And Just now my 12:46 posting Reappears? Hmm?
really strange, prolly my side, I'm sure.
Again, thanks for your help!
Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
Hacker Harassment Continued - - Requested by dennis_I
Started by
AngryOne1Continues
, Feb 23 2024 11:27 AM
33 replies to this topic
#16
AngryOne1Continues
- Topic Starter
-
- Members
- 31 posts
- OFFLINE
- Gender:Not Telling
- Local time:10:58 PM
Back to top
#17
AngryOne1Continues
- Topic Starter
-
- Members
- 31 posts
- OFFLINE
- Gender:Not Telling
- Local time:10:58 PM
Posted 24 February 2024 - 02:53 PM
Question:
What about the two Warnings! on the Security Check on post #7?
#18
AngryOne1Continues
- Topic Starter
-
- Members
- 31 posts
- OFFLINE
- Gender:Not Telling
- Local time:10:58 PM
Posted 24 February 2024 - 03:08 PM
Dennis,
I did everything like you instructed and THEN I changed my passwords on several accounts and Still I am locked out of them when I try to log back in.
I know I entered correct info and how can it be that every account that I changed the password on is INCORRECT? I wrote it down correct and entered it correct and I am NOW locked out of SIX accounts that I updated passwords on. See what I'm going through?
AND if I try to reset them on the respective reset pages, it always tells me the feature is unavailable forcing me to have to call customer service which is another huge annoyance.
It seems they were piggybacking me while I changed the password and then they changed it on me right after. How can it be that after I changed six passwords I am now locked out of all of them especially the cable account?
Clearly, IT is still harassing me WHILE you were helping me and the conclusion as you mentioned and I always believed is true, via the network credentials. Since they're in my network that means they have device specific info, right?
Oh yeah, IT didn't bother to lock me out of this Continued-2nd BC account, it would be POINTLESS and they know it!
1. SO HOW can I GET RID OF this Harassing Hacker FOR GOOD?
2. PROOF? - HOW can I show proof to the police to get THEM in TROUBLE for it?
Edited by AngryOne1Continues, 24 February 2024 - 04:25 PM.
#19
Chris Cosgrove
-
- Global Moderator
- 26,932 posts
- OFFLINE
- Gender:Male
- Location:Scotland
- Local time:03:58 AM
Posted 24 February 2024 - 07:31 PM
@ AngryOne1continues
I too have no idea what happened to your post which you say was timed at 12.46 pm, and I have checked your two topics and your posting history and can find no record of it. This is complicated by the fact that you have two accounts both of which dennis_J has replied to. this is confusing to everybody. I understand you created the second account on a misunderstanding but when all this is over I would be grateful if you would send me a PM saying which account you wish to keep then we can merge your two accounts into one.
To send me a PM just click on my avatar, this takes you to my profile where you will find a button 'Send me a message' near the top on the right. Clcik on this and send me your reply.
Chris Cosgrove
#20
dennis_l
-
- Malware Response Team
- 3,141 posts
- OFFLINE
- Gender:Male
- Location:UK
- Local time:03:58 AM
Posted 25 February 2024 - 05:23 AM
Many thanks Chris.
------------------
@ AngryOne1continues
Yes please apply the updates, recommended by SecurityCheck.
We need to ensure that your network is as secure as possible.
With this in mind, please check that you have covered all of the recommended steps, from the articles I referred to in post #11.
Please let me know if you need more information on any of the content.
#21
AngryOne1Continues
- Topic Starter
-
- Members
- 31 posts
- OFFLINE
- Gender:Not Telling
- Local time:10:58 PM
Posted 26 February 2024 - 10:01 PM
Hi Dennis,
So, I did the updates.
I went over the list of securing a network but I come to realize that I DO for a FACT have a Hacker harassing me and I alone cannot combat it. I know due to my previous email account tagged to my previous BC account (the first one I started with getting help from you) and I was locked out of both of them. I tried several attempts at Recovery Email with no success even though I have both the current and previous passwords that should work and they don't, which means somebody went to a decent enough length to make sure I cannot log back into them, which is indicative of a Hacker.
I strongly believe it has to due with my neighbor regarding an email about him which is why I landed on this site to get help to prove to the deputies of his dirty deeds. After all your help and no malware found, and we both concluded it's definitely the network yet no matter what I do, he's got a Hacker in his corner. He was following me to the libraries, I have proof. Yet info given to the Deputy fell on deaf ears. He has a habit of lurking within and then after a bit of time it starts playing with the cursor letting me know once again, he's lurking in my computer. It's like driving down the block and an invisible passenger yanks the steering wheel, is how they get their jollies. Said Hacker is prolly getting wind of this posting right now...live!
