LostCause123

hello! so I did everything exactly as directed and after generating the zip folder with the necessary logs which I can see on my desktop as a zip folder with the exact name that your asking for, but when I try to drag in the folder to where it says "Drag files here to attach, or choose files..." it only adds all the logs as attachments and each one is uploaded separate instead of having it appear as one zipped folder. Same thing happens when I click on "choose files" below except when I click on the zipped folder that is named exactly as what your asking for and contains all the logs inside of it, instead of posting it as a whole folder, it adds it as a bunch of separate .txt files and logs. I don't know what I am doing wrong, could it be because the zipped folder contains more folders inside of it? So it begins to open up the initial folder, so i can choose the files from the folders inside? I am also opening the folder with windows explorer or the other option is to open the folder with Notepad and no other option is given. It says that the zip folder contains 10 files total and 5 folders, is that how it should be? Trying it in safe mode with networking does not work either, since i need a internet connection and it doesn't even show that i have a wireless adapter installed or an internet connection present. I provided a screenshot of this exact problem in my post above.

Hello, I greatly apologize for not sticking through with my previous post but i promise I will do everything exactly as asked and to the very end and i what previously happened before will not happen again. I have read all your instructions and have/will only use this computer to go on my web browser and then to these forums and for nothing else till I get an all clear from you. I will gather the logs as stated by trusted advisor and post them back in my next post exactly as directed. I also don't have discord on this computer and the only programs that I use on this device is my web browser and a few video games but that is all the possible applications and apps that I downloaded. Thank you so much for your time and effort on helping me, I will not waste your time again and once again I apologize.

Hello Trusted Advisor, i have tried what you said and once in safe mode with networking, i did get the chance to install Farbar Recovery Scan Tool and ran the program directed by the instructions which generated the FRST logs and Addition logs which i will attach with this reply below. I was also able to install and run the Malwarebytes Support Tool which has a feature for fixing the main system and windows components, and i was wondering if i should maybe try running that in Safe mode so it can potentially fix the problems im having when not in safe mode? Another issue occurred when having my computer booted in safe mode with networking, and that was that my wireless connection adapter was completely gone and disabled and only a ethernet connection adapter was present which i don't have access to at this moment (I have attached a screen shot of it below as well as a screenshot of the error when trying to install Malwarebytes application) and that was stopping me from installing the Malwarebytes application since it would download 5% and stop with an error saying that i don't have a internet connection to be able to download the actual program, so i am still not able to provide the Malwarebytes application virus scan logs. Also something else i thought would be worth mentioning.. my windows key ID way not present as well when in safe mode but when in normal boot, its still present and registered but the computer doesn't seem to register that its activated and still says that i need to activate windows. I have tried putting in a key of windows 10 Home but that errored as well and said it was invalid which after double checking 10 times, the key was put in correctly and exactly how its written on the purchased key card that came with the official package of windows 10 that i bought and used successfully before. Below are all the logs that were generated after running the support tool and clicking the button that said "gather FRST logs and other logs to send to Malwarebytes support". I dont know how helpful the other logs will be since it does not let me open them while not in safe mode but i hope it helps! Thank you once again for the help and your time spent on me, ill be by my computer for the next 6-10 hours so i will check for any responses and further instruction as frequently as possible. Addition_20-05-2023 19.27.26.txt FRST_20-05-2023 19.27.26.txt mbst-check-results.txt mbsetup.log Service mbsetup.log PFRO.log setupapi.dev.log mbst-stub-results.txt mb-support-log.txt

hello! thank you for getting back to me so quickly, so this was my initial problem, i get this error message when trying to open any file after it has been downloaded. i have attached a screenshot of the error message and i cant seem to find a work around for this issue. It started occurring about a week ago, same with my windows being deactivated as how it states at the bottom right hand corner of the screen.

