules: [TCP Query
User{A14AC5EC-D502-4DEC-9443-653F9618ECCF}C:\users\owner\appdata\local\programs\opera\77.0.4054.203\opera.exe]
=> (Block) C:\users\owner\appdata\local\programs\opera\77.0.4054.203\opera.exe
=> No File
FirewallRules: [UDP Query
User{AFC79ED8-AC98-4AF1-90E0-7A98401BF440}C:\users\owner\appdata\local\programs\opera\77.0.4054.203\opera.exe]
=> (Block) C:\users\owner\appdata\local\programs\opera\77.0.4054.203\opera.exe
=> No File
FirewallRules: [TCP Query
User{8CD12E06-95B3-47F3-854E-FD8EE08EB178}C:\users\owner\appdata\local\programs\opera\77.0.4054.277\opera.exe]
=> (Block) C:\users\owner\appdata\local\programs\opera\77.0.4054.277\opera.exe
=> No File
FirewallRules: [UDP Query
User{7221B491-3CA4-486E-BE21-E3D6579DF145}C:\users\owner\appdata\local\programs\opera\77.0.4054.277\opera.exe]
=> (Block) C:\users\owner\appdata\local\programs\opera\77.0.4054.277\opera.exe
=> No File
FirewallRules: [TCP Query
User{CD97EF53-4F32-415D-BD72-0ED781C2F2D7}C:\users\owner\appdata\local\programs\opera\77.0.4054.277\opera.exe]
=> (Block) C:\users\owner\appdata\local\programs\opera\77.0.4054.277\opera.exe
=> No File
FirewallRules: [UDP Query
User{7BC74DC9-47BB-4CCC-ADB8-FE784244E20F}C:\users\owner\appdata\local\programs\opera\77.0.4054.277\opera.exe]
=> (Block) C:\users\owner\appdata\local\programs\opera\77.0.4054.277\opera.exe
=> No File
FirewallRules: [TCP Query
User{B1675035-C3BD-4DBE-AF80-C428761E840D}C:\users\owner\appdata\local\programs\opera\78.0.4093.147\opera.exe]
=> (Block) C:\users\owner\appdata\local\programs\opera\78.0.4093.147\opera.exe
=> No File
FirewallRules: [UDP Query
User{69917109-20D5-4E27-A42A-A38BA27DC17E}C:\users\owner\appdata\local\programs\opera\78.0.4093.147\opera.exe]
=> (Block) C:\users\owner\appdata\local\programs\opera\78.0.4093.147\opera.exe
=> No File
FirewallRules: [TCP Query
User{60FE8BB9-01B2-44CF-9D9C-72487EB1EC6F}C:\users\owner\appdata\local\programs\opera\78.0.4093.184\opera.exe]
=> (Block) C:\users\owner\appdata\local\programs\opera\78.0.4093.184\opera.exe
=> No File
FirewallRules: [UDP Query
User{89482F34-07F7-4D7B-8CDE-E56C39D4AB15}C:\users\owner\appdata\local\programs\opera\78.0.4093.184\opera.exe]
=> (Block) C:\users\owner\appdata\local\programs\opera\78.0.4093.184\opera.exe
=> No File
FirewallRules: [TCP Query
User{6494B3C4-102C-4134-8B57-6E72B0C718E6}C:\users\owner\appdata\local\programs\opera\78.0.4093.231\opera.exe]
=> (Block) C:\users\owner\appdata\local\programs\opera\78.0.4093.231\opera.exe
=> No File
FirewallRules: [UDP Query
User{7F2FD1BF-5845-4C53-8285-936220367F93}C:\users\owner\appdata\local\programs\opera\78.0.4093.231\opera.exe]
=> (Block) C:\users\owner\appdata\local\programs\opera\78.0.4093.231\opera.exe
=> No File
FirewallRules: [TCP Query
User{313DFFE4-8970-48CC-B9D2-0C9407F4474D}C:\users\owner\appdata\local\programs\opera\opera.exe]
=> (Block) C:\users\owner\appdata\local\programs\opera\opera.exe (Opera Software
AS -> Opera Software)
FirewallRules: [UDP Query
User{151EFAEC-BC6F-408B-A7E7-E060C5F5D2B7}C:\users\owner\appdata\local\programs\opera\opera.exe]
=> (Block) C:\users\owner\appdata\local\programs\opera\opera.exe (Opera Software
AS -> Opera Software)
FirewallRules: [TCP Query
User{EFF8E35D-3CDA-4B21-BE74-4D108A8FE3A5}C:\users\owner\appdata\local\programs\opera\opera.exe]
=> (Block) C:\users\owner\appdata\local\programs\opera\opera.exe (Opera Software
AS -> Opera Software)
FirewallRules: [UDP Query
User{9DF00D3B-7908-452A-8F0E-9BBCF238E5E5}C:\users\owner\appdata\local\programs\opera\opera.exe]
=> (Block) C:\users\owner\appdata\local\programs\opera\opera.exe (Opera Software
AS -> Opera Software)
FirewallRules: [{7712AA38-14F5-48DA-B5C1-CFBF3DAC5D4F}] => (Allow) C:\Program
Files\WindowsApps\AppleInc.iTunes_12123.5.56009.0_x64__nzyj5cx40ttqa\iTunes.exe
(Apple Inc. -> Apple Inc.)