WHY else would my email account all of a sudden lock me out and will not let me recover it and my 1st BC account, I'm locked out of that too which is tagged to the locked out email account right after I submitted those emails about my harassing neighbor!
What am I missing? Also some of those suggestions - it tells you to do this, do that, yet there's no clear instruction of how and when you do get instructions, they don't match the system steps that show up on my computer. So, it's frustrating and THE neighbor is seems has an ON-CALL Hacker. Isn't that nice, he's the butthole convincing said Hacker to crap on me based on lies I KNOW as I'm on the RCVG end of their Jr. High BS.
After all the clean-up and Proxy Removal, I still have someone IN MY computer.
I have someone in my phone and same clown is shutting off my TV as well, trust me I know, and no I am not crazy, just beyond fed-up!
It seems as if somebody is keeping tabs on me and monitoring me on my own computer and phone - a Peeping Hacker!
What does a Proxy do?
I had someone clean one up before!
Shaking my head!
Anyway, I've said enough
Thanks for your help!
#22
dennis_l
-
- Malware Response Team
- 3,141 posts
- OFFLINE
- Gender:Male
- Location:UK
- Local time:03:58 AM
Posted 27 February 2024 - 04:59 AM
If you have been through everything else, then please run through the following steps, which, unfortunately, nearly exhaust my suggestions. (Ignore any you have already completed)
- Factory reset the router.
Find the reset button on your router (normally a small hole on the side or back of the router). Use a paper clip, or similar, to press and hold the reset button for 15 seconds. This should reset the router to factory defaults. - Change the router admin password.
When the reset is complete, connect to your router’s dashboard and change the login credentials using a strong password.
Also choose a unique router name, rather than leave as default. - Check connected devices.
Navigate to the DHCP settings, "attached devices" section, or a similar name. It varies by router manufacturer.
This will show the device name and MAC address for each device connected.
Look through the list of connected devices and note any that aren't yours.
Be sure to change your Wi-Fi password, using WPA2-PSK encryption, if it is available. That way, unauthorized users who don't know the new password, will be disconnected. - Enable strong security features, if they are available.
Your router may have additional security features like a network firewall, intrusion detection systems etc. - Enable MAC address filtering.
This allows you to create a list of specific MAC addresses that are allowed to connect to your network to help prevent unauthorized accessing your network. - Disable or close unnecessary ports.
Close or disable these ports to reduce the number of potential entry points. - Disable remote management.
In your router interface, check for an option to disable remote management. Disabling this feature will prevent hackers from remotely accessing and manipulating your router's settings. - Update your router's firmware.
- Contact your ISP to find out if your router is vulnerable, and if so, how to update the firmware.
- Disable File and Printer Sharing.
Open the Control Panel on your computer.
Select "Network and Sharing Center" >"Change advanced sharing settings."
Turn off file and printer sharing.
Click "Save changes".
Should the issues persist, then we can check for any changes made in the last few days, if you run a new FRST scan and post the logs, as you did at the beginning.
If this does not reveal anything, then I feel that as your know the perpetrator, support from a local computer security/network specialist may be the best way forward.
Regarding your query on RemoveProxy.
Malicious software may change Internet Explorer proxy settings, so it's something we include sometimes as a precautionay measure.
This extract from the FRST tutorial explains in more detail.
Removes some Internet Explorer policy restriction settings like "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" or ProxySettingsPerUser in HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings. It removes "ProxyEnable" (if it is set to 1), "ProxyServer", "AutoConfigURL", "DefaultConnectionSettings" and "SavedLegacySettings" values from the machine and users keys. It also applies the BITSAdmin command with NO_PROXY.
In addition, it removes the default value of the "HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies" key if it is altered.
#23
AngryOne1Continues
- Topic Starter
-
- Members
- 31 posts
- OFFLINE
- Gender:Not Telling
- Local time:10:58 PM
Posted 27 February 2024 - 10:46 PM
While reading this page, once again, another window TWICE popped up blocking the screen I was reading ...
so the Bored Hacker IS most likely just sitting around WAITING for me to get online so they could continue to harass me, ain't that right ya Bored Hacker? Peeping me ALL the time!
I will go through the list and let you know when done.
The Filtering and Closing Ports - I would need instructions for this.
IS THERE ANY WAY of finding out WHO THE GUEST is on my page at this time of posting?
or it's irrelevant if said Hacker is hacking he wouldn't BE a guest on this site on my page live? Brainstorming.
