Jump to content

Reef

Members
  • Content Count

    9
  • Joined

  • Last visited

About Reef

  • Rank
    New Member
  1. Hey dude, Thank You so much. U made so relieved. Again, thank you👍
  2. Hi, I ran the results and i am kinda relieved that it says "Your Computer Is Clean". Am I safe now?
  3. For now there are no problems but my concerns are if the virus is fully removed or if they are still there but just hidden. Do I need to be worried about it in the future. I really don't want it to be regenerating itself.
  4. Here are the logs Fix result of Farbar Recovery Scan Tool (x64) Version: 30-05-2020 01 Ran by User (31-05-2020 23:38:04) Run:1 Running from C:\Users\User\Downloads Loaded Profiles: User Boot Mode: Normal ============================================== fixlist content: ***************** SystemRestore: On CreateRestorePoint: FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION S2 bdredline; "C:\Program Files\Bitdefender Antivirus Free\bdredline.exe" [X] S2 updatesrv; "C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe" /service [X] S2 vsserv; "C:\Program Files\Bitdefender Antivirus Free\vsserv.exe" /service [X] S2 vsservppl; "C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe" /service [X] R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [939544 2020-05-29] (McAfee, LLC -> McAfee, LLC) U3 avgbdisk; no ImagePath 2020-05-29 21:09 - 2020-05-29 21:31 - 000000000 ____D C:\Users\User\AppData\Roaming\AVG 2020-05-29 21:09 - 2020-05-29 21:09 - 000000000 ____D C:\Users\User\AppData\Local\Avg 2020-05-29 20:45 - 2020-05-29 21:31 - 000000000 ____D C:\ProgramData\AVG ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [486] AlternateDataStreams: C:\Users\User\ntuser.ini:NTV [12524] C:\Program Files\ByteFence CMD: winmgmt /verifyrepository Hosts: EmptyTemp: ***************** SystemRestore: On => completed Restore point was successfully created. HKLM\SOFTWARE\Policies\Mozilla => removed successfully HKLM\SOFTWARE\Policies\Google => removed successfully HKLM\System\CurrentControlSet\Services\bdredline => removed successfully bdredline => service removed successfully HKLM\System\CurrentControlSet\Services\updatesrv => removed successfully updatesrv => service removed successfully HKLM\System\CurrentControlSet\Services\vsserv => removed successfully vsserv => service removed successfully HKLM\System\CurrentControlSet\Services\vsservppl => removed successfully vsservppl => service removed successfully McAfee WebAdvisor => Unable to stop service. HKLM\System\CurrentControlSet\Services\McAfee WebAdvisor => removed successfully McAfee WebAdvisor => service removed successfully HKLM\System\CurrentControlSet\Services\avgbdisk => removed successfully avgbdisk => service removed successfully C:\Users\User\AppData\Roaming\AVG => moved successfully C:\Users\User\AppData\Local\Avg => moved successfully C:\ProgramData\AVG => moved successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully C:\Users\User\ntuser.ini => ":NTV" ADS removed successfully "C:\Program Files\ByteFence" => not found ========= winmgmt /verifyrepository ========= WMI repository is consistent ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 7626752 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 56813954 B Java, Flash, Steam htmlcache => 247827042 B Windows/system/drivers => 39066293 B Edge => 1282475 B Chrome => 410000513 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 120030 B NetworkService => 10595458 B User => 2718158253 B RecycleBin => 1288947189 B EmptyTemp: => 4.5 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 23:39:15 ==== --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.81, (build 5.81.16832.1) Started On Mon May 11 16:35:45 2020 Engine: 1.1.16800.2 Signatures: 1.311.96.0 MpGear: 1.1.16330.1 Run Mode: Scan Run From Windows Update Results Summary: ---------------- No infection found. Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Mon May 11 16:36:50 2020 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.82, (build 5.82.17046.2) Started On Thu May 14 19:58:27 2020 Engine: 1.1.16900.4 Signatures: 1.313.2734.0 MpGear: 1.1.16330.1 Run Mode: Scan Run From Windows Update Results Summary: ---------------- No infection found. Successfully Submitted MAPS Report Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 20:01:15 2020 Return code: 0 (0x0)
