Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #1  
Old October 21st, 2019, 11:35 PM
littleone littleone is offline
Senior Member
 
Join Date: Aug 2017
Posts: 119
trojan - Moveds by Murf

I have this new computer to make long story short i had a trojan can ya help me out puter at work
Reply With Quote


  #2  
Old October 22nd, 2019, 08:08 PM
Murf's Avatar
Murf Murf is offline
Moderator
 
Join Date: Oct 2001
O/S: Windows 10 Home
Location: Newport News VA
Age: 74
Posts: 17,172
Need to move this, and I will, over to our Malware Removal Forum.
Reply With Quote
  #3  
Old October 23rd, 2019, 10:28 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,884
Thanks Murf and howdy littleone.

Let's do a scan and check some log results.


For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to the desktop.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to the desktop.

Please run it and click Scan, post back with the 2 logfiles.

Use extra posts here as needed.
Reply With Quote
  #4  
Old October 24th, 2019, 01:17 AM
littleone littleone is offline
Senior Member
 
Join Date: Aug 2017
Posts: 119
Computeer says ts dangerous wont let me dowload
Reply With Quote
  #5  
Old October 24th, 2019, 10:47 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,884
What version of Windows and what browser are you using?
Reply With Quote
  #6  
Old October 24th, 2019, 10:53 PM
littleone littleone is offline
Senior Member
 
Join Date: Aug 2017
Posts: 119
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2019
Ran by Debbie (23-10-2019 18:33:44)
Running from C:\Users\Debbie\Downloads
Windows 10 Home Version 1903 18362.418 (X64) (2019-08-08 21:27:52)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-3358373597-1690568811-3966139131-500 - Administrator - Disabled)
Debbie (S-1-5-21-3358373597-1690568811-3966139131-1001 - Administrator - Enabled) => C:\Users\Debbie
DefaultAccount (S-1-5-21-3358373597-1690568811-3966139131-503 - Limited - Disabled)
Guest (S-1-5-21-3358373597-1690568811-3966139131-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3358373597-1690568811-3966139131-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Total AV (Disabled - Up to date) {AC3490DF-B2AE-610F-9290-A5E6E0CD5323}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 77.0.1803.76 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.5.245.0 - AVAST Software) Hidden
AVG Secure Browser (HKLM-x32\...\AVG Secure Browser) (Version: 77.1.1833.92 - AVG Technologies)
Goodgame Big Farm (HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\Goodgame Big Farm) (Version: - ) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.70 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden
GoTo Opener (HKLM-x32\...\{FCF5FF66-C2FB-45C1-B46E-7A596657B016}) (Version: 1.0.530 - LogMeIn, Inc.)
Malware Crusher (HKLM\...\{FA2268FD-F787-4DD3-B6F1-CA4F706F481E}_is1) (Version: 1.0.1.17 - malwarecrusher.com)
Microsoft OneDrive (HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\OneDriveSetup.exe) (Version: 19.152.0927.0012 - Microsoft Corporation)
RogueKiller version 13.5.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.5.4.0 - Adlice Software)
TotalAV (HKLM-x32\...\TotalAV) (Version: 4.14.31 - TotalAV)

Packages:
=========
Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2 .6.236.0_x64__22t9g3sebte08 [2019-10-19] (AMZN Mobile LLC.) [Startup Task]
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.22. 7.0_x86__kgqvnymyfvs32 [2019-10-05] (king.com)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-09-24] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x64__8wekyb3d8bbwe [2019-08-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x86__8wekyb3d8bbwe [2019-08-13] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireColl ection_4.4.10022.0_x64__8wekyb3d8bbwe [2019-10-08] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463 .0_x64__8wekyb3d8bbwe [2019-09-13] (Microsoft Corporation) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543 .0_x86__zpdnekdrzrea0 [2019-10-11] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-18] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-18] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-18] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-18] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-18] (AVAST Software s.r.o. -> AVAST Software)

==================== Codecs (Whitelisted) ==================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) ==============