FirewallRules: [{258FC7C9-8985-4A91-92BB-9DB46AB4159F}] => (Allow) C:\Program
Files\WindowsApps\AppleInc.iTunes_12123.5.56009.0_x64__nzyj5cx40ttqa\iTunes.exe
(Apple Inc. -> Apple Inc.)
FirewallRules: [{1E126F51-4E7C-44F8-A2CE-2C96A8EAFABB}] => (Allow) C:\Program
Files\WindowsApps\AppleInc.iTunes_12123.5.56009.0_x64__nzyj5cx40ttqa\iTunes.exe
(Apple Inc. -> Apple Inc.)
FirewallRules: [{2A224CFE-39B2-4A56-A18B-F8EF9E962AFD}] => (Allow) C:\Program
Files\WindowsApps\AppleInc.iTunes_12123.5.56009.0_x64__nzyj5cx40ttqa\iTunes.exe
(Apple Inc. -> Apple Inc.)
FirewallRules: [{199773EF-9BA3-41CB-8A38-C1F2556961AD}] => (Allow) C:\Program
Files\WindowsApps\AppleInc.iTunes_12123.5.56009.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Apple Inc. -> Apple Inc.)
FirewallRules: [{87FE43EB-86B0-41E2-9279-334F2650EA13}] => (Allow) C:\Program
Files\WindowsApps\AppleInc.iTunes_12123.5.56009.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Apple Inc. -> Apple Inc.)
FirewallRules: [{6D75D1BC-703B-4AF5-A0D6-5986916C2EDB}] => (Allow) C:\Program
Files\WindowsApps\AppleInc.iTunes_12123.5.56009.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Apple Inc. -> Apple Inc.)
FirewallRules: [{B9D0B131-C7D6-461A-9D74-E8654536AA07}] => (Allow) C:\Program
Files\WindowsApps\AppleInc.iTunes_12123.5.56009.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Apple Inc. -> Apple Inc.)
FirewallRules: [{A475FF1D-0C65-47B6-A553-A99B42A03504}] => (Allow) C:\Program
Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FED3F089-A856-4BD9-BFC3-04E43FC7971E}] => (Allow) C:\Program
Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{022D1104-6908-45F2-8D74-7DFEED278B15}] => (Allow) C:\Program
Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EB7EBDF2-AC39-4C86-BFBD-CDD4C6FD36E7}] => (Allow) C:\Program
Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7190EA5D-B4D4-4FD9-8911-EB2BDF4B69BD}] => (Allow) C:\Program
Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software
s.r.o. -> AVAST Software)
FirewallRules: [{092E39E9-AA19-4EF0-9A43-4AF5B9906342}] => (Allow) C:\Program
Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
19-03-2022 02:36:46 Scheduled Checkpoint
28-03-2022 03:21:19 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (04/03/2022 03:11:45 PM) (Source: Application Hang) (EventID: 1002)
(User: )
Description: The program identity_helper.exe version 100.0.1185.29 stopped
interacting with Windows and was closed. To see if more information about the
problem is available, check the problem history in the Security and Maintenance
control panel.
Process ID: 36ec
Start Time: 01d8478e93a392c8
Termination Time: 4294967295
Application Path: C:\Program Files
(x86)\Microsoft\Edge\Application\100.0.1185.29\identity_helper.exe
Report Id: c12a69af-3cd4-4eb7-b2d4-edace4eb33e2
Faulting package full name:
Microsoft.MicrosoftEdge.Stable_99.0.1150.55_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: App
Hang type: Quiesce
Error: (03/28/2022 11:50:36 AM) (Source: Application Hang) (EventID: 1002)
(User: )
Description: The program identity_helper.exe version 99.0.1150.55 stopped
interacting with Windows and was closed. To see if more information about the
problem is available, check the problem history in the Security and Maintenance
control panel.
