Login

Register

Login

Register

my antivirus is blocking a website that I didn’t even search up for | #firefox | #chrome | #microsoftedge | #cybersecurity | #infosecurity | #hacker



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-08-2021

Ran by user1 (administrator) on DESKTOP-V9757LH (SAMSUNG ELECTRONICS CO., LTD. 530U4E/540U4E) (06-08-2021 16:15:24)

Running from C:Usersuser1Downloads

Loaded Profiles: user1

Platform: Windows 10 Pro Version 1909 18363.1556 (X64) Language: Hebrew (Israel) -> English (United States)

Default browser: Brave

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe

(Advanced Micro Devices, Inc. -> AMD) C:WINDOWSSystem32DriverStoreFileRepositoryc0360470.inf_amd64_b06c374aee20d185B360357atieclxx.exe

(Advanced Micro Devices, Inc. -> AMD) C:WINDOWSSystem32DriverStoreFileRepositoryc0360470.inf_amd64_b06c374aee20d185B360357atiesrxx.exe

(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:Program FilesAVGAntivirusaswEngSrv.exe

(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:Program FilesAVGAntivirusaswidsagent.exe

(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:Program FilesAVGAntivirusAVGSvc.exe

(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:Program FilesAVGAntivirusavgToolsSvc.exe

(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:Program FilesAVGAntivirusAVGUI.exe <4>

(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:Program FilesAVGAntiviruswsc_proxy.exe

(Brave Software, Inc. -> Brave Software, Inc.) C:Program FilesBraveSoftwareBrave-BrowserApplicationbrave.exe <18>

(Brave Software, Inc. -> BraveSoftware Inc.) C:Program Files (x86)BraveSoftwareUpdateBraveUpdate.exe

(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:Program FilesElantechETDCtrl.exe

(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:Program FilesElantechETDCtrlHelper.exe

(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:Program FilesElantechETDService.exe

(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:Program FilesElantechETDTouch.exe

(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.102GoogleCrashHandler.exe

(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.102GoogleCrashHandler64.exe

(Intel® pGFX -> Intel Corporation) C:WINDOWSSystem32igfxCUIService.exe

(Intel® pGFX -> Intel Corporation) C:WINDOWSSystem32igfxEM.exe

(Intel® pGFX -> Intel Corporation) C:WINDOWSSystem32igfxHK.exe

(Intel® pGFX -> Intel Corporation) C:WINDOWSSystem32igfxTray.exe

(Microsoft Corporation -> Microsoft Corporation) C:WINDOWSMicrosoft.NETFramework64v3.0WPFPresentationFontCache.exe

(Microsoft Windows -> Microsoft Corporation) C:WINDOWSSystem32cmd.exe

(Microsoft Windows -> Microsoft Corporation) C:WINDOWSSystem32smartscreen.exe

(Microsoft Windows -> Microsoft Corporation) C:WINDOWSSystem32SppExtComObj.Exe

(Microsoft Windows -> Microsoft Corporation) C:WINDOWSSystem32Taskmgr.exe

(Microsoft Windows -> Microsoft Corporation) C:WINDOWSSystem32wbemWMIC.exe <2>

(Microsoft Windows -> Microsoft Corporation) C:WINDOWSSysWOW64dllhost.exe

(Piriform Software Ltd -> Piriform Software Ltd) C:Program FilesCCleanerCCleaner64.exe

(Realtek Semiconductor Corp -> Realtek Semiconductor) C:Program FilesRealtekAudioHDARAVBg64.exe

(Realtek Semiconductor Corp -> Realtek Semiconductor) C:Program FilesRealtekAudioHDARAVCpl64.exe

(Softdeluxe) [File not signed] C:Program FilesSoftdeluxeFree Download Managerfdm.exe

(Softdeluxe) [File not signed] C:Program FilesSoftdeluxeFree Download Managerwenativehost.exe

(TeamViewer GmbH -> TeamViewer GmbH) C:Program Files (x86)TeamViewerTeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM…Run: [RtHDVCpl] => C:Program FilesRealtekAudioHDARAVCpl64.exe [14040296 2015-08-28] (Realtek Semiconductor Corp -> Realtek Semiconductor)

HKLM…Run: [RtHDVBg_PushButton] => C:Program FilesRealtekAudioHDARAVBg64.exe [1412840 2015-08-28] (Realtek Semiconductor Corp -> Realtek Semiconductor)

HKLM…Run: [ETDCtrl] => C:Program FilesElantechETDCtrl.exe [3251408 2015-09-23] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)

HKLM…Run: [AVGUI.exe] => C:Program FilesAVGAntivirusAvLaunch.exe [171320 2021-08-06] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

HKUS-1-5-21-342573511-886050875-3055694372-1002…Run: [Discord] => C:Usersuser1AppDataLocalDiscordapp-0.0.305Discord.exe

HKUS-1-5-21-342573511-886050875-3055694372-1002…Run: [SaferVPN] => “C:Program Files (x86)SaferVPN for WindowsSaferVPN.exe” -startReason:autoLaunchOnBoot

HKUS-1-5-21-342573511-886050875-3055694372-1002…Run: [Steam] => C:Program Files (x86)Steamsteam.exe [4109032 2021-06-09] (Valve -> Valve Corporation)

HKUS-1-5-21-342573511-886050875-3055694372-1002…Run: [Free Download Manager] => C:Program FilesSoftdeluxeFree Download Managerfdm.exe [4914688 2021-03-19] (Softdeluxe) [File not signed]

HKUS-1-5-21-342573511-886050875-3055694372-1002…Run: [CCleaner Smart Cleaning] => C:Program FilesCCleanerCCleaner64.exe [35062912 2021-07-16] (Piriform Software Ltd -> Piriform Software Ltd)

HKLM…Windows x64Print Processorssxs1mPC: C:WindowsSystem32spoolprtprocsx64sxs1mpc.dll [33792 2008-10-28] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Server 2003 DDK provider)

HKLM…PrintMonitorssxs1m Langmon: C:WINDOWSsystem32sxs1ml6.dll [22016 2008-10-28] (Microsoft Windows Hardware Compatibility Publisher -> )

HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program Files (x86)GoogleChromeApplication92.0.4515.131Installerchrmstp.exe [2021-08-05] (Google LLC -> Google LLC)

HKLMSoftwareMicrosoftActive SetupInstalled Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:Program FilesBraveSoftwareBrave-BrowserApplication92.1.27.111Installerchrmstp.exe [2021-08-06] (Brave Software, Inc. -> Brave Software, Inc.)