2019-10-18 18:31 - 2019-04-02 05:38 - 001445888 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\TotalAV\LIBEAY32.dll
2019-10-18 18:31 - 2019-04-02 05:38 - 000352256 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\TotalAV\SSLEAY32.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

==================== Association (Whitelisted) ===============

==================== Internet Explorer trusted/restricted ===============

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-18 22:49 - 2019-03-18 22:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FD7F8CF3-2A13-4FDA-A728-A659CE71D158}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{20C684A8-E281-44D2-A210-78A340CDCFF8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{178DADB9-3C2B-49C3-8659-1A65C1AEDE54}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{50CAD030-634D-4F29-B03F-14591AC66CC9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{73DB5749-27DA-4315-A445-4130E5F78D19}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C9432E48-1BB6-444C-9FF1-F21B52971E0C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{00FE8E1E-230E-48DF-8115-DFE20AE5749B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{32D24C9D-5F5C-4BF0-B23D-17ADEE77E46F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DEC24571-7334-4548-87F4-8131EBC9F2D3}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{B677EDFA-3867-46E7-9ECC-56DD1036FD9E}] => (Allow) C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe (AVG Technologies USA, Inc. -> AVG Technologies)
FirewallRules: [{40CB6095-74BD-4BC8-A284-AC87FD1ABC1D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

08-10-2019 18:39:20 Windows Update
18-10-2019 16:31:15 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/23/2019 06:34:12 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (10/23/2019 06:27:24 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (10/23/2019 06:13:18 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: AVG Update Helper -- Error 1316. The specified account already exists.

Error: (10/23/2019 06:10:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.18362.1, time stamp: 0xceb8cbe1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x0000000000000204
Faulting process id: 0x618
Faulting application start time: 0x01d589ff6ec0c442
Faulting application path: C:\Windows\System32\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: 277e6fea-2c05-42dc-8d13-6798c96bcf6f
Faulting package full name: Microsoft.MicrosoftEdge_44.18362.387.0_neutral__8w ekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (10/23/2019 05:59:05 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=Net workAvailable

Error: (10/23/2019 05:59:05 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=Net workAvailable

Error: (10/23/2019 05:58:42 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: AVG Update Helper -- Error 1316. The specified account already exists.

Error: (10/23/2019 04:24:04 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.


System errors:
=============
Error: (10/23/2019 05:58:36 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ELI7VR8)
Description: The server Microsoft.WindowsFeedbackHub_1.1903.2331.0_x64__8w ekyb3d8bbwe!App.AppXsdjy3vfbpyyren487rr1k4k8g5t1k8 44.mca did not register with DCOM within the required timeout.

Error: (10/19/2019 09:35:10 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:03:37 PM on ‎10/‎18/‎2019 was unexpected.

Error: (10/18/2019 06:36:55 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The avgbIDSAgent service terminated with the following service-specific error:
%%3758213661

Error: (10/08/2019 11:59:42 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} did not register with DCOM within the required timeout.

Error: (10/08/2019 11:59:41 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} did not register with DCOM within the required timeout.

Error: (09/25/2019 06:29:12 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NZKPSTSNW4P-Microsoft.XboxGamingOverlay.

Error: (09/24/2019 01:29:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NZKPSTSNW4P-Microsoft.XboxGamingOverlay.

Error: (09/23/2019 12:17:41 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NZKPSTSNW4P-Microsoft.XboxGamingOverlay.


Windows Defender:
===================================
Date: 2019-09-11 19:27:17.090
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {EC6C1563-BD7D-4446-92EA-A216D713D4A8}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-09-11 19:00:19.190
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {2672B22E-A4FB-41F8-A428-72AAF1254B9C}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-09-27 16:59:34.354
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.303.217.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16400.2
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-09-26 16:59:23.872
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.303.217.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16400.2
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-09-14 21:28:37.036
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.301.1251.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16300.1
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-09-12 11:49:29.380
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.299.1918.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-09-12 11:49:29.379
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.299.1918.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2019-10-23 18:23:15.220
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-23 18:23:09.838
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-23 18:15:44.924
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-23 18:15:43.718
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-23 18:15:41.825
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-23 18:01:44.229
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-23 18:01:43.972
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-23 17:58:36.181
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: Dell Inc. A11 12/30/2011
Motherboard: Dell Inc. 0D28YY
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 41%
Total physical RAM: 8073.05 MB
Available physical RAM: 4706.43 MB
Total Virtual: 9353.05 MB
Available Virtual: 5262.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.19 GB) (Free:429.16 GB) NTFS
Drive e: (PSDLX23INST) (CDROM) (Total:3.39 GB) (Free:0 GB) CDFS