I really do APPRECIATE your help!
#24
dennis_l
-
- Malware Response Team
- 3,141 posts
- OFFLINE
- Gender:Male
- Location:UK
- Local time:03:58 AM
Posted 28 February 2024 - 10:08 AM
Please run through all the steps that you can and we'll look at the ports later, if the issues are still present
Could you please send me a PM with the make and model of your router?
Regarding your questions, the site can be viewed by guests, without logging in and this varies constantly throughout the day.
Let's focus on attempting to prevent further intrusion via your router, if this proves to have been compromised.
Remember to send me new FRST logs when you are done.
#25
AngryOne1Continues
- Topic Starter
-
- Members
- 31 posts
- OFFLINE
- Gender:Not Telling
- Local time:10:58 PM
Posted 01 March 2024 - 11:02 PM
Working on it.... I just needed a break from this, a refresher.
Again, thank you for your consistent help on this.
#26
AngryOne1Continues
- Topic Starter
-
- Members
- 31 posts
- OFFLINE
- Gender:Not Telling
- Local time:10:58 PM
Posted 02 March 2024 - 12:37 AM
Ok, I did all on the list except for:
- Enable MAC address filtering. - don't know how or where to do this
This allows you to create a list of specific MAC addresses that are allowed to connect to your network to help prevent unauthorized accessing your network. - Disable or close unnecessary ports. - don't know how or where
Close or disable these ports to reduce the number of potential entry points. - Disable remote management. - unavailable to do
In your router interface, check for an option to disable remote management. Disabling this feature will prevent hackers from remotely accessing and manipulating your router's settings. - Update your router's firmware. - unavailable to do
- Contact your ISP to find out if your router.
FRST Log coming up...
#27
AngryOne1Continues
- Topic Starter
-
- Members
- 31 posts
- OFFLINE
- Gender:Not Telling
- Local time:10:58 PM
Posted 02 March 2024 - 12:49 AM
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26.02.2024 01
Ran by hagar (administrator) on LAPTOP-00L3SCTP (HP HP Stream Laptop 14-cb0XX) (02-03-2024 00:40:42)
Running from C:\Users\hagar\Downloads\FRST64.exe
Loaded Profiles: hagar
Platform: Microsoft Windows 10 Home Version 22H2 19045.3930 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <5>
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe ->) (Avast Software s.r.o. -> Avast Software) C:\Program Files\Avast Software\SecureLine VPN\OpenVPN\openvpn.exe
(C:\Windows\SysWOW64\esif_uf.exe ->) (Intel® Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(ETDCtrl.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDTouch.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrlHelper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <15>
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\afwServ.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_80f3ed30bd2427bc\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_80f3ed30bd2427bc\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_80f3ed30bd2427bc\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_80f3ed30bd2427bc\x64\SysInfoCap.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Intel® Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [417176 2024-01-18] (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-2194266322-2013965336-3330642492-1001\...\Run: [MicrosoftEdgeAutoLaunch_C16019AE8F90A6E75BBE8B1B2BCDD80F] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [4067896 2024-02-23] (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {05E55144-C651-4BEC-9ED9-C51395E74EAC} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [5154200 2024-02-27] (Avast Software s.r.o. -> AVAST Software)
Task: {5EB579BE-8311-49B6-8564-B5027E576E66} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1425816 2024-01-18] (Avast Software s.r.o. -> AVAST Software)
Task: {4D3486F4-16CF-4867-927D-D29DEC69AB8B} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [4845464 2024-01-18] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramData\A (the data entry has 70 more characters).
Task: {3B20F94A-88D1-4D0E-8558-E5BCBFC9D9E1} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [7319448 2023-11-20] (Avast Software s.r.o. -> Avast Software)
Task: {34DA3DCF-FE9C-47EC-84CB-BDB95C81C45F} - System32\Tasks\Avast Software\Avast Driver Updater BugReport => C:\Program Files\Avast Software\Driver Updater\AvBugReport.exe [4845464 2024-01-18] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 148 --programpath "C:\Program Files\Avast Software\Driver Updater\Setup\.." --configpath "C:\Program Files\Avast Software\Driver Updater\Setup" --path "C:\ProgramData\Avast Software\Driver Updater\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --log (the data entry has 99 more characters).
Task: {2D9A7E43-2EDD-40A3-BE1B-B90D9CF5B000} - System32\Tasks\Avast Software\Avast Driver Updater Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-du\icarus.exe [7319448 2023-11-20] (Avast Software s.r.o. -> Avast Software)
Task: {3044298F-80DA-46FD-90BC-55ACEE12291C} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [4920728 2024-01-18] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramDat (the data entry has 80 more characters).