GroupPolicy: Restriction ? <==== ATTENTION

Policies: C:ProgramDataNTUSER.pol: Restriction <==== ATTENTION

HKLMSOFTWAREPoliciesMozillaFirefox: Restriction <==== ATTENTION

HKLMSOFTWAREPoliciesGoogle: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {016FAB8C-C5A6-40A2-ABD7-B7D519E3A99D} – System32TasksRTKCPL => C:Program FilesRealtekAudioHDARAVCpl64.exe [14040296 2015-08-28] (Realtek Semiconductor Corp -> Realtek Semiconductor)

Task: {09BCC9CD-B571-4362-B3F8-04ACBE5C8855} – System32TasksStartDVR => C:Program FilesAMDCNextCNextRSServCmd.exe [69304 2020-08-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

Task: {0D2A0996-4EB0-40DC-A5D8-357C61F538FF} – System32TasksMicrosoftOfficeOfficeTelemetryAgentFallBack2016 => C:Program FilesMicrosoft OfficeOffice16msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

Task: {12E2D649-4397-42EE-B73C-D2B632EBAC6E} – System32TasksAVGOverseer => C:Program FilesCommon FilesAVGOverseeroverseer.exe [1821968 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies)

Task: {157DBA20-A731-4CC5-8CC4-7D07D42E1C74} – System32TasksOpera scheduled Autoupdate 1613676783 => C:Usersuser1AppDataLocalProgramsOperalauncher.exe

Task: {15EC5922-DC57-44C4-B35F-85EEFD2EEDCD} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cache Maintenance => C:ProgramDataMicrosoftWindows Defenderplatform4.18.2101.9-0MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {16D78898-1E62-4A92-8047-EE665606540B} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Verification => C:ProgramDataMicrosoftWindows Defenderplatform4.18.2101.9-0MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {1F8099F1-B999-4DD0-995E-4102C9817514} – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [153168 2017-11-16] (Google Inc -> Google Inc.)

Task: {2A3947CA-8C0B-470E-9AF3-32E5AC8F64E2} – System32TasksOpera scheduled assistant Autoupdate 1622116178 => C:Usersuser1AppDataLocalProgramsOperalauncher.exe -> –scheduledautoupdate –component-name=assistant –component-path=”C:Usersuser1AppDataLocalProgramsOperaassistant” $(Arg0)

Task: {2FA6293A-F563-4FFA-BD0E-CDC0E1E10C9E} – System32TasksBraveSoftwareUpdateTaskMachineCore => C:Program Files (x86)BraveSoftwareUpdateBraveUpdate.exe [162400 2021-04-03] (Brave Software, Inc. -> BraveSoftware Inc.)

Task: {388CA1B9-B532-455F-9BAE-7A0081AB85A2} – System32TasksBraveSoftwareUpdateTaskMachineUA => C:Program Files (x86)BraveSoftwareUpdateBraveUpdate.exe [162400 2021-04-03] (Brave Software, Inc. -> BraveSoftware Inc.)

Task: {4E868E30-E274-41DD-84B3-54DDA7F20829} – System32TasksCCleaner Update => C:Program FilesCCleanerCCUpdate.exe [684976 2021-07-16] (Piriform Software Ltd -> Piriform)

Task: {57F26574-5A4F-453F-813F-385AC8B80770} – System32TasksOpera scheduled Autoupdate 1617971201 => C:Usersuser1AppDataLocalProgramsOperalauncher.exe

Task: {5A06CE14-C84A-48E0-BA10-D6CB4F4E400A} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cleanup => C:ProgramDataMicrosoftWindows Defenderplatform4.18.2101.9-0MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {5E39BC5B-5BC1-4E2B-A2C8-8623BB27FDE7} – System32TasksOpera scheduled Autoupdate 1616945225 => C:Usersuser1AppDataLocalProgramsOperalauncher.exe

Task: {6B8B6542-3C6D-4D38-BB21-6B5E8C1BBA97} – System32TasksCCleanerSkipUAC => C:Program FilesCCleanerCCleaner.exe [29136000 2021-07-16] (Piriform Software Ltd -> Piriform Software Ltd)

Task: {74E266C3-A012-4C0D-8071-D17488828D97} – System32TasksStartCN => C:Program FilesAMDCNextCNextcncmd.exe [61624 2020-08-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

Task: {75B206A6-A973-4438-A11A-A8899EB648F2} – System32TasksOpera scheduled assistant Autoupdate 1613676799 => C:Usersuser1AppDataLocalProgramsOperalauncher.exe -> –scheduledautoupdate –component-name=assistant –component-path=”C:Usersuser1AppDataLocalProgramsOperaassistant” $(Arg0)

Task: {7AB4866E-16C4-488B-89D0-D5BD27BF9AAA} – System32TasksMicrosoftOfficeOfficeTelemetryAgentLogOn2016 => C:Program FilesMicrosoft OfficeOffice16msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

Task: {7B9DE0D4-D2FF-425E-8EE9-58B340025A7A} – System32TasksOpera scheduled assistant Autoupdate 1616945239 => C:Usersuser1AppDataLocalProgramsOperalauncher.exe -> –scheduledautoupdate –component-name=assistant –component-path=”C:Usersuser1AppDataLocalProgramsOperaassistant” $(Arg0)

Task: {85A06064-6BB9-4D9D-BC2C-3E93EFF0E02D} – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [153168 2017-11-16] (Google Inc -> Google Inc.)