\\?\Volume{ec7a2b63-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.57 GB) (Free:0.17 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: EC7A2B63)
Partition 1: (Active) - (Size=579 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Reply With Quote
  #7  
Old October 24th, 2019, 10:55 PM
littleone littleone is offline
Senior Member
 
Join Date: Aug 2017
Posts: 119
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2019
Ran by Debbie (23-10-2019 18:33:44)
Running from C:\Users\Debbie\Downloads
Windows 10 Home Version 1903 18362.418 (X64) (2019-08-08 21:27:52)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-3358373597-1690568811-3966139131-500 - Administrator - Disabled)
Debbie (S-1-5-21-3358373597-1690568811-3966139131-1001 - Administrator - Enabled) => C:\Users\Debbie
DefaultAccount (S-1-5-21-3358373597-1690568811-3966139131-503 - Limited - Disabled)
Guest (S-1-5-21-3358373597-1690568811-3966139131-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3358373597-1690568811-3966139131-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Total AV (Disabled - Up to date) {AC3490DF-B2AE-610F-9290-A5E6E0CD5323}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 77.0.1803.76 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.5.245.0 - AVAST Software) Hidden
AVG Secure Browser (HKLM-x32\...\AVG Secure Browser) (Version: 77.1.1833.92 - AVG Technologies)
Goodgame Big Farm (HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\Goodgame Big Farm) (Version: - ) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.70 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden
GoTo Opener (HKLM-x32\...\{FCF5FF66-C2FB-45C1-B46E-7A596657B016}) (Version: 1.0.530 - LogMeIn, Inc.)
Malware Crusher (HKLM\...\{FA2268FD-F787-4DD3-B6F1-CA4F706F481E}_is1) (Version: 1.0.1.17 - malwarecrusher.com)
Microsoft OneDrive (HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\...\OneDriveSetup.exe) (Version: 19.152.0927.0012 - Microsoft Corporation)
RogueKiller version 13.5.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.5.4.0 - Adlice Software)
TotalAV (HKLM-x32\...\TotalAV) (Version: 4.14.31 - TotalAV)

Packages:
=========
Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2 .6.236.0_x64__22t9g3sebte08 [2019-10-19] (AMZN Mobile LLC.) [Startup Task]
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.22. 7.0_x86__kgqvnymyfvs32 [2019-10-05] (king.com)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-09-24] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x64__8wekyb3d8bbwe [2019-08-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x86__8wekyb3d8bbwe [2019-08-13] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireColl ection_4.4.10022.0_x64__8wekyb3d8bbwe [2019-10-08] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463 .0_x64__8wekyb3d8bbwe [2019-09-13] (Microsoft Corporation) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543 .0_x86__zpdnekdrzrea0 [2019-10-11] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-18] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-18] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-18] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-18] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-18] (AVAST Software s.r.o. -> AVAST Software)

==================== Codecs (Whitelisted) ==================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) ==============

2019-10-18 18:31 - 2019-04-02 05:38 - 001445888 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\TotalAV\LIBEAY32.dll
2019-10-18 18:31 - 2019-04-02 05:38 - 000352256 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\TotalAV\SSLEAY32.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