  5. Oh sorry I forgot. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-05-2020 01 Ran by User (31-05-2020 20:53:25) Running from C:\Users\User\Downloads Windows 10 Pro Version 1909 18363.836 (X64) (2019-11-13 08:16:54) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3758651894-3439947011-3621728283-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3758651894-3439947011-3621728283-503 - Limited - Disabled) Guest (S-1-5-21-3758651894-3439947011-3621728283-501 - Limited - Disabled) User (S-1-5-21-3758651894-3439947011-3621728283-1001 - Administrator - Enabled) => C:\Users\User WDAGUtilityAccount (S-1-5-21-3758651894-3439947011-3621728283-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.10.16 - Advanced Micro Devices, Inc.) Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.3.8 - Electronic Arts, Inc.) APP Shop v1.0.46 (HKLM-x32\...\{90242E9B-BC60-46E3-8EE7-8E953F702280}_is1) (Version: 1.0.46 - ASRock Inc.) Balanced (HKLM-x32\...\{0EA45DD4-A825-420C-AFED-C659EFE3B84F}) (Version: 4.00.0000 - Advanced Micro Devices, Inc.) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 100.0.1 - Bitdefender) Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.17.178 - Bitdefender) Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version: - Blizzard Entertainment) Discord (HKU\S-1-5-21-3758651894-3439947011-3621728283-1001\...\Discord) (Version: 0.0.306 - Discord Inc.) Epic Games Launcher (HKLM-x32\...\{1D4EB18B-0FEE-444E-B4D1-6F2CFBC363E6}) (Version: 1.1.267.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Futuremark SystemInfo (HKLM-x32\...\{9266535B-CFD6-4696-A167-4D68ED5AD303}) (Version: 5.27.826.0 - Futuremark) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.61 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.1868.1 - Rockstar Games) Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.) Java 8 Update 251 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180251F0}) (Version: 8.0.2510.8 - Oracle Corporation) Kinect for Windows Speech Recognition Language Pack (en-AU) (HKLM-x32\...\{48CEC0A3-AE10-4EE3-AC62-76D3D58792E5}) (Version: 11.0.7400.336 - Microsoft Corporation) Kinect for Windows Speech Recognition Language Pack (en-CA) (HKLM-x32\...\{9C5505DA-F9C1-46CB-9F8F-AC38F8EA518A}) (Version: 11.0.7400.336 - Microsoft Corporation) Kinect for Windows Speech Recognition Language Pack (en-GB) (HKLM-x32\...\{A0186231-0A8B-455A-8A25-B64AABCC11A6}) (Version: 11.0.7400.336 - Microsoft Corporation) Kinect for Windows Speech Recognition Language Pack (en-IE) (HKLM-x32\...\{998D5259-3BED-4710-98FF-D63387B5429E}) (Version: 11.0.7400.336 - Microsoft Corporation) Kinect for Windows Speech Recognition Language Pack (en-NZ) (HKLM-x32\...\{07FC9CAD-FCEC-4186-BB83-EF7CCC9372BA}) (Version: 11.0.7400.336 - Microsoft Corporation) Kinect for Windows Speech Recognition Language Pack (en-US) (HKLM-x32\...\{8AAA44BB-487E-4D01-AF76-484ACB90DBFE}) (Version: 11.0.7400.336 - Microsoft Corporation) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech) Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes) McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.102 - McAfee, LLC) Microsoft OneDrive (HKU\S-1-5-21-3758651894-3439947011-3621728283-1001\...\OneDriveSetup.exe) (Version: 20.064.0329.0008 - Microsoft Corporation) Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation) Microsoft Server Speech Recognition Language - TELE (en-IN) (HKLM-x32\...\{3B06AC90-DE68-44A9-95EB-0A3C1AF1514F}) (Version: 11.0.7400.335 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation) MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD) NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 3.20.3.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.3.63 - NVIDIA Corporation) NVIDIA Graphics Driver 446.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 446.14 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.38.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.26 - NVIDIA Corporation) NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) NVIDIA USBC Driver 1.38.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.38.831.832 - NVIDIA Corporation) OEM Application Profile (HKLM-x32\...\{84AD2AF7-10C8-0395-66F9-FFAEB4C5DBF1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) OpenIV (HKU\S-1-5-21-3758651894-3439947011-3621728283-1001\...\OpenIV) (Version: 4.0.1401 - .black/OpenIV Team) Origin (HKLM-x32\...\Origin) (Version: 10.5.70.40362 - Electronic Arts, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.35.510.2019 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8730.1 - Realtek Semiconductor Corp.) RivaTuner Statistics Server 7.2.3 (HKLM-x32\...