Task: {8F039DAD-BB8F-446C-AEEF-32F3EA0B3457} – System32Tasksm8zwclg5fphr => schtasks [Argument = /run /tn 10leqxbp65ch]

Task: {9593C68C-9217-470B-9C40-B9FC1825EAB1} – System32TasksAvast SoftwareOverseer => C:Program FilesCommon FilesAvast SoftwareOverseeroverseer.exe [1790184 2021-04-29] (Avast Software s.r.o. -> Avast Software)

Task: {986DA9BF-6A2B-4C34-9F3B-78CA67416AA0} – System32TasksPingBooster => C:Program Files (x86)PingBoosterPingBooster Client.exe

Task: {9C7D90F0-1E01-4A0A-A7A2-42C39347D81F} – System32TasksOpera scheduled Autoupdate 1622116164 => C:Usersuser1AppDataLocalProgramsOperalauncher.exe

Task: {ABA9C850-AE13-43C1-9058-B56115D11B37} – MicrosoftWindowsUNPRunCampaignManager -> No File <==== ATTENTION

Task: {B174023F-AAF7-41B5-A835-15B5D0956C96} – System32TasksAdobe Acrobat Update Task => C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)

Task: {BF2E1880-90FE-4EE2-A8FE-9F46DE6DDC50} – System32TasksAntivirus Emergency Update => C:Program FilesAVGAntivirusAvEmUpdate.exe [4950328 2021-08-06] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

Task: {C11C8661-8C05-4EED-9D29-BFF631F6DC4E} – System32TasksFreeDownloadManagerHelperService => C:Program FilesSoftdeluxeFree Download Managerhelperservice.exe [144896 2021-03-19] (Softdeluxe) [File not signed]

Task: {CA85BD85-D318-4029-97EB-EA367A9D5AD4} – System32TasksR@1n-KMSWindows64Professional => wmic path SoftwareLicensingProduct where (ID=”2de67392-b7a7-462a-b1ca-108dd189f588″) call Activate

Task: {CB892959-2FE0-4F79-8A38-6BE3B9A2B840} – System32TasksOpera scheduled assistant Autoupdate 1617971230 => C:Usersuser1AppDataLocalProgramsOperalauncher.exe -> –scheduledautoupdate –component-name=assistant –component-path=”C:Usersuser1AppDataLocalProgramsOperaassistant” $(Arg0)

Task: {E20141AD-CE29-4F05-B0B0-6BE5EDDF6CF2} – System32TasksMicrosoftWindowsWaaSMedicMaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}

Task: {EF086D0F-EBD0-4DD7-BFF3-08D9AB57A0B1} – System32TasksMicrosoftOfficeOffice 15 Subscription Heartbeat => C:Program FilesCommon FilesMicrosoft SharedOffice16OLicenseHeartbeat.exe

Task: {F44378C1-FCFD-4983-96DF-081ACF145D26} – System32TasksR@1n-KMSOffice16ProPlus => wmic path SoftwareLicensingProduct where (ID=”d450596f-894d-49e0-966a-fd39ed4c4c64″) call Activate

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:WINDOWSTasksCreateExplorerShellUnelevatedTask.job => C:WINDOWSexplorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

TcpipParameters: [DhcpNameServer] 192.168.0.1

Tcpip..Interfaces{26aac9aa-1d0d-4e82-bb61-347f22d2f215}: [DhcpNameServer] 192.168.0.1

Tcpip..Interfaces{68a3b692-e5c8-4139-987d-02ce04c18c9c}: [DhcpNameServer] 213.57.22.5 8.8.8.8

Tcpip..Interfaces{a5fbadc5-7a22-4255-967e-702d41b0bf66}: [DhcpNameServer] 213.57.2.5 213.57.22.5

Tcpip..Interfaces{ab3003cc-2249-4ce4-a487-a9e24c2f0a8a}: [DhcpNameServer] 213.57.22.5 8.8.8.8

Tcpip..Interfaces{dbc4fa64-2a4a-44b7-88e3-873e5d8c2b2a}: [DhcpNameServer] 213.57.22.5 8.8.8.8

Tcpip..Interfaces{ef4597b9-ec83-454b-b5b1-0120df6d5535}: [DhcpNameServer] 213.57.22.5 8.8.8.8

HKLMSOFTWAREPoliciesMicrosoftInternet Explorer: Restriction <==== ATTENTION

Edge:

=======

Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsAutoFormFill [not found]

Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsBookViewer [not found]

Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsLearningTools [not found]

Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsPinJSAPI [not found]

Edge DefaultProfile: Default

Edge Profile: C:Usersuser1AppDataLocalMicrosoftEdgeUser DataDefault [2021-07-10]

FireFox:

========

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:Program Files (x86)Mozilla Firefoxpluginsnpmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:Program Files (x86)Microsoft OfficeOffice16NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=3 -> C:Program Files (x86)AVGBrowserUpdate1.8.1066.0npAvgBrowserUpdate3.dll [No File]

FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=9 -> C:Program Files (x86)AVGBrowserUpdate1.8.1066.0npAvgBrowserUpdate3.dll [No File]

FF Plugin-x32: Adobe Reader -> C:Program Files (x86)AdobeAcrobat Reader DCReaderAIRnppdf32.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:

=======

CHR DefaultProfile: Default

CHR Profile: C:Usersuser1AppDataLocalGoogleChromeUser DataDefault [2021-07-08]

CHR Extension: (Google Translate) – C:Usersuser1AppDataLocalGoogleChromeUser DataDefaultExtensionsaapbdbdomjkkjkaonfhkkikfgjllcleb [2021-02-26]

CHR Extension: (Slides) – C:Usersuser1AppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2017-12-25]

CHR Extension: (Safe Torrent Scanner) – C:Usersuser1AppDataLocalGoogleChromeUser DataDefaultExtensionsaegnopegbbhjeeiganiajffnalhlkkjb [2021-03-28]

CHR Extension: (Free Download Manager) – C:Usersuser1AppDataLocalGoogleChromeUser DataDefaultExtensionsahmpjcflkgiildlgicmcieglgoilbfdp [2021-03-28]

CHR Extension: (Docs) – C:Usersuser1AppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2017-12-25]

CHR Extension: (Google Drive) – C:Usersuser1AppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2020-12-28]

CHR Extension: (Touch VPN – Secure and unlimited VPN proxy) – C:Usersuser1AppDataLocalGoogleChromeUser DataDefaultExtensionsbihmplhobchoageeokmgbdihknkjbknd [2021-02-16]

CHR Extension: (YouTube) – C:Usersuser1AppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-25]