Hello! So this has been an on going problem for almost 2 years now and after trying every anti virus program and running scans with premium access on all of the virus and malware removal programs, it either comes up undetected or finds a file or two and still doesn't fix anything after i remove them with the help of whatever program im using to do the scans. In the very beginning when it all begun, i had all my accounts hacked, my emails perm deleted and all my devices and phones completely infected and taken over to almost unusable states. Also one of the biggest mistakes i made was contacting a support specialist when dealing with the Norton anti virus app and they had me share my computer screen and also give them full access to my computer for about 45 minutes to an hour and noticed that they were editing the registry and downloading a bunch of files and also completely erasing and resetting the whole anti virus program which i gave no permission to do which by the end of the session, made me regret even thinking about addressing any issues with their tech support. I have also fully erased my systems, clean reinstalled windows and also had professional computer experts work on my computers and clean them out as well but everything ends up coming back the second i turn on my computers and connect it to my home network and sometimes even without connecting it to my home network, it would all return in the time span of an hour or so. But my biggest issue as of right now is that my laptop that i am writing this post from at this moment, is completely useless for anything else other then going on a internet browser and looking up and using websites. Any downloads or applications i try to open, just get an error message saying that the program that is being run is not associated with any working device or may have been moved or removed by the administrator. I have lost all admin privileges and editing my registry is blocked out once again by the admin, which im guessing is the admin of the workgroup that i cant get rid of or delete or remove myself from since it either just blue screens and shuts down the whole computer or after restart just goes back to how it was before even trying to remove myself from workgroups. As of now i am not able to download Malwarebytes applications, as well as any or the programs that are listed as the starting logs that i have to attach with this post. I started experiencing this a few days ago and restoring my computer from a restore point in recovery mode just brings up error message stated above and just makes me restart the device and all over again from there. Actually doing anything from recovery mode just errors and activates restart of the device. Also another thing that might be very important to mention... At the same time that the problems arose a few days ago, my windows got deactivated on my laptop and a permanent message window that is very faded grey on the bottom right hand side of my screen states that "Activate Windows, go to settings to activate windows" but after going to settings and checking the exact settings tab, it says that i have windows 11 home activated and has a product ID key and a windows key that is registered and says that its activated or else how would i of been able to use windows and all their features for years now. Also Powershell V1 and V2 are used constantly to inject codes and set up automatic tasks and commands to block me from erasing or changing/ modifying anything that has to do with fixing or removing any kind of changes or infections that were purposely put in to make it almost impossible if not completely impossible to fully get rid of. This is all very stressful and the past weeks problems have been completely new to me even though i thought i experienced and have seen the worst of the worst of what a malware and a hacker take over can do. All help is highly appreciated and it would be a true blessing if i could get guided through getting my laptop back to normal working condition with possibly fixing my main PC as well afterwards which got infected and went through the same issues that this computer has gone through except this one seems to be having a few more difficulties to work around with like the issues occurring around a week ago which has made my laptop just practically useless and unusable. So what can i do to even begin with downloading these programs/tools mentioned in the directions forum post so i can post the logs that are being asked for and needed? Thank you so much in advance for all and any help given to me and i am looking forward to following any and all advice that is given. I will do literarily anything that could possibly help me towards achieving normal working private home computers as my whole life revolves around working and using my home network and my devices which are currently all blatantly infected by more then one type of malware/ hacker attack.

hello! so i have been dealing with this for over a year now, and learned a lot about this through out the year since I'm living in a very rural area and hours away from any tech helping personal and companies. So as of recently I started streaming professionally and as well as became a professional game competitor. I use a program called OBS studio to stream through which is how i found out about this concurrent issue that I'm about to explain. When i was setting up my stream a few months ago, in the settings menu there is an option to choose where the stream binds to. By default it is set to default option but if you expand it, it gives you the options to bind it to the computers network adapters and the computers and networks IP address. As of two weeks ago, I opened up my usual programs and my OBS streaming program and noticed that the stream was unbearable to watch. It constantly crashed, pixelated to unwatchable states and stuttered as if I was streaming off a public Wi-Fi in McDonald's in the middle of New York with 50 thousand other people logged in and using the Wi-Fi as well... yes it was that freaking slow! when I checked my speed of my network on multiple sites... it showed me lightning fast speeds and reflected exactly the speeds that I am paying for via my network provider. The problem is definitely not in that, my download speed is above 200mb/s and upload of over 25mb/s. My routers ethernet band speed is at 2.5gb as well. So as of two weeks ago my OBS studio network bind option started showing that there was a new IP address option that i could bind to and a vEthernet adapter option as well. Both of the new options had a V in front of it. When i did some research, i figured out that it was the Hyper-V virtual Ethernet Adapters (vEthernet) that were installed on my desktop and causing the issues. When i went to device manager to try and delete them, they are not there. My normal Ethernet and wireless adapters are but no sign of anything else. It is only seen through the OBS program and the same IP address is popping up in my anti virus network adapters section as a "work" adapter and always becomes deemed as a full access network to bypass all my firewall settings which is dont allow even for my own home network. Every time I block the IP address and the network firewall bypass, It reappears with even more IP address sections (up to 10 different groups of them) after I restart my computer. At this point my computer is almost un-usable and running any kind of games and stream is just a no go. My network cap is over 2000GB and it charges me 10 dollars for every extra 50GB and my last bill was over a thousand dollars since it shows that my Desktop alone uses over 5k GB last month and i only had it on 2-3 hours a couple times a week to do research on google or look things up. There is absolutely no way i could be using that much network bandwidth so obviously the hacker is. Please help me permanently get rid of this problem, I would like to take up streaming as a full time job and the only thing stopping me right now and has been for over a year now are these issues that all point to malware/hacker take over and use of my computers. Any help would be greatly appreciated and i will be monitoring the forums for a reply every 10 minutes or so since this is my number one issue to deal with as of now. My life has been a complete mess and in shambles ever since some how contracting this malware/hacker over a year and 3 months ago as of this date. Thank you so much in advance and god bless!

