Tyrannosaur29

Thanks Kevin Never knew that about the disk space tip. Thanks for letting me know! I got the Full Scan result back, 951828 files analysed, 0 detections. Malwarebytes and adwcleaner reported no detections too.

I don't know if this had any relevance but the hard disk space was like 100mb-300mb free and the Internet was disconnected when that Quick Scan that picked up something ran. The Kaspersky Quick Scan setting was set to Extreme too.

Hi Kevin, In the last 24 hours did see 2 things which were a bit weird. The first was a watermark saying Please activate Windows 10 - go to Settings, which had already appeared once about a month ago. I went to settings and refreshed that and it went away. The second things was I ran a Kaspersky Quick Scan just now just after I disconnected my VPN and Internet were offline and it said 1 file/object was detected, but couldn't find it anywhere in Quarantine. I ran a second scan minutes later, which apparently analysed less files and it didn't find anything. This is a bit strange. I think I will run a full system scan now on all the files.

I hope so. Guess I can just keep watch from here on out for weird behaviour and stay safe.

Here's the RogueKiller log, as requested: RogueKiller Anti-Malware V14.8.6.0 (x64) [Mar 24 2021] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.19042) 64 bits Started in : Normal mode User : lianh [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Signatures : 20210423_062556, Driver : Loaded Mode : Standard Scan, Scan -- Date : 2021/04/25 07:05:21 (Duration : 00:06:46) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Hi Kevin, Thank you. Yes, that program's a part of my college lecture recordings. It's likely I installed it around early April. OK. I will continue on, and will post here if anything comes up again. Thank you so much for your time and for helping me. Cheers and have a good day!

Hi Kevin, Thanks for replying and for helping. I have attached the link : https://www.virustotal.com/gui/file/761c6dd74cba4d3810e783f6c979e5d95d361ce3e88cb15ac05fbd6a04b08a53/summary Cheers

For Addition.txt, it generated some results in French so I've translated here the section on Application (Program) Errors and System Errors below: Application errors: ================== Error: (04/24/2021 08:17:16 PM) (Source: Application Error) (EventID: 1000) (User:) Description: Name of the failed application mbamtray.exe, version: 4.0.0.974, timestamp: 0x607861f0 Name of the failing module: Qt5Core.dll, version: 5.14.1.0, timestamp: 0x603971ce Exception code: 0xc0000005 Error offset: 0x0000000000219dc5 Faulting process ID: 0x13a8 Start time of the failed application: 0x01d739031a0198e3 Faulting application path: C: \ Program Files \ Malwarebytes \ Anti-Malware \ mbamtray.exe Faulty module path: C: \ Program Files \ Malwarebytes \ Anti-Malware \ Qt5Core.dll Report ID: 2c8c3ba0-895a-45b8-8e1b-235d86ff823c Full name of the failed package: Application ID relating to the faulty package: Error: (04/24/2021 08:12:07 PM) (Source: OVRServiceLauncher) (EventID: 0) (User:) Description: Event-ID 0 Error: (04/24/2021 08:12:07 PM) (Source: FMAPOService) (EventID: 4) (User:) Description: Event-ID 4 Error: (04/24/2021 08:12:07 PM) (Source: FMAPOService) (EventID: 2) (User:) Description: Event-ID 2 Error: (04/24/2021 08:12:07 PM) (Source: FMAPOService) (EventID: 4) (User:) Description: Event-ID 4 Error: (04/24/2021 08:12:07 PM) (Source: FMAPOService) (EventID: 2) (User:) Description: Event-ID 2 Error: (04/24/2021 07:47:59 PM) (Source: Bonjour Service) (EventID: 100) (User:) Description: Client application bug: DNSServiceResolve (mobile._epoccam._tcp.local.) Active for over two minutes. This places considerable burden on the network. Error: (04/24/2021 04:50:14 PM) (Source: Bonjour Service) (EventID: 100) (User:) Description: Client application bug: DNSServiceResolve (mobile._epoccam._tcp.local.) Active for over two minutes. This places considerable burden on the network. System Errors part: Error: (04/24/2021 08:42:32 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-B03RVFCV) Description: The Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c! App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca server did not register with DCOM before the time expired. Error: (04/24/2021 08:15:06 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY) Description: A fatal error occurred while creating client credentials for TLS. Internal error state: 10013. Error: (04/24/2021 08:14:35 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-B03RVFCV) Description: The Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c! App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca server did not register with DCOM before the time expired. Error: (04/24/2021 08:13:19 PM) (Source: BugCheck) (EventID: 1001) (User:) Description: The computer has restarted after checking for error. The error check was: 0x0000010e (0x0000000000000033, 0xffff800055890d60, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C: \ WINDOWS \ MEMORY.DMP. Report ID: 23126147-bb89-40c1-90d0-d3c7729199bc. Error: (04/24/2021 08:12:38 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-B03RVFCV) Description: The Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c! App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca server did not register with DCOM before the time expired. Error: (04/24/2021 08:12:05 PM) (Source: EventLog) (EventID: 6008) (User:) Description: The system shutdown prior to 8:02:29 PM on 04/04/2021 was not expected. Error: (04/24/2021 07:48:57 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-B03RVFCV) Description: The Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c! App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca server did not register with DCOM before the time expired. Error: (04/24/2021 07:25:04 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-B03RVFCV) Description: The Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c! App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca server did not register with DCOM before the time expired.

AdwCleaner[S30].txt MBAM.txt FRST.txt Addition.txt

Hello all, so I got redirected to a bad site 3 days ago. I immediately ran Kaspersky, adwcleaner, Malwarebytes but nothing came up. But Virustotal said 2/70 something AV's had pinged the site as malicious with sophos flagging it as 'malware callhome, command and control'. Recently I found that in Youtube, typing would lag a lot but nowhere else. And today when on Reddit after waking my computer, I found I could no longer use the keyboard. I restarted just now and the screen said it was repairing C drive first. I let that happen then upon logging in Kaspersky said it noted it could not launch the previous login and had to send an error report, but it loaded up now. Am I infected by something?

Hi Nasdaq, No alerts of the same type since talking to you. Thank you so much!! Cheers, Tyrannosaur29

Dear Nasdaq, Thanks so much for helping me with this. I am not syncing Firefox or Edge with other devices, but noted your advice on actions with Firefox and Edge. No files were found in Quarantine for Malwarebytes. I have run FRST and please find the Fixlog attached. Thanks, Tyrannosaur29 Fixlog.txt

FRST.txt, Addition.txt and Malwarebytes scan log attached. Addition.txt FRST.txt MB log.txt

Hi guys, Malwarebytes has been informing me of Outbound Connection - Blocked Website - Trojan as an RTP detection in the log. Previously this happened a lot when running a torrent program - QbitTorrent (since uninstalled) but since yesterday, this notification has been showing up for Firefox.exe and now MicrosoftEdgeCP.exe, my two browsers. Kaspersky Total Security and Malwarebytes scans do not show any detected things. Is there something serious and could you please help me fix it? Thanks, Tyrannosaur29