CHR Extension: (Roblox Stats) – C:Usersuser1AppDataLocalGoogleChromeUser DataDefaultExtensionsdclphmdapapdejhlefddandngjhdkonb [2019-05-14]

CHR Extension: (Adobe Acrobat) – C:Usersuser1AppDataLocalGoogleChromeUser DataDefaultExtensionsefaidnbmnnnibpcajpcglclefindmkaj [2021-03-31]

CHR Extension: (Sheets) – C:Usersuser1AppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2017-12-25]

CHR Extension: (EditThisCookie) – C:Usersuser1AppDataLocalGoogleChromeUser DataDefaultExtensionsfngmhnnpilhplaeedifhccceomclgfbg [2021-05-15]

CHR Extension: (Google Docs Offline) – C:Usersuser1AppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-27]

CHR Extension: (Roblox Profile Finder) – C:Usersuser1AppDataLocalGoogleChromeUser DataDefaultExtensionsjcoekbmieggcgaaamfadbodonempleha [2021-02-24]

CHR Extension: (Roblox+) – C:Usersuser1AppDataLocalGoogleChromeUser DataDefaultExtensionsjfbnmfgkohlfclfnplnlenbalpppohkm [2021-02-08]

CHR Extension: (RoSearcher) – C:Usersuser1AppDataLocalGoogleChromeUser DataDefaultExtensionsjhamlfgelgpjgbifbpepmclhnellfoaa [2021-01-26]

CHR Extension: (Roblox Pro) – C:Usersuser1AppDataLocalGoogleChromeUser DataDefaultExtensionslajchlhgfdaopdpingpkefbggcegkgla [2021-03-25]

CHR Extension: (Roblox DevEst) – C:Usersuser1AppDataLocalGoogleChromeUser DataDefaultExtensionsmjoelkhmpnpbpdblgocjimjabjjdfmpo [2019-05-14]

CHR Extension: (Custom Engines) – C:Usersuser1AppDataLocalGoogleChromeUser DataDefaultExtensionsmkacjhofeafagblkflacbogbkdcmeabf [2021-01-15]

CHR Extension: (Chrome Web Store Payments) – C:Usersuser1AppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]

CHR Extension: (Gmail) – C:Usersuser1AppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2020-12-28]

CHR Extension: (Chrome Media Router) – C:Usersuser1AppDataLocalGoogleChromeUser DataDefaultExtensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-06]

CHR Profile: C:Usersuser1AppDataLocalGoogleChromeUser DataGuest Profile [2021-07-08]

CHR Profile: C:Usersuser1AppDataLocalGoogleChromeUser DataSystem Profile [2021-07-08]

CHR HKUS-1-5-21-342573511-886050875-3055694372-1002SOFTWAREGoogleChromeExtensions…ChromeExtension: [efaidnbmnnnibpcajpcglclefindmkaj]

CHR HKLM-x32…ChromeExtension: [aegnopegbbhjeeiganiajffnalhlkkjb]

CHR HKLM-x32…ChromeExtension: [gnplhahbcoldbildffdchneaepapccbn]

Opera:

=======

OPR Profile: C:Usersuser1AppDataRoamingOpera SoftwareOpera Stable [2021-07-08]

OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}

OPR Extension: (Rich Hints Agent) – C:Usersuser1AppDataRoamingOpera SoftwareOpera StableExtensionsenegjkbbakeegngfapepobipndnebkdk [2021-05-27]

Brave:

=======

BRA Profile: C:Usersuser1AppDataLocalBraveSoftwareBrave-BrowserUser DataDefault [2021-08-06]

BRA Notifications: Default -> hxxps://1.bro4.biz; hxxps://2.bro4.biz; hxxps://linkvertise.com; hxxps://www.reddit.com

BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=brave

BRA DefaultSearchKeyword: Default -> :d

BRA DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list

BRA Extension: (Google Translate) – C:Usersuser1AppDataLocalBraveSoftwareBrave-BrowserUser DataDefaultExtensionsaapbdbdomjkkjkaonfhkkikfgjllcleb [2021-04-03]

BRA Extension: (Free Download Manager) – C:Usersuser1AppDataLocalBraveSoftwareBrave-BrowserUser DataDefaultExtensionsahmpjcflkgiildlgicmcieglgoilbfdp [2021-04-03]

BRA Extension: (Touch VPN – Secure and unlimited VPN proxy) – C:Usersuser1AppDataLocalBraveSoftwareBrave-BrowserUser DataDefaultExtensionsbihmplhobchoageeokmgbdihknkjbknd [2021-04-03]

BRA Extension: (DuckDuckGo) – C:Usersuser1AppDataLocalBraveSoftwareBrave-BrowserUser DataDefaultExtensionsbkdgflcldnnnapblkhphbgpggdiikppg [2021-07-31]

BRA Extension: (SearchBlox) – C:Usersuser1AppDataLocalBraveSoftwareBrave-BrowserUser DataDefaultExtensionsblddohgncmehcepnokognejaaahehncd [2021-07-21]

BRA Extension: (Roblox Stats) – C:Usersuser1AppDataLocalBraveSoftwareBrave-BrowserUser DataDefaultExtensionsdclphmdapapdejhlefddandngjhdkonb [2021-04-03]

BRA Extension: (EditThisCookie) – C:Usersuser1AppDataLocalBraveSoftwareBrave-BrowserUser DataDefaultExtensionsfngmhnnpilhplaeedifhccceomclgfbg [2021-05-15]

BRA Extension: (Metablox) – C:Usersuser1AppDataLocalBraveSoftwareBrave-BrowserUser DataDefaultExtensionsfnmfnlamkbhmkaknaokkfcmkeknkpncb [2021-07-02]

BRA Extension: (Search Manager) – C:Usersuser1AppDataLocalBraveSoftwareBrave-BrowserUser DataDefaultExtensionsgnplhahbcoldbildffdchneaepapccbn [2021-04-03]

BRA Extension: (BTRoblox – Making Roblox Better) – C:Usersuser1AppDataLocalBraveSoftwareBrave-BrowserUser DataDefaultExtensionshbkpclpemjeibhioopcebchdmohaieln [2021-08-06]