Task: {A8DC1B25-AE6D-4E50-BF92-2BE295B9F12E} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [7498648 2024-01-09] (Avast Software s.r.o. -> Avast Software)
Task: {842C3731-1FFD-48E1-853B-7FA2B082CAFA} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2144664 2024-01-18] (Avast Software s.r.o. -> Avast Software)
Task: {5239C678-5C75-43CA-B96C-82BACF89860D} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\hagar\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2024-02-25] (ESET, spol. s r.o. -> ESET)
Task: {A46E6EB2-1F96-4247-AA5A-F361C1DED4F0} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\hagar\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2024-02-25] (ESET, spol. s r.o. -> ESET)
Task: {CFA349BD-0167-4729-B7FA-6644F254703A} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [60888 2024-01-25] (HP Inc. -> HP Inc.)
Task: {244F332B-D001-4AC5-A805-DF5916E6BF43} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [60888 2024-01-25] (HP Inc. -> HP Inc.)
Task: {40898ED3-E4F9-43BC-A16E-1864110B38C7} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-11-22] () [File not signed]
Task: {E625A0D3-54E6-4F1E-9386-9D76B9C59102} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102816 2021-09-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{b7224ed7-6650-4b62-96bb-8cc2322184f7}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{b7224ed7-6650-4b62-96bb-8cc2322184f7}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b7224ed7-6650-4b62-96bb-8cc2322184f7}: [DhcpDomain] lan
Tcpip\..\Interfaces\{fb4390e7-a7cf-47b1-b480-fdc241a059dc}: [NameServer] 100.120.136.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\hagar\AppData\Local\Microsoft\Edge\User Data\Default [2024-03-02]
Edge DownloadDir: Default -> C:\Users\hagar\Downloads
Edge HomePage: Default -> hxxp://msn.com/
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\hagar\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2024-03-01]
Edge Extension: (Google Docs Offline) - C:\Users\hagar\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-01]
Edge Extension: (Edge relevant text changes) - C:\Users\hagar\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-25]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKU\S-1-5-21-2194266322-2013965336-3330642492-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cflanjgoamglnnocilcllegbbbfogfjc]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Opera:
=======
OPR Profile: C:\Users\hagar\AppData\Roaming\Opera Software\Opera Stable [2024-02-22]
OPR DefaultSearchURL: Opera Stable -> hxxps://www.google.com/search?client=opera&q={searchTerms}&sourceid=opera&ie={inputEncoding}&oe={outputEncoding}
OPR DefaultSearchKeyword: Opera Stable -> g
OPR Extension: (Rich Hints Agent) - C:\Users\hagar\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-03-26]
OPR Extension: (Opera Wallet) - C:\Users\hagar\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-05-06]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\hagar\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-14]
OPR Extension: (Opera AI Prompts) - C:\Users\hagar\AppData\Roaming\Opera Software\Opera Stable\Extensions\mljbnbeedpkgakdchcmfapkjhfcogaoc [2023-05-06]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [9065880 2024-01-18] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [753048 2024-01-18] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [2335128 2024-01-18] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [1157528 2024-01-18] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2024-01-18] (Avast Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [18267032 2024-01-18] (Avast Software s.r.o. -> AVAST Software)
R2 DriverUpdSvc; C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe [10210712 2024-01-18] (Avast Software s.r.o. -> AVAST Software)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_80f3ed30bd2427bc\x64\AppHelperCap.exe [891440 2024-01-26] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_80f3ed30bd2427bc\x64\DiagsCap.exe [890304 2024-01-26] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_80f3ed30bd2427bc\x64\NetworkCap.exe [886832 2024-01-26] (HP Inc. -> HP Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230360 2024-01-25] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_80f3ed30bd2427bc\x64\SysInfoCap.exe [890816 2024-01-26] (HP Inc. -> HP Inc.)
S3 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_fe3afc9d28b2c978\x64\TouchpointAnalyticsClientService.exe [493296 2023-11-20] (HP Inc. -> HP Inc.)