Process ID: ac0
Start Time: 01d842bb7bce9f72
Termination Time: 4294967295
Application Path: C:\Program Files
(x86)\Microsoft\Edge\Application\99.0.1150.55\identity_helper.exe
Report Id: ac634880-1606-4d8a-9f01-60f9807a2f6b
Faulting package full name:
Microsoft.MicrosoftEdge.Stable_99.0.1150.52_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: App
Hang type: Quiesce
Error: (03/26/2022 12:21:59 PM) (Source: Application Hang) (EventID: 1002)
(User: )
Description: The program identity_helper.exe version 99.0.1150.52 stopped
interacting with Windows and was closed. To see if more information about the
problem is available, check the problem history in the Security and Maintenance
control panel.
Process ID: 24c
Start Time: 01d8412d89db51ac
Termination Time: 4294967295
Application Path: C:\Program Files
(x86)\Microsoft\Edge\Application\99.0.1150.52\identity_helper.exe
Report Id: 68aa8bfc-a83f-494c-85ed-274b6cc744b9
Faulting package full name:
Microsoft.MicrosoftEdge.Stable_99.0.1150.46_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: App
Hang type: Quiesce
Error: (03/24/2022 02:54:08 PM) (Source: Application Error) (EventID: 1000)
(User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.1566,
time stamp: 0xfd932244
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1566, time stamp:
0x0833f2d4
Exception code: 0xc000027b
Fault offset: 0x000000000010b362
Faulting process id: 0x3ea4
Faulting application start time: 0x01d83f7ee6dc484a
Faulting application path:
C:\WINDOWS\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 697756c0-bc16-423f-9c28-e1a8e48dcd8c
Faulting package full name:
Microsoft.Windows.Search_1.14.3.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
Error: (03/19/2022 10:57:08 AM) (Source: Application Hang) (EventID: 1002)
(User: )
Description: The program identity_helper.exe version 99.0.1150.46 stopped
interacting with Windows and was closed. To see if more information about the
problem is available, check the problem history in the Security and Maintenance
control panel.
Process ID: 234
Start Time: 01d83ba186f41185
Termination Time: 4294967295
Application Path: C:\Program Files
(x86)\Microsoft\Edge\Application\99.0.1150.46\identity_helper.exe
Report Id: ab87bb5a-9f87-499a-93f2-b93ca440a8d0
Faulting package full name:
Microsoft.MicrosoftEdge.Stable_99.0.1150.39_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: App
Hang type: Quiesce
Error: (03/12/2022 02:43:05 PM) (Source: Application Hang) (EventID: 1002)
(User: )
Description: The program identity_helper.exe version 99.0.1150.39 stopped
interacting with Windows and was closed. To see if more information about the
problem is available, check the problem history in the Security and Maintenance
control panel.
Process ID: 1250
Start Time: 01d83640e92c6ac5
Termination Time: 4294967295
Application Path: C:\Program Files
(x86)\Microsoft\Edge\Application\99.0.1150.39\identity_helper.exe
Report Id: 762ae2c0-e626-43a7-9c52-ea89ffe40527
Faulting package full name:
Microsoft.MicrosoftEdge.Stable_99.0.1150.36_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: App
Hang type: Quiesce
Error: (03/11/2022 06:58:49 PM) (Source: Microsoft-Windows-WMI) (EventID: 4)
(User: NT AUTHORITY)
Description: Error 0x8004401e encountered when trying to load MOF
C:\PROGRAMDATA\MICROSOFT\WINDOWS
DEFENDER\PLATFORM\4.18.2103.6-0\PROTECTIONMANAGEMENT.MOF while recovering .MOF
file marked with autorecover.
Error: (03/11/2022 06:58:07 PM) (Source: Microsoft-Windows-WMI) (EventID: 4)
(User: NT AUTHORITY)
Description: Error 0x0 encountered when trying to load MOF
C:\WINDOWS\SYSTEM32\WBEM\CLI.MOF while recovering .MOF file marked with
autorecover.
System errors:
=============
Error: (04/02/2022 01:23:49 AM) (Source: Schannel) (EventID: 4103) (User: NT
AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The
internal error state is 10013.
Error: (04/02/2022 12:57:25 AM) (Source: Schannel) (EventID: 4103) (User: NT
AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The
internal error state is 10013.
Error: (04/02/2022 12:50:46 AM) (Source: Schannel) (EventID: 4103) (User: NT
AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The
internal error state is 10013.
Error: (04/01/2022 06:54:42 PM) (Source: Schannel) (EventID: 4103) (User: NT
AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The
internal error state is 10013.
Error: (04/01/2022 03:11:34 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:07:54 PM on 4/1/2022 was
unexpected.
Error: (04/01/2022 03:11:24 PM) (Source: Microsoft-Windows-Kernel-Boot)
(EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.