\RTSS) (Version: 7.2.3 - Unwinder) Roblox Player for User (HKU\S-1-5-21-3758651894-3439947011-3621728283-1001\...\roblox-player) (Version: - Roblox Corporation) Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.23.252 - Rockstar Games) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.5.5 - Rockstar Games) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TechPowerUp GPU-Z (HKLM-x32\...\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1) (Version: - TechPowerUp) WhatsApp (HKU\S-1-5-21-3758651894-3439947011-3621728283-1001\...\WhatsApp) (Version: 2.2019.8 - WhatsApp) WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH) Packages: ========= Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-05-11] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-05-11] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-11] (Microsoft Studios) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-05-11] (Microsoft Corporation) [MS Ad] MusicBee -> C:\Program Files\WindowsApps\50072StevenMayall.MusicBee_3.3.6.0_x86__kcr266et74avj [2020-05-16] (Steven Mayall) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.956.0_x64__56jybvy8sckqj [2019-11-13] (NVIDIA Corp.) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.3.183.0_x64__dt26b99r8h8gj [2020-05-12] (Realtek Semiconductor Corp) WiFi Analyzer -> C:\Program Files\WindowsApps\19965MATTHAFNER.WIFIANALYZER_2.6.1.0_x64__gs5k5vmxr2ste [2020-05-20] (Matt Hafner) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-30] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d5216eae94436d77\nvshext.dll [2020-05-19] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-30] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-29] () [File not signed] HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-29] () [File not signed] ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2020-05-16 17:10 - 2020-05-16 17:10 - 000034392 _____ ((: JOBnik! [Arthur Aminov, ISRAEL]) [File not signed] C:\Program Files\WindowsApps\50072StevenMayall.MusicBee_3.3.6.0_x86__kcr266et74avj\win32\bass_fx.dll 2020-05-16 17:10 - 2020-05-16 17:10 - 000101376 _____ () [File not signed] C:\Program Files\WindowsApps\50072StevenMayall.MusicBee_3.3.6.0_x86__kcr266et74avj\win32\MusicBeeBass.dll 2020-05-12 14:37 - 2020-05-12 14:37 - 001655296 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL 2020-05-12 14:37 - 2020-05-12 14:37 - 000047104 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_bc1d1e5b0be08790\MFC80ENU.DLL 2020-05-13 12:03 - 2020-05-20 19:46 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll 2020-05-13 12:03 - 2020-05-20 19:46 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll 2020-05-13 12:03 - 2020-05-20 19:46 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll 2020-05-20 19:46 - 2020-05-20 19:46 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll 2020-05-20 19:46 - 2020-05-20 19:46 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll 2020-05-20 19:46 - 2020-05-20 19:46 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll 2020-05-20 19:46 - 2020-05-20 19:46 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll 2020-05-20 19:46 - 2020-05-20 19:46 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll 2020-05-20 19:46 - 2020-05-20 19:46 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll 2020-05-16 17:10 - 2020-05-16 17:10 - 000127669 _____ (Un4seen Developments) [File not signed] C:\Program Files\WindowsApps\50072StevenMayall.MusicBee_3.3.6.0_x86__kcr266et74avj\win32\bass.dll 2020-05-16 17:10 - 2020-05-16 17:10 - 000019478 _____ (Un4seen Developments) [File not signed] C:\Program Files\WindowsApps\50072StevenMayall.MusicBee_3.3.6.0_x86__kcr266et74avj\win32\basscd.dll 2020-05-16 17:10 - 2020-05-16 17:10 - 000020700 _____ (Un4seen Developments) [File not signed] C:\Program Files\WindowsApps\50072StevenMayall.MusicBee_3.3.6.0_x86__kcr266et74avj\win32\bassmix.dll 2020-05-16 17:10 - 2020-05-16 17:10 - 000012166 _____ (Un4seen Developments) [File not signed] C:\Program Files\WindowsApps\50072StevenMayall.MusicBee_3.3.6.0_x86__kcr266et74avj\win32\basswasapi.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [486] AlternateDataStreams: C:\Users\User\ntuser.ini:NTV [12524] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-03-19 12:49 - 2020-05-31 15:02 - 000002103 _____ C:\Windows\system32\drivers\etc\hosts 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 rp.yefeneri2.com 0.0.0.0 os.yefeneri2.com 0.0.0.0 os2.yefeneri2.