Hello! My name is anton and I have a ongoing problem with my computers which started as I now know over a year ago and has been on going since then on all my devices and computers. I have a desktop which I got in august of last year and a fairly new laptop which I got 8 months ago and has had the same exact problems as the desktop. Today about an hour ago I turned on my laptop since my desktop is completely unusable, and did my usual webroots malware scan which is configured for maximum security with every option turned on to max out safety overall for my laptop. Did the scan and came to 35 thousand files and no infections. I then go to optimize my computer with webroots built in optimizer and cleaned 360mb of files. 2 days ago it cleaned out 3.2gb of "temporary windows internet explorer" files and even prompted a warning saying that I have an unusually high amount of temporary saved files on my laptop. I went ahead and cleared those out and used my laptop like normal. The only issue that I was seeing for the past week was that some files were being monitored by a local remote IP addresses and a lot of them too on a few different .EXE files and folders but I just blocked them and blocked the files as well which came up as two copies of on webroots running services... one copy of the files had listeners and up to 10 of them on some and another which had no listeners.. so I'm guessing that the real legit files got copied to mask the malicious ones that are used in the malware, because they were copied word for word and no difference in the name what so ever except that one set had a bunch of listeners and remote and local IPs that I have taken note of as well, and the other set had none. So getting back to my laptop, after I optimized and cleared the files within webroots that was installed by a geek squad agent after I got my computer back last week from getting completely wiped and reformatted and cleaned from all the corrupt files that were on it, from this same exact malware.. I notice that my internet connection has been switched off.. or just the ability to access my network because I was still connected to my Wi-Fi address but just didn't have any internet feed to actually use the network. This has been an ongoing problem as well with this malware or set of malware's as I'm sure there's a lot more of them on my computers. Or the files just have different names.. I don't know but anyways right after noticing that I have no connection..webroots pops up with a pop up saying that I have two malware files that are being run and that webroots has blocked them. I check what they are and am able to only see one which was powershell2.exe malware but it was on the quarantined section and the bubble option for "block" was filled. I thought I was safe so I went to a different tab and literarily right after 5 seconds my screen flashes and I get a system warning notification saying that both my webroots antivirus/anti malware (which was actually the first and only malware scanner to be able to have my computer work for a certain amount of time and show me that it found files and blocked malicious activity... and I've tried all of them as of now) and my windows defender anti virus are turned off together at the same time. I right away check webroots to try and delete the earlier malware file which only one showed up but intially had two of them pop up as a warning for webroots, but was too late because my webroots which had the premium access key account logged in and installed was completely erased and turned off and all of its features were completely unusable since it was asking me to put in a new webroots premium key and blocked my original one that was supposed to have a lifetime access period and shouldn't of been disabled like that on its own. I actually don't even know where to disable it or log out of the account nor would I of ever wanted to since my computer was finally useable for a week after it was installed. As of now my computer doesn't connect to the internet once again and when checking windows defender firewall rules, about 80% of the active rules were not rules that I previously saw or put in there let alone activated to bypass and connect through the firewalls defence, some examples being "neighbor proximity sharing, neighbor network discovery, teredo,windows host and file sharing protocols, mDNS, windows programmable application interrupt, app host and embedded app control... and many many more which i have tried to block but either come turned on again or just work without popping up in the background. Please help me figure out a fix for this because I just can't live anymore like this. I have had my identity stolen from this and all my accounts and banks hacked and money stolen and so on.. I would really like to get my life back. I am currently on my mobile phone since no computer connects to the internet so I can't post the logs that are needed. Also my phone completely stops working when I'm near my computers and mostly noticed it with my laptop.. and when this was all happening my phone was right next to the laptop and it lost all service and all signal and data as if the phone had no SIM card in it to begin with... which has been an ongoing problem as well. Is there a way to maybe use my phone to post the scans after using them on my computers? I am just not sure of a way but very open to any suggestions and guidance :) I am very stuck and any work around for a fix would be a life saving fix for me... I will be forever greatful! Thank you so much in advance to whoever takes on this insanely torturous problem for me. I will be checking my phone every 5 minutes and will do my best to provide everything needed to my best ability.