R2 SecureLine; C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe [11913112 2024-01-18] (Avast Software s.r.o. -> AVAST Software)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2024-01-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2024-01-08] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [230456 2024-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [380360 2024-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [292816 2024-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [84424 2024-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [27760 2024-02-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [28616 2024-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [263632 2024-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [548296 2024-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [93752 2024-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [69176 2024-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [934968 2024-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [692280 2024-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [213296 2024-01-18] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [306232 2024-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R3 aswVpnRdr; C:\WINDOWS\System32\drivers\aswVpnRdr.sys [78632 2024-01-18] (Microsoft Windows Hardware Compatibility Publisher -> Avast Software)
R3 aswWintun; C:\WINDOWS\System32\drivers\aswWintun.sys [40832 2024-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Avast Software)
S3 aswWireGuard; C:\WINDOWS\System32\drivers\aswWireguard.sys [174480 2024-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Avast Software)
R3 AX88772; C:\WINDOWS\System32\drivers\ax88772.sys [126640 2019-06-03] (WDKTestCert Andy,131400059871715266 -> ASIX Electronics Corp.)
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-15] (HP Inc. -> HP Inc.)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [77792 2023-10-19] (Nmap Software LLC -> Insecure.Com LLC.)
S0 ProtectedELAM; C:\WINDOWS\System32\drivers\protected_elam.sys [18912 2023-10-31] (Microsoft Windows Early Launch Anti-malware Publisher -> TODO: <Company name>)
R3 RSP2STOR; C:\WINDOWS\System32\drivers\RtsP2Stor.sys [347224 2020-11-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [55856 2024-01-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [594304 2024-01-08] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105856 2024-01-08] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [40200 2023-11-17] (HP Inc. -> HP)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-03-02 00:40 - 2024-03-02 00:42 - 000019492 _____ C:\Users\hagar\Downloads\FRST.txt
2024-03-02 00:39 - 2024-03-02 00:41 - 000000000 ___DC C:\FRST
2024-03-02 00:39 - 2024-03-02 00:39 - 002386944 _____ (Farbar) C:\Users\hagar\Downloads\FRST64.exe
2024-03-01 22:50 - 2024-03-01 22:50 - 000000000 __HDC C:\$WinREAgent
2024-02-27 22:27 - 2024-02-27 22:27 - 000313752 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2024-02-25 20:44 - 2024-02-25 20:44 - 000000000 __HDC C:\$SysReset
2024-02-24 13:09 - 2024-02-24 13:20 - 000000076 _____ C:\Users\hagar\Documents\church.txt
2024-02-23 16:59 - 2024-02-24 03:47 - 000002407 _____ C:\Users\hagar\Documents\Geribleeps.txt
2024-02-23 15:20 - 2024-02-25 09:55 - 000000000 ____D C:\SecurityCheck
2024-02-23 14:30 - 2024-02-23 14:30 - 000000266 _____ C:\Users\hagar\Documents\eset2.23.2024.txt
2024-02-23 12:57 - 2024-02-23 12:57 - 000003858 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2024-02-23 12:57 - 2024-02-23 12:57 - 000003416 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2024-02-23 11:25 - 2024-02-25 20:46 - 000001389 _____ C:\Users\hagar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2024-02-23 11:25 - 2024-02-23 11:25 - 000000000 ____D C:\Users\hagar\AppData\Local\ESET
2024-02-18 17:11 - 2024-02-18 17:11 - 000000000 ____D C:\WINDOWS\pss
2024-02-17 13:09 - 2024-02-17 13:09 - 000000000 ____D C:\Users\hagar\AppData\Roaming\com.spyshelter
2024-02-17 13:08 - 2024-02-22 17:17 - 000000000 ____D C:\ProgramData\SpyShelter
2024-02-07 15:14 - 2024-02-07 15:14 - 000000000 ____D C:\WINDOWS\New folder
2024-02-06 02:43 - 2024-02-06 12:40 - 000002220 _____ C:\WINDOWS\system32\Tasks\npcapwatchdog
2024-02-06 02:42 - 2024-02-06 02:42 - 000000000 ____D C:\WINDOWS\SysWOW64\Npcap
2024-02-06 02:42 - 2024-02-06 02:42 - 000000000 ____D C:\WINDOWS\system32\Npcap
2024-02-02 12:06 - 2024-02-02 12:06 - 000000000 ____D C:\ProgramData\WindowsPerformanceRecorder
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-03-02 00:25 - 2023-06-19 20:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-03-02 00:14 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-03-01 23:21 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-03-01 23:19 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2024-03-01 23:18 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-03-01 23:18 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-03-01 22:33 - 2023-06-19 21:09 - 000004168 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{4CD40E42-8B8C-4C69-8DF3-5FFC3D974D20}
2024-03-01 22:21 - 2020-03-29 17:53 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2024-02-27 22:27 - 2024-01-18 07:50 - 000692280 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswSP.sys