BRA Extension: (Roblox Profile Finder) – C:Usersuser1AppDataLocalBraveSoftwareBrave-BrowserUser DataDefaultExtensionsjcoekbmieggcgaaamfadbodonempleha [2021-04-03]

BRA Extension: (Roblox+) – C:Usersuser1AppDataLocalBraveSoftwareBrave-BrowserUser DataDefaultExtensionsjfbnmfgkohlfclfnplnlenbalpppohkm [2021-04-03]

BRA Extension: (RoSearcher) – C:Usersuser1AppDataLocalBraveSoftwareBrave-BrowserUser DataDefaultExtensionsjhamlfgelgpjgbifbpepmclhnellfoaa [2021-06-02]

BRA Extension: (Roblox Pro) – C:Usersuser1AppDataLocalBraveSoftwareBrave-BrowserUser DataDefaultExtensionslajchlhgfdaopdpingpkefbggcegkgla [2021-05-29]

BRA Extension: (Roblox DevEst) – C:Usersuser1AppDataLocalBraveSoftwareBrave-BrowserUser DataDefaultExtensionsmjoelkhmpnpbpdblgocjimjabjjdfmpo [2021-04-03]

BRA Extension: (Speedtest by Ookla) – C:Usersuser1AppDataLocalBraveSoftwareBrave-BrowserUser DataDefaultExtensionspgjjikdiikihdfpoppgaidccahalehjh [2021-07-10]

BRA Extension: (Brave Local Data Files Updater) – C:Usersuser1AppDataLocalBraveSoftwareBrave-BrowserUser Dataafalakplffnnnlkncjhbmahjfjhmlkal [2021-07-29]

BRA Extension: (Brave Ad Block Updater (Default)) – C:Usersuser1AppDataLocalBraveSoftwareBrave-BrowserUser Datacffkpbalmllkdoenhmdmpbkajipdjfam [2021-08-06]

BRA Extension: (Brave Tor Client Updater (Windows)) – C:Usersuser1AppDataLocalBraveSoftwareBrave-BrowserUser Datacpoalefficncklhjfpglfiplenlpccdb [2021-06-23]

BRA Extension: (Brave NTP sponsored images) – C:Usersuser1AppDataLocalBraveSoftwareBrave-BrowserUser Datagccbbckogglekeggclmmekihdgdpdgoe [2021-08-06]

BRA Extension: (Brave NTP Super Referrer mapping table) – C:Usersuser1AppDataLocalBraveSoftwareBrave-BrowserUser Dataheplpbhjcbmiibdlchlanmdenffpiibo [2021-04-03]

BRA Extension: (Brave SpeedReader Updater) – C:Usersuser1AppDataLocalBraveSoftwareBrave-BrowserUser Datajicbkmdloagakknpihibphagfckhjdih [2021-06-29]

BRA Extension: (Brave HTTPS Everywhere Updater) – C:Usersuser1AppDataLocalBraveSoftwareBrave-BrowserUser Dataoofiananboodjbbmdelgdommihjbkfag [2021-08-06]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)

R2 AVG Antivirus; C:Program FilesAVGAntivirusAVGSvc.exe [628024 2021-08-06] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R2 AVG Tools; C:Program FilesAVGAntivirusavgToolsSvc.exe [375096 2021-08-06] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R3 avgbIDSAgent; C:Program FilesAVGAntivirusaswidsagent.exe [8310384 2021-08-06] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R2 AvgWscReporter; C:Program FilesAVGAntiviruswsc_proxy.exe [109480 2021-05-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

S3 BEService; C:Program Files (x86)Common FilesBattlEyeBEService.exe [8403672 2019-07-07] (BattlEye Innovations e.K. -> )

S2 brave; C:Program Files (x86)BraveSoftwareUpdateBraveUpdate.exe [162400 2021-04-03] (Brave Software, Inc. -> BraveSoftware Inc.)

S3 bravem; C:Program Files (x86)BraveSoftwareUpdateBraveUpdate.exe [162400 2021-04-03] (Brave Software, Inc. -> BraveSoftware Inc.)

S3 ProtonVPN Service; C:Program Files (x86)Proton TechnologiesProtonVPNProtonVPNService.exe [111720 2021-07-02] (Proton Technologies AG -> )

S3 ProtonVPN Update Service; C:Program Files (x86)Proton TechnologiesProtonVPNProtonVPN.UpdateService.exe [65128 2021-07-02] (Proton Technologies AG -> )

S3 Sense; C:Program FilesWindows Defender Advanced Threat ProtectionMsSense.exe [6517736 2021-06-30] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 TeamViewer; C:Program Files (x86)TeamViewerTeamViewer_Service.exe [7757552 2017-12-19] (TeamViewer GmbH -> TeamViewer GmbH)

S3 WdNisSvc; C:ProgramDataMicrosoftWindows Defenderplatform4.18.2101.9-0NisSrv.exe [2462960 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WinDefend; C:ProgramDataMicrosoftWindows Defenderplatform4.18.2101.9-0MsMpEng.exe [128376 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)

S2 SaferVPN.Service; “C:Program Files (x86)SaferVPN for WindowsSaferVPN.Service.exe”  -displayname “SaferVPN.Service” -servicename “SaferVPN.Service” [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avgArDisk; C:WINDOWSSystem32driversavgArDisk.sys [35848 2021-08-06] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R1 avgArPot; C:WINDOWSSystem32driversavgArPot.sys [219104 2021-08-06] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R1 avgbidsdriver; C:WINDOWSSystem32driversavgbidsdriver.sys [367696 2021-08-06] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R0 avgbidsh; C:WINDOWSSystem32driversavgbidsh.sys [250448 2021-08-06] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R0 avgbuniv; C:WINDOWSSystem32driversavgbuniv.sys [99440 2021-08-06] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R0 avgElam; C:WINDOWSSystem32driversavgElam.sys [17336 2021-08-06] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)