I have attached a list of some of the services that are installed and running on my desktop every single time i start up my computer. These services are also on every one of my other computers and are active and running. I did not install or even know what half of them were or what they did until i read the tooltip descriptions when hovering over the name of the service on the list. I am not able to turn them off or delete them and for the ones that i am able to stop, it comes back in a few seconds once again and then blocks me from being able to do anything to them. If i try to force end those tasks after that, it just crashes my whole computer and all the services come back on after I reboot as if i haven't touched a single thing. The only thing I wanted to have on my desktop was a fresh install of windows 10 which I thought i had successfully done after i data wiped my drives through bios and did a clean install of windows 10 through a USB flash drive. After seeing all the services come back in minutes after the first initial boot, I inspected the USB flash drive that i was using and the files on it and apart from the windows 32 bit and 64 bit that were located there as supposed to, It also contained all the infected files and many other ones that i stupidly did not save or write down so i unfortunately can not give the names of those files but there was around 70 thousand of them. I removed them from the USB which caused the files to disappear. After a few seconds following the removal of the files from the USB the whole computer once again crashes and goes into diagnostics mode, following by a failed diagnostics check and then another reboot to where it boots up in the same irregular way that I mentioned previously with the pre-boot screen flashing 3 times to a full blank black screen and then switches to the log in window. I hope that the services list i attached will give some additional info on how i should move forward with fixing all this. The services list was saved in normal boot but i am posting this while in safe mode. I will do the scans once again right now and will be back to post them shortly. Thank you once again. services extended list.txt

Good afternoon! Sure, I will try to do that now but I'm pretty sure it wont let me since any update for windows or the OS just fails to fully download or doesn't start and just gets stuck on pre loading for install. I also wanted to add that i did a Malwarebytes rootkit scan and from looking at the logs, the rootkit scan was able to scan through all the drives in Windows\system32\drives except for drive 0 which came up to be "MBR on drive 0 is invalid or encrypted". The disk size is 2000398934016 bytes. Would this be the virus hiding or is it the sensitive windows files that are encrypted that are on there and that's why its not letting it get scanned? I have tried to delete folders and files in the past that came up as either "no permission granted or files are encrypted" even though i just made sure that all admin permissions were accessible to me and i was the only admin/user to even operate and have access to my account and its files and folders. I also haven't encrypted any files what so ever. Some files that i couldn't get rid of and would have services running that would be unstoppable, and full access to them would be denied no matter what i did are RundL.exe host, SvcHost.exe, installer2, and hosting scripts with monitoring capabilities linked to azure.com, as well as developer tools and even had a user in task manager that was called dwm.exe and was taking up the most memory out of all the active processes and services. There is also a lot of services that show up about 10 minutes after a full wipe and redownload of fresh windows operating system and I've seen it happen live right after the computer boots up and gets set up through the windows tutorial. Some of these files are from "app execution aliases" that i have never downloaded like winget.exe, GameBarElevatedFT_Alias.exe, Python.exe(app installer), Python3.exe(app installer) and many many more services that just run on my computer and I'm not able to turn them off or end the task without having my whole OS crash or after ending the task 2 or 3 times, it denies me all permissions to delete or modify that file/task/service. All of this cant be normal right? I never had to deal with any of that before nor did i see any of this when my desktop just arrived so I'm pretty sure that all of this could be due to the infection and not normal computer behavior? Or am I completely wrong? I have attached todays rootkit scanner log that i was referencing from up above just in case. It came back clean but i am also not running my computer in safety mode anymore, just on normal boot up so maybe thats why its going undetected? i Still have no luck in downloading malwarebytes to do the initial threat scan. It is stopping me from being able to download it every way it can. Would there be a work around to getting all this off my computer so i never have to see it again? mbar-log-2021-11-18 (13-26-53).txt

