ChristiaanGrobler

Farbar Service Scanner Version: 23-12-2020 Ran by grobl (administrator) on 16-08-2021 at 21:53:29 Running from "C:\Users\grobl\OneDrive\Desktop\New folder (2)" Microsoft Windows 10 Home (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Windows Security: ============ Windows Update: ============ wuauserv Service is not running. Checking service configuration: Checking Start type of wuauserv: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. Checking ServiceDll of wuauserv: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\Drivers\afd.sys => File is digitally signed C:\Windows\System32\Drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\SecurityHealthService.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****

the ffs file does not allow me to upload it SecurityCheck.txt

well the last run removed windows defender from my PC it whould seem

okay quick startup is turned off and the script was runned here is the fixlog attached Fixlog.txt

okay so i went and checked my allowed threats again and 4 of the severe threats are gone so we managed to remove 4 of them some how.

here it is mbst-grab-results.zip

okay both scans came up clean no threats detected

here is verything you asked for. Fixlog.txt mbar-log-2021-08-15 (04-54-05).txt system-log.txt

okay i did recover all of my accounts and reset new passwords and did not save any passwords to my PC.and so far i have not had any problem with anyone messing with my accounts. Report: ail.comSystemLook 30.07.11 by jpshortstuff Log created at 21:03 on 14/08/2021 by grobl Administrator - Elevation successful ========== regfind ========== Searching for "C:\Program Files (x86)\BtUXQOcJWkhU2" No data found. Searching for "C:\Program Files (x86)\EcMqiFgQU" No data found. Searching for "C:\Program Files (x86)\fwXJmBAXTzRbjJWsEfR" No data found. Searching for "C:\Program Files (x86)\hAZlnEiYytGiC" No data found. Searching for "2147735503" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.B!ml&threatid=2147735503] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction] "2147735503"="6" [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction] "2147735503"="6" [HKEY_USERS\S-1-5-21-3615662053-452412393-171829587-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.B!ml&threatid=2147735503] Searching for "2147735735" [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction] "2147735735"="6" [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction] "2147735735"="6" ========== filefind ========== Searching for "BtUXQOcJWkhU2" No files found. Searching for "EcMqiFgQU" No files found. Searching for "fwXJmBAXTzRbjJWsEfR" No files found. Searching for "hAZlnEiYytGiC" No files found. ========== folderfind ========== Searching for "C:\Program Files (x86)\BtUXQOcJWkhU2" No folders found. Searching for "C:\Program Files (x86)\EcMqiFgQU" No folders found. Searching for "C:\Program Files (x86)\fwXJmBAXTzRbjJWsEfR" No folders found. Searching for "C:\Program Files (x86)\hAZlnEiYytGiC" No folders found. -= EOF =- and no i have not ran any other scans besides the AV and that witch we have done. I'll be waiting for your reply.

GOOD DAY the main reason i suspect someone to have had access to my PC is because multiple of my account was hacked and my steam account email address was changed. SystemLook.txt

Okay so to my understanding all malware is removed (do you agree). In that case what do you suggest I do to prevent anyone from accessing my pc from an 3rd party device. In the case we missed anything. And for future prefrence. Is there anyway to make my PC more secure apart from the avira ;MS Defender and malawarebytes? I don't have alot of knowledge when it come to securing my PC any assistance in this are will be greatly apriciated.

fix is done and no i cant remove them. Fixlog.txt

found this and cant remove any of them

okay then no problem. oky let try turning off the real-time monitoring of avira

No all the History is the exact same. And what would you recommend MS Defender or avira.? \