Error: (04/01/2022 03:07:28 PM) (Source: Service Control Manager) (EventID:
7043) (User: )
Description: The Delivery Optimization service did not shut down properly after
receiving a preshutdown control.
Error: (04/01/2022 02:26:51 AM) (Source: Schannel) (EventID: 4103) (User: NT
AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The
internal error state is 10013.
Windows Defender:
================
Date: 2022-04-03 14:21:15
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-04-02 14:59:15
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-04-02 00:40:13
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-04-01 22:41:42
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-04-01 16:16:54
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
==================== Memory info ===========================
BIOS: Dell Inc. A28 06/13/2019
Motherboard: Dell Inc. 06MFX3
Processor: Intel® Core™ i5-4310U CPU @ 2.00GHz
Percentage of memory in use: 62%
Total physical RAM: 8097.34 MB
Available physical RAM: 3007.21 MB
Total Virtual: 11933.64 MB
Available Virtual: 5051.58 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:118.67 GB) (Free:48.49 GB) NTFS
\\?\Volume{cd32bd08-0000-0000-0000-100000000000}\ (System Reserved) (Fixed)
(Total:0.57 GB) (Free:0.1 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: CD32BD08)
Partition 1: (Active) - (Size=579 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=118.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
* Back to top
--------------------------------------------------------------------------------
BC ADBOT (LOGIN TO REMOVE)
*
* BleepingComputer.com
*
* Register to remove ads
PLAY Top Articles Video Settings Full Screen About Connatix V157044 Read More
Read More Read More Read More Read More Read More Fake Trezor data breach emails
used to stealcryptocurrency wallets 1/1 Skip Ad Continue watching after the ad
Visit Advertiser websiteGO TO PAGE
--------------------------------------------------------------------------------
#2 DENNIS_L
dennis_l
*
* Malware Study Hall Senior
* 772 posts
* OFFLINE
* Gender:Male
* Location:UK
* Local time:12:19 PM
Posted Today, 02:18 AM
Hi lisabreee,
My name is Dennis and I will assist you with your computer problems.
Please read through these guidelines before we start.
* Back up any important data, as a precaution before starting this process.
* If you are unsure about anything then please ask. This makes the task much
easier in the long run.
* Do not run any other tools or make changes to your system during the removal
process.
* Please do not start a new topic and keep all replies in this thread.
* Follow the instructions in the sequence advised.
* Copy and paste the logs into the reply. I will advise if anything needs to be
added as an attachment.
* Here at Bleeping Computer we are mostly volunteers, so please be patient with
us. I’ll try to respond within 24 hours. You will be advised if it is
expected to be longer than 48 hours. Please note that I am still a student,
so there may be a delay while an instructor checks my posts. This is to
ensure you get the best possible help.
* Please let me know if you are going to be delayed in responding. If you do
not reply after 5 days, I’ll assume you do not want to continue and will
close the topic.
* Sometimes things might seem to be resolved, but there may still need to be
more checks necessary, so please wait until I give the all clear.
Please give me some time to examine your logs and I will get back to you as soon
as possible.
Dennis
* Back to top
--------------------------------------------------------------------------------
#3 DENNIS_L
dennis_l
*
* Malware Study Hall Senior
* 772 posts
* OFFLINE
* Gender:Male
* Location:UK
* Local time:12:19 PM
Posted Today, 05:44 AM
I am pleased to advise that there is no evidence of malware being present on
your computer.
Could you please advise more detail on the account issues, that you have been
experiencing?
NordVPN is a well known VPN service and is safe to use on public networks.
Dennis
* Back to top
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Back to Virus, Trojan, Spyware, and Malware Removal Help
*
*
*
*
*
*
*
*
*
*
9 USER(S) ARE READING THIS TOPIC
0 members, 8 guests, 0 anonymous users
Google (1)
Reply to quoted posts Clear
1. BleepingComputer.com
2. → Security
3. → Virus, Trojan, Spyware, and Malware Removal Help
4. Privacy Policy
5. Rules ·
*
* Help
Advertise | About Us | Terms of Use | Privacy Policy | Sitemap
| Chat | RSS Feeds | Contact Us Tech Support Forums | Virus
Removal Guides | Downloads | Tutorials | The Computer Glossary |
Uninstall List | Startups | The File Database
© 2004-2022 All Rights Reserved Bleeping Computer LLC .
Site Changelog
Community Forum Software by IP.Board
SIGN IN
* Use Twitter
* Need an account? Register now!
* Username
* Forum Password
I've forgotten my password
* Remember me
This is not recommended for shared computers
* Sign in anonymously
Don't add me to the active users list
* Privacy Policy