Jump to content

Sam02Sngh

Members
  • Content Count

    14
  • Joined

  • Last visited

About Sam02Sngh

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Sorry for the late reply. I had to perform a factory reset. This is the farbar result. Farbar Service Scanner Version: 14-12-2019 Ran by sam02 (administrator) on 30-03-2020 at 10:34:54 Running from "C:\Users\sam02\OneDrive\Desktop" Microsoft Windows 10 Home Single Language (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Security Center: ============ Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv: "%systemroot%\system32\svchost.exe -k netsvcs -p". The ServiceDll of wuauserv service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****
  2. Please help me out I am panicking, my gpu goes idle and shows inactive in the task bar. PLEASE UNDO WHATEVER YOU DID.
  3. Please help me out, now my graphic card is showing inactive. I am worried that my firmware has been affected because my laptop is showing wierd signs. The webcam is also blinks when I tried browsing any site. What could be the issue??
  4. Edit : Turns out I cant even factory reset. It says There was a problem resetting this pc.
  5. Also , do i need to perform all of that again? The tdskiller and roguekiller programs that were used I mean.
  6. I did as you said and my laptop shut down itself and prompted the self diagnosing process that comes from Acer itself. I had to perform a system restore and now many of my apps are not opening. But everything else is working fine. Also, my 1660ti is showing inactive in the task bar. I am guessing that some the fault was with Acer supplied software itself? Either way, what should I do now? I am really computer illiterate and am tensed as to what the problem is. Thank you for your time.
  7. Its still not solved. For example, when I am playing gta 5, fps is 80+ ( while tast manager is open) but goes below 50 when its closed. The issue is as obvious as that. Any fix would be welcome, Thank you.
  8. RogueKiller Anti-Malware V14.3.0.0 (x64) [Mar 23 2020] (Premium) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.18363) 64 bits Started in : Normal mode User : sam02 [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Signatures : 20200323_083304, Driver : Loaded Mode : Standard Scan, Scan -- Date : 2020/03/25 11:13:32 (Duration : 00:06:59) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [Suspicious.Path (Potentially Malicious)] \X-6-8-89-1317838015-1263602325-1123168039-2185\{G5GDX7-9IM7-WML1-CI4A-QKO1ZTU87ZW} -- "C:\ProgramData\amd64_microsoft-windows-e..filter-ux.resources_31bf3856ad364e35_10.0.18362.1_en-us_ebdae9dc3ec49d89\ntvdm64.exe" -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [Miner.Gen (Malicious)] (folder) Intel Rapid -- C:\Users\sam02\AppData\Roaming\Intel Rapid -> Found [PUP.OnlineIO (Potentially Malicious)] (folder) AdvinstAnalytics -- C:\Users\sam02\AppData\Local\AdvinstAnalytics -> Found [PUP.Gen1 (Potentially Malicious)] (folder) DriverSetupUtility -- C:\ProgramData\DriverSetupUtility -> Found [PUP.Gen1 (Potentially Malicious)] (folder) DriverSetupUtility -- C:\Program Files\DriverSetupUtility -> Found [PUP.InnovativeSolutions (Potentially Malicious)] (folder) Innovative Solutions -- C:\Program Files (x86)\Innovative Solutions -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
  9. Thanks for the clear steps! Here is the tdsskiller report : 11:07:35.0511 11512 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 11:07:35.0511 11512 UEFI system 11:07:37.0211 11512 ============================================================ 11:07:37.0211 11512 Current date / time: 2020/03/25 11:07:37.0211 11:07:37.0211 11512 SystemInfo: 11:07:37.0220 11512 11:07:37.0220 11512 OS Version: 6.2.9200 ServicePack: 0.0 11:07:37.0220 11512 Product type: Workstation 11:07:37.0220 11512 ComputerName: LAPTOP-346VSMRE 11:07:37.0221 11512 UserName: sam02 11:07:37.0221 11512 Windows directory: C:\WINDOWS 11:07:37.0221 11512 System windows directory: C:\WINDOWS 11:07:37.0221 11512 Running under WOW64 11:07:37.0221 11512 Processor architecture: Intel x64 11:07:37.0221 11512 Number of processors: 8 11:07:37.0221 11512 Page size: 0x1000 11:07:37.0221 11512 Boot type: Normal boot 11:07:37.0221 11512 ============================================================ 11:07:39.0133 11512 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 11:07:39.0143 11512 Drive \Device\Harddisk1\DR1 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 11:07:39.0147 11512 ============================================================ 11:07:39.0148 11512 \Device\Harddisk0\DR0: 11:07:39.0149 11512 MBR partitions: 11:07:39.0149 11512 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2788D800 11:07:39.0149 11512 