2024-02-27 22:27 - 2024-01-18 07:50 - 000548296 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2024-02-27 22:27 - 2024-01-18 07:50 - 000306232 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswVmm.sys
2024-02-27 22:27 - 2024-01-18 07:50 - 000292816 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2024-02-27 22:27 - 2024-01-18 07:50 - 000263632 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2024-02-27 22:27 - 2024-01-18 07:50 - 000093752 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2024-02-27 22:27 - 2024-01-18 07:50 - 000084424 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2024-02-27 22:27 - 2024-01-18 07:50 - 000069176 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2024-02-27 22:27 - 2024-01-18 07:50 - 000028616 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswKbd.sys
2024-02-27 22:27 - 2024-01-18 07:50 - 000027760 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswElam.sys
2024-02-27 22:27 - 2023-06-19 21:08 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2024-02-27 22:27 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-02-27 22:26 - 2024-01-18 07:50 - 000934968 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2024-02-27 22:26 - 2024-01-18 07:50 - 000380360 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2024-02-27 22:26 - 2024-01-18 07:50 - 000230456 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswArPot.sys
2024-02-27 22:20 - 2023-09-23 20:02 - 000000000 ____D C:\Users\hagar\Desktop\Misc
2024-02-27 22:20 - 2023-06-19 21:08 - 000004302 _____ C:\WINDOWS\system32\Tasks\Avast SecureLine VPN Update
2024-02-26 20:51 - 2021-01-17 13:18 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-02-25 17:49 - 2021-03-07 17:21 - 000000000 ____D C:\Users\hagar\AppData\Local\Google
2024-02-25 17:04 - 2020-04-06 05:38 - 000000000 ____D C:\Users\hagar\AppData\Local\D3DSCache
2024-02-25 17:02 - 2020-03-29 15:23 - 000000000 ____D C:\Users\hagar\AppData\Local\Packages
2024-02-25 03:37 - 2020-11-01 13:11 - 000000000 ____D C:\Users\hagar\AppData\Local\CrashDumps
2024-02-24 17:30 - 2023-05-06 17:01 - 000000000 ____D C:\ProgramData\Avast Software
2024-02-24 17:29 - 2023-06-19 21:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-02-24 17:29 - 2023-06-19 20:46 - 000008192 ___SH C:\DumpStack.log.tmp
2024-02-24 17:29 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2024-02-24 17:28 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-02-22 15:26 - 2021-01-05 15:42 - 000000000 ____D C:\Users\hagar\AppData\LocalLow\Temp
2024-02-22 12:00 - 2023-06-20 20:08 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-02-21 10:40 - 2023-06-19 21:09 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-21 10:40 - 2023-06-19 21:09 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-20 16:45 - 2020-04-14 12:16 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-02-20 01:01 - 2020-04-25 14:11 - 000000000 ____D C:\Users\hagar\AppData\Roaming\Microsoft\MMC
2024-02-19 13:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2024-02-18 19:57 - 2023-06-19 20:50 - 000000000 ____D C:\Users\hagar
2024-02-18 19:55 - 2024-01-18 07:22 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2024-02-16 12:16 - 2020-04-14 12:16 - 191155960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-02-14 09:57 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-02-08 20:35 - 2020-03-29 17:53 - 000000000 ____D C:\ProgramData\HP
2024-02-07 16:03 - 2020-03-29 15:23 - 000000000 ____D C:\Users\hagar\3D Objects
2024-02-07 14:32 - 2024-01-30 13:43 - 000000190 ____N C:\Users\hagar\advanced_port_scanner_MAC.bin
2024-02-07 14:32 - 2024-01-30 13:43 - 000000015 ____N C:\Users\hagar\advanced_port_scanner_Comments.bin
2024-02-07 14:32 - 2024-01-30 13:43 - 000000015 ____N C:\Users\hagar\advanced_port_scanner_Aliases.bin
2024-02-06 22:58 - 2023-10-21 22:57 - 000000000 ____D C:\Program Files\Npcap
2024-02-06 02:41 - 2022-03-27 17:59 - 000000000 ____D C:\ProgramData\Package Cache
==================== Files in the root of some directories ========
2023-09-24 12:10 - 2023-09-24 12:10 - 000000036 ____N () C:\Users\hagar\AppData\Local\housecall.guid.cache
2020-07-07 19:56 - 2024-01-18 06:15 - 000007609 ____N () C:\Users\hagar\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by hagar (02-03-2024 00:43:38)
Running from C:\Users\hagar\Downloads
Microsoft Windows 10 Home Version 22H2 19045.3930 (X64) (2023-06-20 02:09:44)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2194266322-2013965336-3330642492-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2194266322-2013965336-3330642492-503 - Limited - Disabled)
Guest (S-1-5-21-2194266322-2013965336-3330642492-501 - Limited - Disabled)
hagar (S-1-5-21-2194266322-2013965336-3330642492-1001 - Administrator - Enabled) => C:\Users\hagar
WDAGUtilityAccount (S-1-5-21-2194266322-2013965336-3330642492-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Total AV (Disabled - Up to date) {0567E33F-93C9-11B5-891D-90A37AEB2766}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Avast One (HKLM\...\Avast Antivirus) (Version: 24.1.6099 - Avast Software)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.13 - Google LLC) Hidden