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;; HKU\S-1-5-21-3758651894-3439947011-3621728283-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\yifei-liu-nRvwpCrw5Ks-unsplash.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKU\S-1-5-21-3758651894-3439947011-3621728283-1001\...\StartupApproved\Run: => "Battle.net" HKU\S-1-5-21-3758651894-3439947011-3621728283-1001\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_DD3B34B51295CA4CE249213732CEC2F8" HKU\S-1-5-21-3758651894-3439947011-3621728283-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3758651894-3439947011-3621728283-1001\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-3758651894-3439947011-3621728283-1001\...\StartupApproved\Run: => "EADM" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{1E5E5DE0-0F55-4B64-9264-677EBCEB7AD1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{37B265F8-B4AF-4131-9400-700A5E81AFFC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{6A5BCA24-4384-45DD-A491-56FF0BC10FE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{0C8F7A60-B7A1-41FD-8185-48809A76E777}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{B76A6A17-45AA-4B1A-A10C-7A7E2997DEFB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{EBD5BF65-AD83-4423-9355-21A75BEB844F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{7306B2E1-269D-4606-AB81-A50331DB1825}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{EC6AF571-342D-4C10-B2B7-351EBC82C08B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{01BFA2B9-5414-41D8-92A0-EFE002178701}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{3B885614-3D27-421A-85B7-6BE1AC0DBBD1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{402AEADF-569A-4F31-BE17-022C9719B25F}] => (Allow) G:\SteamLibrary\steamapps\common\F1 2018\F1_2018.exe (Codemasters Software Company Limited) [File not signed] FirewallRules: [{7B6CBB3B-11F0-4251-9B7F-9C18C91C204B}] => (Allow) G:\SteamLibrary\steamapps\common\F1 2018\F1_2018.exe (Codemasters Software Company Limited) [File not signed] FirewallRules: [TCP Query User{21AA0480-064B-476D-8447-DAA240AB16FD}G:\games\battle.net\call of duty modern warfare\modernwarfare.exe] => (Allow) G:\games\battle.net\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision) FirewallRules: [UDP Query User{E61F8716-060C-45F6-AF49-141E8945A17D}G:\games\battle.net\call of duty modern warfare\modernwarfare.exe] => (Allow) G:\games\battle.net\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision) FirewallRules: [TCP Query User{C0293690-B9F8-49C7-BF0C-41316B362BA7}G:\games\gta\grand theft auto v\gta5.exe] => (Allow) G:\games\gta\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [UDP Query User{2251402D-2A83-4652-AD6F-E3BBC4B86852}G:\games\gta\grand theft auto v\gta5.exe] => (Allow) G:\games\gta\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [{8D152727-FD7D-4EB7-AC6B-C6B527B0795E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{EEE9C3BF-418C-4FDC-8051-C03E9E1541FB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{013A723B-7FDA-4854-812C-A8639F0D8904}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{95BBF1C5-0881-405D-A189-67CDBC3449D9}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [TCP Query User{AD52744A-2531-47AB-972C-BB94FDE8F854}G:\games\gtav\gtav\gta5.exe] => (Allow) G:\games\gtav\gtav\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [UDP Query User{3BCAC90C-7636-4F50-8C9C-211D59A07C7A}G:\games\gtav\gtav\gta5.exe] => (Allow) G:\games\gtav\gtav\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [{53FDB2CB-7F74-4B43-99ED-5FD800967089}] => (Allow) G:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes) FirewallRules: [{4F25E4D2-EE43-4E3E-87B5-229D1336EF3D}] => (Allow) G:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes) FirewallRules: [{40F67402-AC7B-4B52-8D29-88C978597945}] => (Allow) G:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes) FirewallRules: [{B3C9F91D-CA55-46BD-AFD9-C8FEE38CD15B}] => (Allow) G:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> ) FirewallRules: [{14DBBA90-AF59-4F07-B299-400FCD731263}] => (Allow) G:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes) FirewallRules: [{2473D3C6-9B95-4068-A96A-DCBC91CBCCBC}] => (Allow) G:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes) FirewallRules: [{DB714AA7-4F31-42BA-92DC-C5FD48C2BB63}] => (Allow) G:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes) FirewallRules: [{C58358E0-028B-41CD-852E-0525F0F4D03A}] => (Allow) G:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> ) FirewallRules: [{2B27E9EF-3C59-41B7-AD81-05937FDD6145}] => (Allow) G:\SteamLibrary\steamapps\common\LEGO Marvel's Avengers\LEGOMARVELAvengers.exe (Travellers Tales (UK) Ltd -> Warner Bros. Interactive Entertainment) FirewallRules: [{479F5161-3987-4F5B-8504-6FE4D2B7ECDE}] => (Allow) G:\SteamLibrary\steamapps\common\LEGO Marvel's Avengers\LEGOMARVELAvengers.exe (Travellers Tales (UK) Ltd -> Warner Bros. Interactive Entertainment) FirewallRules: [{45A318A3-525D-4F03-AF65-274131FC643B}] => (Allow) G:\SteamLibrary\steamapps\common\3DMark\3DMarkLauncher.exe (FUTUREMARK INC -> Futuremark) FirewallRules: [{D0CE9287-DA33-4DA7-AE2C-4AC1BA97D6FB}] => (Allow) G:\SteamLibrary\steamapps\common\3DMark\3DMarkLauncher.exe (FUTUREMARK INC -> Futuremark) FirewallRules: [TCP Query User{97D4B6E1-8388-49EF-8C03-4416D24C80FA}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File FirewallRules: [UDP Query User{489CDFE8-DC65-465E-92C1-E2E5234054F3}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File FirewallRules: [{DB9E4E3A-5ECD-4CF0-BCE6-27DAE53DE64E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{5A453047-5304-45CC-ABE2-15AD5B7999CA}C:\program files\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_251\bin\javaw.exe FirewallRules: [UDP Query User{2296123D-5307-4324-8709-B79A70C74B2A}C:\program files\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_251\bin\javaw.exe FirewallRules: [{1A8A6424-CA81-408D-9182-912D23D9982C}] => (Allow) G:\SteamLibrary\steamapps\common\3DMark\bin\x86\3DMark.exe (FUTUREMARK INC -> ) FirewallRules: [{25D80DCB-9BD4-4B79-AB9F-D59512693E10}] => (Allow) G:\SteamLibrary\steamapps\common\3DMark\bin\x86\3DMark.exe (FUTUREMARK INC -> ) FirewallRules: [{209247BA-E752-45D6-97EF-3776546D0DEE}] => (Allow) G:\SteamLibrary\steamapps\common\3DMark\bin\x64\3DMark.exe (FUTUREMARK INC -> ) FirewallRules: [{11C49E1E-3391-48EE-B1E4-0318E325FE66}] => (Allow) G:\SteamLibrary\steamapps\common\3DMark\bin\x64\3DMark.exe (FUTUREMARK INC -> ) ==================== Restore Points ========================= ATTENTION: System Restore is disabled (Total:118.61 GB) (Free:26.36 GB) (22%) ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (05/30/2020 11:04:38 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program bdagent.exe version 1.0.17.177 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 8f0 Start Time: 01d6368887c7da57 Termination Time: 60000 Application Path: C:\Program Files\Bitdefender Antivirus Free\bdagent.exe Report Id: 30360999-8482-4606-8666-0602319c4ce4 Faulting package full name: Faulting package-relative application ID: Hang type: Unknown Error: (05/29/2020 10:06:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: heaven.exe, version: 1.0.0.0, time stamp: 0x511b9e02 Faulting module name: d3d11.dll, version: 10.0.18362.387, time stamp: 0x475a8f58 Exception code: 0xc0000005 Fault offset: 0x0014af1c Faulting process id: 0x19b0 Faulting application start time: 0x01d635c0b8cc7201 Faulting application path: G:\Heaven Benchmark 4.0\bin\heaven.exe Faulting module path: C:\Windows\SYSTEM32\d3d11.dll Report Id: a6398351-b53e-416c-b29e-fa65b040afd6 Faulting package full name: Faulting package-relative application ID: Error: (05/29/2020 09:31:35 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (05/29/2020 09:31:35 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (05/28/2020 05:26:48 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY) Description: Windows cannot load the extensible counter DLL "C:\Windows\system32\sysmain.dll" (Win32 error code 126). Error: (05/28/2020 12:23:52 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_SNOOZED. Error: (05/28/2020 12:21:01 AM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Security Center failed to validate caller with error %1. Error: (05/27/2020 05:57:01 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Security Center failed to validate caller with error %1. System errors: ============= Error: (05/31/2020 08:48:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The vsserv service failed to start due to the following error: The system cannot find the file specified. Error: (05/31/2020 08:48:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The vsservppl service failed to start due to the following error: The system cannot find the file specified. Error: (05/31/2020 08:48:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The updatesrv service failed to start due to the following error: The system cannot find the file specified. Error: (05/31/2020 08:48:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The bdredline service failed to start due to the following error: The system cannot find the file specified. Error: (05/31/2020 08:48:50 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126 Error: (05/31/2020 08:48:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MBAMChameleon service failed to start due to the following error: The system cannot find the file specified. Error: (05/31/2020 08:48:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service. Error: (05/31/2020 08:48:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Bitdefender Product Agent Service service terminated unexpectedly. It has done this 1 time(s). Windows Defender: =================================== Date: 2020-05-31 14:59:23.009 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Misleading:Win32/Fybents&threatid=272037&enterprise=0 Name: Misleading:Win32/Fybents ID: 272037 Severity: High Category: Potentially Unwanted Software Path: file:_C:\Program Files\ByteFence\ByteFence.exe; process:_pid:10624,ProcessStart:132353811744729287; process:_pid:8232,ProcessStart:132353818807522152; regkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ByteFence; uninstall:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ByteFence Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.317.266.0, AS: 1.317.266.0, NIS: 1.317.266.0 Engine Version: AM: 1.1.17100.2, NIS: 1.1.17100.2 Date: 2020-05-31 14:58:03.741 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Misleading:Win32/Fybents&threatid=272037&enterprise=0 Name: Misleading:Win32/Fybents ID: 272037 Severity: High Category: Potentially Unwanted Software Path: file:_C:\Program Files\ByteFence\ByteFence.exe; regkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ByteFence; uninstall:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ByteFence Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.317.266.0, AS: 1.317.266.0, NIS: 1.317.266.0 Engine Version: AM: 1.1.17100.2, NIS: 1.1.17100.2 Date: 2020-05-31 14:57:27.712 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Misleading:Win32/Fybents&threatid=272037&enterprise=0 Name: Misleading:Win32/Fybents ID: 272037 Severity: High Category: Potentially Unwanted Software Path: file:_C:\Program Files\ByteFence\ByteFence.exe; file:_C:\Program Files\ByteFence\ByteFenceService.exe; file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware\ByteFence Anti-Malware.lnk; file:_C:\Windows\System32\Tasks\ByteFence->(UTF-16LE); process:_pid:3240,ProcessStart:132353254365582354; process:_pid:9076,ProcessStart:132353254859968896; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA234CDD-7A37-4A7D-96B2-8481408DC491}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence; regkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ByteFence; service:_ByteFenceService; startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware\ByteFence Anti-Malware.lnk; taskscheduler:_C:\Windows\System32\Tasks\ByteFence; uninstall:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ByteFence Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: C:\Program Files\ByteFence\ByteFence.exe Security intelligence Version: AV: 1.317.266.0, AS: 1.317.266.0, NIS: 1.317.266.0 Engine Version: AM: 1.1.17100.2, NIS: 1.1.17100.2 Date: 2020-05-30 23:28:41.799 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Misleading:Win32/Fybents&threatid=272037&enterprise=0 Name: Misleading:Win32/Fybents ID: 272037 Severity: High Category: Potentially Unwanted Software Path: file:_C:\Program Files\ByteFence\ByteFence.exe; file:_C:\Program Files\ByteFence\ByteFenceService.exe; process:_pid:3240,ProcessStart:132353254365582354; process:_pid:9076,ProcessStart:132353254859968896; service:_ByteFenceService Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: C:\Program Files\ByteFence\ByteFence.exe Security intelligence Version: AV: 1.317.266.0, AS: 1.317.266.0, NIS: 1.317.266.0 Engine Version: AM: 1.1.17100.2, NIS: 1.1.17100.2 Date: 2020-05-31 15:01:02.085 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80508023 Error description: The program could not find the malware and other potentially unwanted software on this device. Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2020-05-30 23:16:19.643 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.317.54.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.17100.2 Error code: 0x80240022 Error description: The program can't check for definition updates. Date: 2020-05-30 23:16:19.611 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.317.54.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.17100.2 Error code: 0x80240022 Error description: The program can't check for definition updates. CodeIntegrity: =================================== Date: 2020-05-31 15:01:13.378 Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bitdefender Antivirus Free\bdamsi\264642006458580000\antimalware_provider64.dll that did not meet the Windows signing level requirements. Date: 2020-05-31 15:01:11.232 Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bitdefender Antivirus Free\bdamsi\264642006458580000\antimalware_provider64.dll that did not meet the Windows signing level requirements. Date: 2020-05-31 15:01:09.145 Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bitdefender Antivirus Free\bdamsi\264642006458580000\antimalware_provider64.dll that did not meet the Windows signing level requirements. Date: 2020-05-31 15:01:07.067 Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bitdefender Antivirus Free\bdamsi\264642006458580000\antimalware_provider64.dll that did not meet the Windows signing level requirements. Date: 2020-05-31 15:01:04.961 Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bitdefender Antivirus Free\bdamsi\264642006458580000\antimalware_provider64.dll that did not meet the Windows signing level requirements. Date: 2020-05-31 15:01:02.886 Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bitdefender Antivirus Free\bdamsi\264642006458580000\antimalware_provider64.dll that did not meet the Windows signing level requirements. Date: 2020-05-31 15:01:01.116 Description: Code Integrity determined that a process (\Device\HarddiskVolume6\ProgramData\Microsoft\Windows Defender\Platform\4.18.2004.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bitdefender Antivirus Free\bdamsi\264642006458580000\antimalware_provider64.dll that did not meet the Microsoft signing level requirements. Date: 2020-05-31 15:01:00.965 Description: Code Integrity determined that a process (\Device\HarddiskVolume6\ProgramData\Microsoft\Windows Defender\Platform\4.18.2004.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bitdefender Antivirus Free\bdamsi\264642006458580000\antimalware_provider64.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. P3.70 11/13/2019 Motherboard: ASRock A320M-HDV R4.0 Processor: AMD Ryzen 3 3200G with Radeon Vega Graphics Percentage of memory in use: 57% Total physical RAM: 8119.32 MB Available physical RAM: 3417.8 MB Total Virtual: 19895.32 MB Available Virtual: 12863.98 MB ==================== Drives ================================ Drive 😄 () (Fixed) (Total:118.61 GB) (Free:26.36 GB) NTFS Drive g: (1TB Hardrive) (Fixed) (Total:931.5 GB) (Free:386.79 GB) NTFS \\?\Volume{c02d1aae-cdb8-4b2e-a2b0-f2e89ee26d5e}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS \\?\Volume{8152ea50-9af9-4405-9538-7e5ad27518fa}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 1 (Protective MBR) (Size: 119.2 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt =======================
  6. Im very sorry but I don't think I can use "Copy To Clipboard" my suspect is that it is too long. I tried it twice and it says error 504. Again sorry for the inconvenience. Malware3.txt
  7. Hi, thank you for replying. The one for the first might be different because before I recieved the steps i had already quaritine the folders without saving the log, sorry but I did a second scan for the first step. FileMalwarebyte.txt AdwCleaner[C00].txt FRST_31-05-2020 20.54.28.txt
  8. I think I need help removing an Adware virus identified from Bitdefender. I tried to delete it, but it seems to come back, also, i can't seem to enter the temp folder. There are quite a few but this is one of them. "Item was blocked. Threat name: Adware.Dealply.1.Gen. Path C:\Windows\Temp\tmp000001f6\tmp00001367." I really hope someone could assist me.
  9. I think I need help removing an Adware virus identified from Bitdefender. I tried to delete it, but it seems to come back, also, i can't seem to enter the temp folder. There are quite a few but this is one of them. "Item was blocked. Threat name: Adware.Dealply.1.Gen. Path C:\Windows\Temp\tmp000001f6\tmp00001367." I really hope someone could assist me.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.