R1 avgKbd; C:WINDOWSSystem32driversavgKbd.sys [41504 2021-08-06] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R1 avgMonFlt; C:WINDOWSSystem32driversavgMonFlt.sys [184768 2021-08-06] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R1 avgNetHub; C:WINDOWSSystem32driversavgNetHub.sys [559960 2021-08-06] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R1 avgRdr; C:WINDOWSSystem32driversavgRdr2.sys [108552 2021-08-06] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R0 avgRvrt; C:WINDOWSSystem32driversavgRvrt.sys [83064 2021-08-06] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R1 avgSnx; C:WINDOWSSystem32driversavgSnx.sys [851864 2021-08-06] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R1 avgSP; C:WINDOWSSystem32driversavgSP.sys [472072 2021-08-06] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R2 avgStm; C:WINDOWSSystem32driversavgStm.sys [215544 2021-08-06] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R0 avgVmm; C:WINDOWSSystem32driversavgVmm.sys [328720 2021-08-06] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

S3 BthA2dp; C:WINDOWSSystem32driversBthA2dp.sys [231936 2019-09-19] (Microsoft Corporation) [File not signed]

S3 ProtonVPNCallout; C:Program Files (x86)Proton TechnologiesProtonVPNx64Win10ProtonVPN.CalloutDriver.sys [34176 2021-05-28] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)

R3 RadioHIDMini; C:WINDOWSSystem32driversRadioHIDMini.sys [32168 2015-07-16] (Samsung Electronics CO., LTD. -> Windows ® Win 7 DDK provider)

R1 SaferVPNmmfilter; C:WINDOWSSystem32driversSaferVPNmmfilter.sys [78856 2020-09-24] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)

S3 tap0901; C:WINDOWSSystem32driverstap0901.sys [40664 2013-08-22] (OpenVPN Technologies, Inc. -> The OpenVPN Project)

S3 tapnordvpn; C:WINDOWSSystem32driverstapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)

R3 tapprotonvpn; C:WINDOWSSystem32driverstapprotonvpn.sys [49024 2020-12-30] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)

S3 WdBoot; C:WINDOWSsystem32driverswdWdBoot.sys [49552 2021-02-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C:WINDOWSsystem32driverswdWdFilter.sys [419040 2021-02-12] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [71912 2021-02-12] (Microsoft Windows -> Microsoft Corporation)

R3 wintun; C:WINDOWSsystem32DRIVERSwintun.sys [38704 2021-07-22] (WireGuard LLC -> WireGuard LLC)

U1 aswbdisk; no ImagePath

S3 bntap; SystemRootSystem32driversbntap.sys [X]

S1 cncucsgf; ??C:WINDOWSsystem32driverscncucsgf.sys [X]

S1 dylbakzn; ??C:WINDOWSsystem32driversdylbakzn.sys [X]

S1 fzvasyvg; ??C:WINDOWSsystem32driversfzvasyvg.sys [X]

S3 hsstap; SystemRootSystem32drivershsstap.sys [X]

S1 owbfyoxc; ??C:WINDOWSsystem32driversowbfyoxc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-06 16:17 – 2021-08-06 16:17 – 000000994 _____ C:Usersuser1DesktopFRST64 – Shortcut.lnk

2021-08-06 16:13 – 2021-08-06 16:17 – 000032326 _____ C:Usersuser1DownloadsFRST.txt

2021-08-06 16:12 – 2021-08-06 16:16 – 000000000 ____D C:FRST

2021-08-06 02:36 – 2021-08-06 02:36 – 000340280 _____ (AVG Technologies CZ, s.r.o.) C:WINDOWSsystem32avgBoot.exe

2021-08-06 02:36 – 2021-08-06 02:36 – 000215544 _____ (AVG Technologies CZ, s.r.o.) C:WINDOWSsystem32DriversavgStm.sys

2021-08-03 12:51 – 2021-08-03 12:51 – 002300416 _____ (Farbar) C:Usersuser1DownloadsFRST64.exe

2021-07-25 22:58 – 2021-07-25 22:58 – 000385453 _____ C:Usersuser1Downloadspoggers_based_cringe.mp4

2021-07-25 21:51 – 2021-07-25 21:52 – 000000000 ____D C:Usersuser1Downloadskrnl

2021-07-25 21:51 – 2021-07-25 21:51 – 002989056 _____ () C:Usersuser1Downloadskrnl_console_bootstrapper.exe

2021-07-25 21:51 – 2021-07-25 21:51 – 000643584 _____ (Igor Pavlov) C:Usersuser1Downloads7za.exe

2021-07-25 19:35 – 2021-07-25 19:40 – 000000000 ____D C:Program FilesRecuva

2021-07-25 19:35 – 2021-07-25 19:35 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsRecuva

2021-07-25 19:34 – 2021-07-25 19:34 – 005562976 _____ (Piriform Ltd) C:Usersuser1Downloadsrcsetup153.exe

2021-07-24 23:48 – 2021-07-24 23:48 – 000000000 ____D C:Usersuser1AppDataRoamingEaseUS

2021-07-24 23:48 – 2021-07-24 23:48 – 000000000 ____D C:ProgramDataSystemAcCrux

2021-07-24 23:44 – 2021-07-24 23:44 – 000000000 ____D C:Program FilesEaseUS

2021-07-24 23:18 – 2021-07-25 23:59 – 000000000 ____D C:Usersuser1DownloadsOxygen_U

2021-07-24 23:14 – 2021-07-24 23:18 – 000172544 _____ () C:Usersuser1DownloadsOXY_Installer.exe

2021-07-22 23:43 – 2021-07-22 23:43 – 000000000 ____D C:Usersuser1AppDataLocalOxygen_U

2021-07-22 22:58 – 2021-07-22 22:59 – 000000000 ____D C:ProgramDataProtonVPN

2021-07-22 22:58 – 2021-07-22 22:58 – 000000000 ____D C:Usersuser1AppDataLocalToastNotificationManagerCompat

2021-07-22 22:58 – 2021-07-22 22:58 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsProtonVPN

2021-07-22 22:55 – 2021-07-22 22:59 – 000000000 ____D C:Usersuser1AppDataLocalProtonVPN

2021-07-22 22:55 – 2021-07-22 22:55 – 000038704 ____T (WireGuard LLC) C:WINDOWSsystem32Driverswintun.sys

2021-07-22 22:52 – 2021-07-22 22:52 – 000000000 ____D C:Usersuser1AppDataRoamingProton Technologies AG