==================== Association (Whitelisted) ===============

==================== Internet Explorer trusted/restricted ===============

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-18 22:49 - 2019-03-18 22:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3358373597-1690568811-3966139131-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FD7F8CF3-2A13-4FDA-A728-A659CE71D158}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{20C684A8-E281-44D2-A210-78A340CDCFF8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{178DADB9-3C2B-49C3-8659-1A65C1AEDE54}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{50CAD030-634D-4F29-B03F-14591AC66CC9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{73DB5749-27DA-4315-A445-4130E5F78D19}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C9432E48-1BB6-444C-9FF1-F21B52971E0C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{00FE8E1E-230E-48DF-8115-DFE20AE5749B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{32D24C9D-5F5C-4BF0-B23D-17ADEE77E46F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DEC24571-7334-4548-87F4-8131EBC9F2D3}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{B677EDFA-3867-46E7-9ECC-56DD1036FD9E}] => (Allow) C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe (AVG Technologies USA, Inc. -> AVG Technologies)
FirewallRules: [{40CB6095-74BD-4BC8-A284-AC87FD1ABC1D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

08-10-2019 18:39:20 Windows Update
18-10-2019 16:31:15 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/23/2019 06:34:12 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (10/23/2019 06:27:24 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (10/23/2019 06:13:18 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: AVG Update Helper -- Error 1316. The specified account already exists.

Error: (10/23/2019 06:10:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.18362.1, time stamp: 0xceb8cbe1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x0000000000000204
Faulting process id: 0x618
Faulting application start time: 0x01d589ff6ec0c442
Faulting application path: C:\Windows\System32\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: 277e6fea-2c05-42dc-8d13-6798c96bcf6f
Faulting package full name: Microsoft.MicrosoftEdge_44.18362.387.0_neutral__8w ekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (10/23/2019 05:59:05 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=Net workAvailable

Error: (10/23/2019 05:59:05 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8;NotificationInterval=1440;Trigger=Net workAvailable

Error: (10/23/2019 05:58:42 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: AVG Update Helper -- Error 1316. The specified account already exists.

Error: (10/23/2019 04:24:04 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.


System errors:
=============
Error: (10/23/2019 05:58:36 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ELI7VR8)
Description: The server Microsoft.WindowsFeedbackHub_1.1903.2331.0_x64__8w ekyb3d8bbwe!App.AppXsdjy3vfbpyyren487rr1k4k8g5t1k8 44.mca did not register with DCOM within the required timeout.

Error: (10/19/2019 09:35:10 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:03:37 PM on ‎10/‎18/‎2019 was unexpected.

Error: (10/18/2019 06:36:55 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The avgbIDSAgent service terminated with the following service-specific error:
%%3758213661

Error: (10/08/2019 11:59:42 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} did not register with DCOM within the required timeout.

Error: (10/08/2019 11:59:41 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} did not register with DCOM within the required timeout.

Error: (09/25/2019 06:29:12 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NZKPSTSNW4P-Microsoft.XboxGamingOverlay.

Error: (09/24/2019 01:29:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NZKPSTSNW4P-Microsoft.XboxGamingOverlay.

Error: (09/23/2019 12:17:41 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NZKPSTSNW4P-Microsoft.XboxGamingOverlay.


Windows Defender:
===================================
Date: 2019-09-11 19:27:17.090
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {EC6C1563-BD7D-4446-92EA-A216D713D4A8}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-09-11 19:00:19.190
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {2672B22E-A4FB-41F8-A428-72AAF1254B9C}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-09-27 16:59:34.354
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.303.217.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16400.2
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-09-26 16:59:23.872
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.303.217.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16400.2
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-09-14 21:28:37.036
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.301.1251.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16300.1
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-09-12 11:49:29.380
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.299.1918.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-09-12 11:49:29.379
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.299.1918.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2019-10-23 18:23:15.220
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-23 18:23:09.838
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-23 18:15:44.924
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-23 18:15:43.718
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-23 18:15:41.825
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-23 18:01:44.229
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-23 18:01:43.972
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-23 17:58:36.181
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: Dell Inc. A11 12/30/2011
Motherboard: Dell Inc. 0D28YY
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 41%
Total physical RAM: 8073.05 MB
Available physical RAM: 4706.43 MB
Total Virtual: 9353.05 MB
Available Virtual: 5262.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.19 GB) (Free:429.16 GB) NTFS
Drive e: (PSDLX23INST) (CDROM) (Total:3.39 GB) (Free:0 GB) CDFS