HP Registration Service (HKLM-x32\...\{4E097B06-83A0-4CDD-A9DB-22F0744FE16A}) (Version: 1.0.0.43 - HP Inc.) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 122.0.2365.52 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 122.0.2365.52 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.78 - Nmap Project)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.19041.1375 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{804A0628-543B-4984-896C-F58BF6A54832}) (Version: 3.7.2204.15001 - Microsoft Corporation)
Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_151.3.1092.0_x64__v10z8vjag6ke6 [2024-01-25] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.4.11.0_x64__v10z8vjag6ke6 [2024-02-19] (HP Inc.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-09-21] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-01-18] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-01-18] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-01-18] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-01-18] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-01-18] (Avast Software s.r.o. -> AVAST Software)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2194266322-2013965336-3330642492-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2194266322-2013965336-3330642492-1001\Software\Microsoft\Internet Explorer\Main,Start Page = msn.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-04-11 18:38 - 2023-06-24 13:58 - 000000832 _____ C:\WINDOWS\system32\drivers\etc\hosts
2020-12-30 02:25 - 2020-12-30 02:25 - 000000444 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2194266322-2013965336-3330642492-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hagar\Downloads\shoot the pc.jpg
DNS Servers: 100.120.136.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
Network Binding:
=============
Avast SecureLine VPN: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Wi-Fi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "AdAwareTray"
HKLM\...\StartupApproved\Run: => "Fortect"
HKLM\...\StartupApproved\Run32: => "ETDCtrl"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "ZALFree"
HKU\S-1-5-21-2194266322-2013965336-3330642492-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2194266322-2013965336-3330642492-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-2194266322-2013965336-3330642492-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-2194266322-2013965336-3330642492-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_C16019AE8F90A6E75BBE8B1B2BCDD80F"
HKU\S-1-5-21-2194266322-2013965336-3330642492-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{44977FA1-6906-4435-94D0-C2E83ABF64DD}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{471AA0FC-D1B0-4A64-8424-F7C7BC378408}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{6D6085B7-2988-4E1B-AEAF-7E9BAAA7BB98}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
==================== Restore Points =========================
02-03-2024 00:18:46 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (03/01/2024 10:47:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.3758 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 17e4
Start Time: 01da6c53c0b7c8b1
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Report Id: 55bb739d-d7ec-41b9-8698-725cb02c63b1
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: ShellFeedsUI
Hang type: Cross-thread
Error: (02/25/2024 07:29:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.3758 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2730
Start Time: 01da67b2c5fc7895
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Report Id: cab8c66d-5279-4909-bc5e-7b4d7b190d74
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: ShellFeedsUI
Hang type: Quiesce
Error: (02/25/2024 04:40:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.19041.3758 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 11d4
Start Time: 01da683302f3c868
Termination Time: 4294967295
Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Report Id: 6e6eec56-b53d-4684-a41f-3732c90a0fb6
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
Hang type: Cross-process
Error: (02/25/2024 03:37:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: msedge.exe, version: 121.0.2277.128, time stamp: 0x65cd44f9
Faulting module name: ntdll.dll, version: 10.0.19041.3636, time stamp: 0x9b64aa6f
Exception code: 0xc00000fd
Fault offset: 0x00000000000a22c7
Faulting process id: 0x2274
Faulting application start time: 0x01da67c5c354f7ec
Faulting application path: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: ab44d08d-5192-45a6-a29d-9902ed66907a
Faulting package full name:
Faulting package-relative application ID:
Error: (02/24/2024 05:41:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.3758 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 1f64
Start Time: 01da67727b210944
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Report Id: 7f4bab3d-b63a-4b1a-ab54-e1c7e1e19c31
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: ShellFeedsUI
Hang type: Quiesce
Error: (02/24/2024 05:30:17 PM) (Source: ESENT) (EventID: 455) (User: )
Description: wuaueng.dll (7688,R,98) SUS20ClientDataStore: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00015.log.