I have extracted them into a zip folder and now will attach the folder how instructed. hio.zip

thank you so much for getting back to me! I have done the offline scan and like the previous times, it got to 10k files and about 63 percent and then rebooted. When i logged back in, the first notification that popped up was that Malwarebytes is unable to download for some unknown reason. This happens every time on boot since i tried to download Malwarebytes to do the initial scans before posting on these forums. Then when checking the "protection history" under "Virus and threat protection" it states that I have "no recent action" and the whole page is pretty much blank with no recollection of any scans that I did in the past or the one I did just now. I have attached the minidump files that you have asked. For some reason i had 5 of them all from different dates and times, is that supposed to be like that? I hope its alright that i attached all 5 of them on here. Thank you once again for your help! 110221-9296-01.dmp 110921-11031-01.dmp 111521-10875-01.dmp 111621-9375-01.dmp 111621-10296-01.dmp

I have just found the needed files, for some reason they were in my downloads folder and not on my hard drive or in my documents/files folders where i usually would of found them especially after i saved them to that location 3 times. I apologize for double posting but I thought this would be important enough and would save time in the long run. FRST.txt Addition.txt

hello! my name is Anton and i really hope your able to assist me since i have tried everything and i am just giving up on finding a solution and this has really affected my life in a very negative way since it happened and this is truly my last hope. I have read other forum tickets similar to what my problem was and was extremely surprised and impressed at how professionally that problem was dealt with and i am praying that you'll be able to help me out with this as well. So lets get to it! =) So all of this started happening around last December of 2021, Jan 2nd to be exact is when i completely lost access to all of my devices and later on my phones and both of our house networks which i used to work from before this all occurred. I just got myself a new desktop that i dreamed of having since i was 8 years old and a new phone and apple watch as well. At first since i haven't dealt with viruses before(thank god) I didn't know that i might be getting something other then a minor bug or glitch or maybe a network problem since i live in a very small town on a shore of a privet lake and so the cell service and internet service is not the best here and usually loses connection or has a very slow one quite frequently. Then I started to notice that my video games had their settings changed and different apps would appear or automatically download that I never authorized or even heard of before. My computers fans would also go into over drive sometimes as frequently as every 10 seconds and when checking my task manager, would show that i have 64 GB of VRAM but would only leave about 10gb accessible and the rest would be shared to somewhere that I cant figure out where. I also started to notice extreme lag when I'm running very memory hungry and storage hungry applications and in the beginning when i just got the desktop, it was running flawlessly. I also tried to fully wipe my drives and tried to redownload windows on all 3 of my computers but all that did was make my computers completely uncontrollable because now every time i try to close off a service or program or delete an application that i haven't downloaded or installed onto the computer, it just comes right back a few seconds after i close it off and after i do that a few times it either blocks me off by saying that i don't have access or my permission is denied or just blue screens my whole computer with an error saying "stop code" and then reboots again but extremely fast and not how it should boot normally. I also cant download any anti viruses including Malwarebytes because the second that i click on install, it either freezes my computer and crashes later on or just tells me to reboot my computer the second that the program starts installing and stops the installation at 15-32% and goes into reboot or closes off the whole download the second i click on reboot later or don't reboot. When it restarts it says that windows is updating which counts to either 72% or sometimes to 100% and then restarts again and says that windows failed to update, reversing back to the old update version then restarts again and then finally boots up with a few black screen flashes in between some loading phase that is not the standard way my computer ever started up. I am not able to download Malwarebytes and was only able to make an account on forums through my phone and now accessing this off my desktop but in safe mode or else it would tell me an error or just crash and shut off my computer or send it into a restart. I shortened this as much as possible since there's quite a lot to write if mentioning all the details that happened throughout the year but if needed later on, i have no problem providing as much details as needed on any question or subject that is needed to be answered by me. I really hope that we can get this resolved, and thank you so much for your time and your effort to help me out with this. I don't know what else to do since i have tried everything even giving my laptop (different computer that's also infected) to a computer guy who charged me 200 bucks for a reboot and said that the computer was completely fine when i know for a fact that its not and works completely differently then how it should of since i used it when it was clean and all of the above signs and many more occur on it just like they occur on my third laptop and my desktop. I would like to focus on my desktop first as I don't need the laptops for anything for now but would like to get those fixed later on as well if a fix could be done for my desktop. I hope to hear from you soon! god bless! mbar-log-2021-11-17 (03-02-55).txt mbar-log-2021-11-17 (03-08-15).txt system-log.txt