\\?\Volume{ec7a2b63-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.57 GB) (Free:0.17 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: EC7A2B63)
Partition 1: (Active) - (Size=579 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Reply With Quote
  #8  
Old October 25th, 2019, 11:43 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,884
I don't see any malware, but definitely you need to remove some of that security and search hijacker security software. Uninstall the following, being sure to reboot after:

Avast Secure Browser (search hijacker)
AVG Secure Browser (search hijacker)
Google Update Helper (not needed)
Malware Crusher (not recommended)
TotalAV (security overkill)

I would also opt to uninstall Avast, which can be a fairly intrusive software, and just use Windows Defender, but that's your choice. But post back why you think there is infection on the system please.
Reply With Quote
  #9  
Old October 25th, 2019, 10:13 PM
littleone littleone is offline
Senior Member
 
Join Date: Aug 2017
Posts: 119
ok but I know its on here,,couldn't hook up alexa and they were helping me and I saw it in the start up and alexa still wont connect to this wifi….
Reply With Quote
  #10  
Old October 25th, 2019, 10:18 PM
littleone littleone is offline
Senior Member
 
Join Date: Aug 2017
Posts: 119
the trojan was csrss.exe
Reply With Quote
  #11  
Old October 26th, 2019, 11:20 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,884
That is a legit process. What makes you think it is a trojan? If it was malware camouflaged as that legit process, Avast would have caught that.

Did you uninstall what I suggested.
Reply With Quote
  #12  
Old October 26th, 2019, 10:28 PM
littleone littleone is offline
Senior Member
 
Join Date: Aug 2017
Posts: 119
because it looked strange and I googled it and it said it was, alexa still says it is not safe tp hook on to my wifi,,,and yes I I am working on uninstalling stuff
Reply With Quote
  #13  
Old October 27th, 2019, 07:33 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,884
My gut feeling is that this is just an Alexa software problem.

To make sure, download and run a scan with Malwarebytes. Look through the results for anything listed as malware (not PUP).

But since Avast has a network monitoring process Alexa might be mistaking for malware, I suggest you uninstall Avast, reboot, then try Alexa again.
Reply With Quote
  #14  
Old October 28th, 2019, 12:37 AM
littleone littleone is offline
Senior Member
 
Join Date: Aug 2017
Posts: 119
well i will do the malware but it not te alexa program i bring it home to this house and it works just fine....ty
Reply With Quote
  #15  
Old October 28th, 2019, 11:58 PM
littleone littleone is offline
Senior Member
 
Join Date: Aug 2017
Posts: 119
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/28/19
Scan Time: 4:52 PM
Log File: 8d0e24a8-f9d5-11e9-a0f0-180373172e19.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.627
Update Package Version: 1.0.13101
License: Trial

-System Information-
OS: Windows 10 (Build 18362.418)
CPU: x64
File System: NTFS
User: DESKTOP-ELI7VR8\Debbie

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 259150
Threats Detected: 5
Threats Quarantined: 5
Time Elapsed: 1 min, 10 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 3
PUP.Optional.PCVARK, HKLM\SOFTWARE\TWFsd2FyZUNydXNoZXIuY29t, Quarantined, [483], [556571],1.0.13101
PUP.Optional.GoodGame, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Goodgame Big Farm0, Quarantined, [3893], [597957],1.0.13101
PUP.Optional.GoodGame, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Goodgame Big Farm1, Quarantined, [3893], [597957],1.0.13101

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 1
PUP.Optional.MalwareCrusher, C:\USERS\DEBBIE\APPDATA\ROAMING\MALWARECRUSHER.COM , Quarantined, [1255], [500146],1.0.13101

File: 1
PUP.Optional.TotalAV, C:\USERS\PUBLIC\DESKTOP\TOTALAV.LNK, Quarantined, [4560], [500324],1.0.13101
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 06:48 PM.