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2788E000, BlocksNum 0x2673B800 11:07:39.0149 11512 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x4DFCA000, BlocksNum 0x2673B800 11:07:39.0149 11512 \Device\Harddisk1\DR1: 11:07:39.0149 11512 GPT partitions: 11:07:39.0150 11512 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {F874B886-0ED1-4C24-BCA2-EBE83887F66A}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000 11:07:39.0150 11512 \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {54CB3E5E-15FA-4F95-A01E-E3B07A88A630}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x8000 11:07:39.0150 11512 \Device\Harddisk1\DR1\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {09D2BFDB-A3D5-49C6-8647-6DCAB39D06C7}, Name: Basic data partition, StartLBA 0x3A800, BlocksNum 0x1DAB4800 11:07:39.0150 11512 \Device\Harddisk1\DR1\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {A7014B1E-441F-44CA-B685-D8A96D0C974A}, Name: Basic data partition, StartLBA 0x1DAEF000, BlocksNum 0x200000 11:07:39.0150 11512 MBR partitions: 11:07:39.0150 11512 ============================================================ 11:07:39.0151 11512 😄 <-> \Device\Harddisk1\DR1\Partition3 11:07:39.0219 11512 😧 <-> \Device\Harddisk0\DR0\Partition1 11:07:39.0252 11512 E: <-> \Device\Harddisk0\DR0\Partition2 11:07:39.0289 11512 G: <-> \Device\Harddisk0\DR0\Partition3 11:07:39.0289 11512 ============================================================ 11:07:39.0289 11512 Initialize success 11:07:39.0289 11512 ============================================================ 11:07:42.0514 4668 ============================================================ 11:07:42.0514 4668 Scan started 11:07:42.0514 4668 Mode: Manual; 11:07:42.0514 4668 ============================================================ 11:07:42.0980 4668 ================ Scan system memory ======================== 11:07:42.0981 4668 System memory - ok 11:07:42.0981 4668 ================ Scan services ============================= 11:07:42.0981 4668 ================ Scan global =============================== 11:07:43.0019 4668 [ BCCC12EB2EF644E662A63A023FB83F9B ] C:\WINDOWS\system32\services.exe 11:07:43.0033 4668 [Global] - ok 11:07:43.0033 4668 ================ Scan MBR ================================== 11:07:43.0050 4668 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 11:07:43.0068 4668 \Device\Harddisk0\DR0 - ok 11:07:43.0072 4668 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1 11:07:43.0076 4668 \Device\Harddisk1\DR1 - ok 11:07:43.0077 4668 ================ Scan VBR ================================== 11:07:43.0080 4668 [ 47BF1CDA4CF16EF547AD0D26F6BA2FD7 ] \Device\Harddisk0\DR0\Partition1 11:07:43.0081 4668 \Device\Harddisk0\DR0\Partition1 - ok 11:07:43.0086 4668 [ D413B8508E394CBAD35A3C489C950DA7 ] \Device\Harddisk0\DR0\Partition2 11:07:43.0087 4668 \Device\Harddisk0\DR0\Partition2 - ok 11:07:43.0093 4668 [ CDD2A3CBB5315DD00888350092F96A5E ] \Device\Harddisk0\DR0\Partition3 11:07:43.0094 4668 \Device\Harddisk0\DR0\Partition3 - ok 11:07:43.0099 4668 [ 548D350D40202057295448F0CA3310AD ] \Device\Harddisk1\DR1\Partition1 11:07:43.0100 4668 \Device\Harddisk1\DR1\Partition1 - ok 11:07:43.0106 4668 [ D05ED8AA2F79CD81952BD8A0D2012F12 ] \Device\Harddisk1\DR1\Partition2 11:07:43.0106 4668 \Device\Harddisk1\DR1\Partition2 - ok 11:07:43.0112 4668 [ 82688338A0AF7F4351BC2534AC70EBF8 ] \Device\Harddisk1\DR1\Partition3 11:07:43.0114 4668 \Device\Harddisk1\DR1\Partition3 - ok 11:07:43.0120 4668 [ CBF6B19B571891A052E0BB08E3CB8260 ] \Device\Harddisk1\DR1\Partition4 11:07:43.0121 4668 \Device\Harddisk1\DR1\Partition4 - ok 11:07:43.0123 4668 ============================================================ 11:07:43.0123 4668 Scan finished 11:07:43.0123 4668 ============================================================ 11:07:43.0138 4412 Detected object count: 0 11:07:43.0138 4412 Actual detected object count: 0
  10. I monitored temps and there'a a difference of as much as 25 deg Celsius between idle temps(75) and when task manager is open (50 deg celsius). Also, when removed from charging, laptop fans become less noisy and temps drop to 45degrees. Therefore. whatever running in the background only becomes active once laptop is connected to charging. I have attached the FRST and Addition files as well. Addition.txt FRST.txt Autoruns file attached below LAPTOP-346VSMRE.zip
  11. CPU activity 100% till task manager is opened. I can say that because of the noise the fans make while I am browsing on my laptop (Predator helios 300 2019). Due to this it gets hot. As soon as I open task manager, cpu activity drops back to 10 or less. I have attached activity log below taken from malware bytes support tool. (Sorry for bad english) mbst-grab-results.zip
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.