Error: (02/24/2024 12:49:55 AM) (Source: ESENT) (EventID: 455) (User: )
Description: wuaueng.dll (9672,R,98) SUS20ClientDataStore: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00014.log.
Error: (02/23/2024 07:58:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x8007085a, The Workstation service has not been started..
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {6cc1f208-ebcf-4463-9417-69d69c340271}
System errors:
=============
Error: (03/01/2024 11:14:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: 2024-02 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5034763).
Error: (03/01/2024 11:05:11 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.
Error: (03/01/2024 11:05:11 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.
Error: (03/01/2024 11:05:11 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.
Error: (03/01/2024 11:05:11 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.
Error: (03/01/2024 11:05:11 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.
Error: (03/01/2024 11:05:11 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.
Error: (03/01/2024 11:05:12 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{B7224ED7-6650-4B62-96BB-8CC2322184F7} because another computer on the network has the same name. The server could not start.
Windows Defender:
================
Date: 2024-01-17 09:24:40
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-01-17 08:30:51
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-01-09 10:23:48
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-01-08 06:02:50
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
Date: 2024-01-18 07:22:49
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2024-01-08 01:19:19
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.389.320.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.20300.3
Error code: 0x80240022
Error description: The program can't check for definition updates.
Date: 2024-01-08 01:19:19
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.389.320.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.20300.3
Error code: 0x80240022
Error description: The program can't check for definition updates.
CodeIntegrity:
===============
Date: 2024-02-27 22:27:39
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: Insyde F.51 06/21/2018
Motherboard: HP 8423
Processor: Intel® Celeron® CPU N3060 @ 1.60GHz
Percentage of memory in use: 82%
Total physical RAM: 4001.58 MB
Available physical RAM: 688.98 MB
Total Virtual: 5556.87 MB
Available Virtual: 692.76 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:27.89 GB) (Free:1.28 GB) (Model: Samsung BJTD4R) NTFS
\\?\Volume{a9660407-e482-438d-bab7-9997594c12f0}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.39 GB) NTFS
\\?\Volume{a90f1640-3984-4668-9255-4313f838b0bd}\ () (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 33585937)
Partition: GPT.
==================== End of Addition.txt =======================
#28
dennis_l
-
- Malware Response Team
- 3,141 posts
- OFFLINE
- Gender:Male
- Location:UK
- Local time:03:58 AM
Posted 02 March 2024 - 09:06 AM
You mentioned getting a new router in your PM.
This might be a good time to do this, as some of the security options don't seem to be available on your current model.
The port settings can be quite complex to navigate, so here are some Nirsoft tools that should help you with this.
CurrPorts v2.77
IPNetInfo v1.95
Also worth a look is Fing Desktop , but it looks as if you need the paid for version to be fully effective.
I'll go through the new logs and get back to you with my findings.
#29
dennis_l
-
- Malware Response Team
- 3,141 posts
- OFFLINE
- Gender:Male
- Location:UK
- Local time:03:58 AM
Posted 03 March 2024 - 02:18 PM
You probably recall that we removed the following.
Tcpip\..\Interfaces\{fb4390e7-a7cf-47b1-b480-fdc241a059dc}: [NameServer] 100.120.248.1
I see in the new log that this is present.
Tcpip\..\Interfaces\{fb4390e7-a7cf-47b1-b480-fdc241a059dc}: [NameServer] 100.120.136.1
It is also showing as the DNS currently in use.
(NetName: SHARED-ADDRESS-SPACE-RFC6598-IANA-RESERVED)
Did this IP address appear in any of your investigations?
------------------------------------------------------------------------------------------------------
There was a Windows Update error also listed, but it may be resolved now.
Please do this to double check.
Press the Windows logo key + I combination on your keyboard to open the Settings app.
Click on Update and Security.
Select Windows Update and then click the Check for Updates button.
Please advise if any updates were shown and if they installed ok.
#30
AngryOne1Continues
- Topic Starter
-
- Members
- 31 posts
- OFFLINE
- Gender:Not Telling
- Local time:10:58 PM
Posted 03 March 2024 - 11:15 PM
Yes, I recall that removal. What does that mean? Is that the sneaky SOB?
And the Proxy is that also a sneaky SOB?
update Failed to install on 3.3.2024 - 0x80070070
2024-02 Cumulative update Preview for Windows 10 Version 22Hs for x64-based Systems (KB50534843)
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