2021-07-22 22:50 – 2021-07-22 22:50 – 018876336 _____ (Proton Technologies AG) C:Usersuser1DownloadsProtonVPN_win_v1.21.2.exe

2021-07-15 23:35 – 2021-07-15 23:35 – 000649618 _____ C:Usersuser1Downloads(3) Home – Roblox.html

2021-07-15 23:35 – 2021-07-15 23:35 – 000000000 ____D C:Usersuser1Downloads(3) Home – Roblox_files

2021-07-15 20:59 – 2021-07-15 20:59 – 000000000 ____D C:Usersuser1DownloadsACLib

2021-07-15 16:26 – 2021-07-15 16:26 – 003103968 _____ (DT001) C:Usersuser1AppDataLocalsetup47530.exe

2021-07-15 02:36 – 2021-07-15 02:36 – 003103968 _____ (DT001) C:Usersuser1AppDataLocalsetup47892.exe

2021-07-11 21:21 – 2021-07-11 21:21 – 000000000 ____D C:Program Files (x86)Fluxus

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-06 16:15 – 2021-02-23 13:42 – 000000000 ____D C:Usersuser1Downloadsscripts

2021-08-06 16:10 – 2021-07-03 22:46 – 000000000 ____D C:Program FilesCCleaner

2021-08-06 16:08 – 2017-12-25 19:45 – 000000000 __SHD C:Usersuser1IntelGraphicsProfiles

2021-08-06 16:08 – 2017-11-16 11:47 – 000000000 ____D C:Program Files (x86)Google

2021-08-06 16:07 – 2019-03-19 07:52 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft

2021-08-06 16:05 – 2019-07-31 17:32 – 000000006 ____H C:WINDOWSTasksSA.DAT

2021-08-06 16:05 – 2019-07-31 17:09 – 000000000 ____D C:Usersuser1

2021-08-06 16:05 – 2019-07-31 16:56 – 000000000 ____D C:WINDOWSsystem32SleepStudy

2021-08-06 15:38 – 2019-07-27 13:31 – 000000000 ___DC C:WINDOWSPanther

2021-08-06 15:19 – 2021-02-18 20:23 – 000000000 ____D C:ProgramDataAVG

2021-08-06 15:15 – 2019-03-19 07:37 – 000786432 _____ C:WINDOWSsystem32configBBI

2021-08-06 15:15 – 2019-03-19 07:37 – 000032768 _____ C:WINDOWSsystem32configELAM

2021-08-06 15:15 – 2018-10-07 14:33 – 000065536 _____ C:WINDOWSsystem32spu_storage.bin

2021-08-06 02:38 – 2021-02-18 20:27 – 000003992 _____ C:WINDOWSsystem32TasksAntivirus Emergency Update

2021-08-06 02:36 – 2021-05-20 21:30 – 000017336 _____ (AVG Technologies CZ, s.r.o.) C:WINDOWSsystem32DriversavgElam.sys

2021-08-06 02:36 – 2021-02-18 20:26 – 000851864 _____ (AVG Technologies CZ, s.r.o.) C:WINDOWSsystem32DriversavgSnx.sys

2021-08-06 02:36 – 2021-02-18 20:26 – 000559960 _____ (AVG Technologies CZ, s.r.o.) C:WINDOWSsystem32DriversavgNetHub.sys

2021-08-06 02:36 – 2021-02-18 20:26 – 000472072 _____ (AVG Technologies CZ, s.r.o.) C:WINDOWSsystem32DriversavgSP.sys

2021-08-06 02:36 – 2021-02-18 20:26 – 000367696 _____ (AVG Technologies CZ, s.r.o.) C:WINDOWSsystem32Driversavgbidsdriver.sys

2021-08-06 02:36 – 2021-02-18 20:26 – 000328720 _____ (AVG Technologies CZ, s.r.o.) C:WINDOWSsystem32DriversavgVmm.sys

2021-08-06 02:36 – 2021-02-18 20:26 – 000250448 _____ (AVG Technologies CZ, s.r.o.) C:WINDOWSsystem32Driversavgbidsh.sys

2021-08-06 02:36 – 2021-02-18 20:26 – 000219104 _____ (AVG Technologies CZ, s.r.o.) C:WINDOWSsystem32DriversavgArPot.sys

2021-08-06 02:36 – 2021-02-18 20:26 – 000184768 _____ (AVG Technologies CZ, s.r.o.) C:WINDOWSsystem32DriversavgMonFlt.sys

2021-08-06 02:36 – 2021-02-18 20:26 – 000108552 _____ (AVG Technologies CZ, s.r.o.) C:WINDOWSsystem32DriversavgRdr2.sys

2021-08-06 02:36 – 2021-02-18 20:26 – 000099440 _____ (AVG Technologies CZ, s.r.o.) C:WINDOWSsystem32Driversavgbuniv.sys

2021-08-06 02:36 – 2021-02-18 20:26 – 000083064 _____ (AVG Technologies CZ, s.r.o.) C:WINDOWSsystem32DriversavgRvrt.sys

2021-08-06 02:36 – 2021-02-18 20:26 – 000041504 _____ (AVG Technologies CZ, s.r.o.) C:WINDOWSsystem32DriversavgKbd.sys

2021-08-06 02:36 – 2021-02-18 20:26 – 000035848 _____ (AVG Technologies CZ, s.r.o.) C:WINDOWSsystem32DriversavgArDisk.sys

2021-08-06 02:36 – 2019-03-19 07:52 – 000000000 ___HD C:WINDOWSELAMBKUP

2021-08-06 00:25 – 2021-04-03 23:57 – 000002324 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsBrave.lnk

2021-08-06 00:25 – 2021-04-03 23:57 – 000002283 _____ C:UsersPublicDesktopBrave.lnk

2021-08-05 22:23 – 2021-04-10 01:00 – 000000000 ____D C:Usersuser1AppDataRoamingMicrosoftWindowsStart MenuProgramsRoblox

2021-08-05 21:13 – 2021-04-05 00:26 – 000000000 ____D C:Usersuser1AppDataLocalElevatedDiagnostics

2021-08-05 18:34 – 2017-11-16 11:47 – 000002295 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk

2021-08-05 18:26 – 2021-01-01 17:09 – 000003480 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineUA

2021-08-05 18:26 – 2021-01-01 17:09 – 000003356 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineCore

2021-08-05 18:26 – 2019-07-31 17:32 – 000003420 _____ C:WINDOWSsystem32TasksGoogleUpdateTaskMachineUA

2021-08-05 18:26 – 2019-07-31 17:32 – 000003296 _____ C:WINDOWSsystem32TasksGoogleUpdateTaskMachineCore

2021-08-01 03:07 – 2021-05-27 14:49 – 000003854 _____ C:WINDOWSsystem32TasksOpera scheduled assistant Autoupdate 1622116178

2021-08-01 03:07 – 2021-05-27 14:49 – 000003600 _____ C:WINDOWSsystem32TasksOpera scheduled Autoupdate 1622116164

2021-08-01 03:07 – 2020-12-27 00:28 – 000000000 ____D C:WINDOWSsystem32TasksAvast Software

2021-08-01 03:06 – 2021-07-03 22:46 – 000002988 _____ C:WINDOWSsystem32TasksCCleaner Update

2021-08-01 03:06 – 2021-07-03 22:46 – 000002234 _____ C:WINDOWSsystem32TasksCCleanerSkipUAC

2021-08-01 03:06 – 2019-07-31 17:32 – 000002854 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task-S-1-5-21-342573511-886050875-3055694372-1002

2021-07-31 23:13 – 2018-06-08 12:43 – 000000000 ____D C:Usersuser1AppDataLocalD3DSCache

2021-07-31 22:01 – 2019-12-07 18:57 – 000000000 ___HD C:$WINDOWS.~BT

2021-07-31 22:00 – 2019-07-31 17:31 – 000150498 _____ C:WINDOWSdiagwrn.xml

2021-07-31 22:00 – 2019-07-31 17:31 – 000150498 _____ C:WINDOWSdiagerr.xml

2021-07-31 21:55 – 2021-01-01 17:10 – 000002438 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk

2021-07-30 22:29 – 2019-03-19 07:52 – 000000000 ____D C:WINDOWSAppReadiness

2021-07-30 16:40 – 2019-03-19 14:58 – 000000000 ____D C:WINDOWSOCR

2021-07-30 16:40 – 2019-03-19 07:37 – 000000000 ____D C:WINDOWSCbsTemp

2021-07-29 23:45 – 2019-03-19 07:52 – 000000000 ___HD C:Program FilesWindowsApps

2021-07-29 23:42 – 2019-03-19 07:52 – 000000000 ____D C:WINDOWSsystem32SecureBootUpdates

2021-07-28 01:47 – 2020-12-27 01:23 – 000000000 ____D C:Usersuser1AppDataLocalCrashDumps

2021-07-26 21:18 – 2019-07-31 17:09 – 000002379 _____ C:Usersuser1AppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk

2021-07-26 21:18 – 2017-12-25 19:47 – 000000000 ___RD C:Usersuser1OneDrive

2021-07-25 22:33 – 2019-07-31 17:19 – 001743340 _____ C:WINDOWSsystem32PerfStringBackup.INI

2021-07-25 22:33 – 2019-03-19 07:50 – 000000000 ____D C:WINDOWSINF

2021-07-25 22:33 – 2016-02-13 15:54 – 000749540 _____ C:WINDOWSsystem32perfh00D.dat

2021-07-25 22:33 – 2016-02-13 15:54 – 000160208 _____ C:WINDOWSsystem32perfc00D.dat

2021-07-25 19:48 – 2020-12-29 16:56 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsSaferVPN for Windows

2021-07-25 19:47 – 2021-05-06 01:04 – 000000000 ____D C:Usersuser1DesktopNew folder

2021-07-22 22:55 – 2021-02-11 17:36 – 000000000 ____D C:Program Files (x86)Proton Technologies

2021-07-21 18:38 – 2018-10-09 19:49 – 000000250 _____ C:Usersuser1AppDataLocalLowrbxcsettings.rbx

2021-07-18 00:22 – 2019-07-07 23:21 – 000000000 ____D C:ProgramDataPackage Cache

2021-07-15 17:06 – 2021-05-06 01:41 – 000000000 ____D C:Usersuser1Downloadsset-ups

2021-07-15 16:27 – 2021-05-27 14:48 – 000000036 _____ C:Usersuser1AppDataLocallink.txt

2021-07-15 16:26 – 2021-05-27 14:47 – 000000000 ____D C:Usersuser1AppDataLocalDT001

2021-07-13 23:54 – 2018-10-09 19:49 – 000000000 ____D C:Usersuser1AppDataLocalRoblox

2021-07-13 21:33 – 2017-11-16 10:58 – 000000000 ____D C:WINDOWSsystem32MRT

2021-07-13 21:30 – 2017-11-16 10:57 – 133422552 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe

2021-07-13 15:43 – 2019-03-19 07:52 – 000000000 ____D C:WINDOWSsystem32NDF

==================== Files in the root of some directories ========

2021-04-10 01:31 – 2021-04-10 01:32 – 000000208 _____ () C:Usersuser1AppDataRoamingjjv5conf.json

2021-05-27 14:48 – 2021-07-15 16:27 – 000000036 _____ () C:Usersuser1AppDataLocallink.txt

2021-04-09 15:24 – 2021-04-09 23:37 – 000016438 _____ () C:Usersuser1AppDataLocalpartner.bmp

2021-05-27 14:46 – 2021-05-27 14:46 – 003103968 _____ (DT001) C:Usersuser1AppDataLocalsetup13807.exe

2021-07-15 16:26 – 2021-07-15 16:26 – 003103968 _____ (DT001) C:Usersuser1AppDataLocalsetup47530.exe

2021-07-15 02:36 – 2021-07-15 02:36 – 003103968 _____ (DT001) C:Usersuser1AppDataLocalsetup47892.exe

2021-02-18 22:29 – 2021-02-18 22:29 – 002931720 _____ (DT001) C:Usersuser1AppDataLocalsetup53106.exe

2021-06-24 15:37 – 2021-06-24 15:37 – 003103968 _____ (DT001) C:Usersuser1AppDataLocalsetup68590.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================



Original Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


Ads

NATIONAL CYBER SECURITY RADIO

Ads

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW