Hi, so I am at a loss as to what to do about this hacker that keeps gaining access to my windows 10 computer. Yesterday, I reformatted my laptop hard drive ( for the third time) and reinstalled windows. I installed Malwareybytes, Kaspersky and spybot immediately upon getting into windows 10. After an hour or so, upon working on the fresh OS, the first indicator I got that the hacking continued was from Kaspersky total security. It stated that there was "an error while scanning the encrypted connection with cs.emxdgt.com." Since then, I have continued to get this message randomly.
Additionally, I logged into the computer tonight and found my main screen had been resized and the bit rate changed to 6-bit. The hacker quickly saw that i had returned and gave me back access to my monitor. The windows temp file folder and other new file folders on my c drive is how I have been tracking suspicious activity this evening. Also, there are all sorts of tell tale sigs of the hack, including: Office.clicktorun.exe files , office.telemtry.dynamicconfig files disabling windows defender, office telemetry, Winsxs, Reinstallation of internet explorer, Microsoft Framework installation of: ... system.identitymodel, System workflow.activities, System.runtime.serilization, SysWOW64 files being updated, empty notepad logs FFS, FFS_0, FFS_1, and empty file folders such as AppReadiness, CbsTemp, and more....
The latest file i just found is from a windows update log and I have pasted it below:
Windows Update logs are now generated using ETW (Event Tracing for Windows).
Please run the Get-WindowsUpdateLog PowerShell command to convert ETW traces into a readable WindowsUpdate.log.
For more information, please visit https://go.microsoft.com/fwlink/?LinkId=518345
What is event tracing for windows? It doesn't sound good. Nor does "Office.ClickToRun.RepomanLogger", and "officeclicktorun.exe_streamserver(2021030719504711D4)"
It appears that they have given themselves access to special permissions in windows at the root level. The file folder {53139AC9-0495-4835-8A1B-3B9E5CBEED43} is of particular interest as i cant open it, change the permissions, or delete it.
See attached screenshot and the most recent logs from windows temp.
I have followed the steps for google chrome unsync as recommended by Malwarebytes, I have ran the MalwarebytesAds remover & downloaded and ran "Farbar", among other remedies.
I am a novice as it comes to this level of hacking, so I am asking for guidance on how to resolve this permanently. What steps are recommended?
I'm worried that if I just get a new computer, that the same thing will happen, as I work remotely from home.
To whomever can assist, thanks x 1 million!
DESKTOP-7H9QFH6-20210307-1950 (1).log msedge_installer.log DESKTOP-7H9QFH6-20210306-1629.log