commegalife Posted November 6, 2020 ID:1418998 Share Posted November 6, 2020 I used malwarebytes to scan my laptop and found 8 cloudnet epicnet malware and put it into quarantine, but the virus appeared again after I restart my laptop. Every-single-time *cries*. I scan it again using malwarebytes and you already know what'll happen after I restart my laptop ðŸ˜, yes, the virus keeps coming back! I read some instruction to unhide the hidden folders and files and boot into safe mode to uninstall the cloudnet.exe. I did it, booted into safemode, but I couldn't find the cloudnet app nor it friends in my program and features and in appdata\roaming or appdata\local. So I thought, they gone. When I boot into normal mode, and scan using malwarebytes, just in case, they reappeared . I'm afraid because it's trojan and it'll cause BSOD and break the HDD. So, please help me removing them 😠malwarebytes report 20201106.txt Link to post Share on other sites More sharing options...
kevinf80 Posted November 6, 2020 ID:1419000 Share Posted November 6, 2020 Hello commegalife and welcome to Malwarebytes, Continue with the following: If you do not have Malwarebytes installed do the following: Download Malwarebytes version 4 from the following link:https://www.malwarebytes.com/mwb-download/thankyou/ Double click on the installer and follow the prompts. When the install completes or Malwarebytes is already installed do the following: Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following:  Click on the Detection History tab > from main interface. Then click on "History" that will open to a historical list Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply  Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror  Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status...  Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans"  Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin.... 1 Link to post Share on other sites More sharing options...
commegalife Posted November 6, 2020 Author ID:1419008 Share Posted November 6, 2020 Hi, kevinf80! Thank you for your instruction. Here's the scan reports: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/6/20 Scan Time: 11:30 PM Log File: 6ebb18cc-204d-11eb-9e0b-2cfda17fd2c7.json -Software Information- Version: 4.2.2.95 Components Version: 1.0.1096 Update Package Version: 1.0.32542 License: Trial -System Information- OS: Windows 10 (Build 19041.508) CPU: x64 File System: NTFS User: 5HINEE\ASUS -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 292414 Threats Detected: 8 Threats Quarantined: 8 Time Elapsed: 14 min, 35 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 8 Trojan.Glupteba.BITSRST, C:\Users\ASUS\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe\Protection Dir, Quarantined, 1167, 781247, , , , , , Trojan.Glupteba.BITSRST, C:\Users\ASUS\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe, Quarantined, 1167, 781247, , , , , , Trojan.Glupteba.BITSRST, C:\Users\ASUS\AppData\Roaming\EpicNet Inc\CloudNet, Quarantined, 1167, 781247, , , , , , Trojan.Glupteba.BITSRST, C:\USERS\ASUS\APPDATA\ROAMING\EPICNET INC, Quarantined, 1167, 781247, 1.0.32542, , ame, , , Trojan.Glupteba.BITSRST, C:\Users\ASUS\AppData\Local\EpicNet Inc\CloudNet\cloudnet.exe\Protection Dir, Quarantined, 1167, 781248, , , , , , Trojan.Glupteba.BITSRST, C:\Users\ASUS\AppData\Local\EpicNet Inc\CloudNet\cloudnet.exe, Quarantined, 1167, 781248, , , , , , Trojan.Glupteba.BITSRST, C:\Users\ASUS\AppData\Local\EpicNet Inc\CloudNet, Quarantined, 1167, 781248, , , , , , Trojan.Glupteba.BITSRST, C:\USERS\ASUS\APPDATA\LOCAL\EPICNET INC, Quarantined, 1167, 781248, 1.0.32542, , ame, , , File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
commegalife Posted November 6, 2020 Author ID:1419011 Share Posted November 6, 2020 # ------------------------------- # Malwarebytes AdwCleaner 8.0.8.0 # ------------------------------- # Build:   10-08-2020 # Database: 2020-09-29.1 (Local) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start:   11-06-2020 # Duration: 00:00:07 # OS:    Windows 10 Pro # Cleaned:  6 # Failed:  0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted    C:\Windows\rss ***** [ Files ] ***** Deleted    C:\END ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion Deleted    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Deleted    HKCU\Software\Sunisoft Deleted    HKLM\Software\Wow6432Node\Lavasoft\Web Companion ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [1791 octets] - [06/11/2020 23:52:54] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########  Link to post Share on other sites More sharing options...
commegalife Posted November 6, 2020 Author ID:1419015 Share Posted November 6, 2020 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-11-2020 Ran by ASUS (administrator) on 5HINEE (ASUSTeK COMPUTER INC. X441UVK) (07-11-2020 00:06:39) Running from C:\Users\ASUS\Downloads Loaded Profiles: ASUS Platform: Windows 10 Pro Version 2004 19041.508 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <18> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler64.exe (ICEpower a/s -> ICEpower A/S) C:\Windows\System32\ICEsoundService64.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe (Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\IntelCpHDCPSvc.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\IntelCpHeciSvc.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes Inc -> Malwarebytes) C:\Users\ASUS\Downloads\adwcleaner_8.0.8.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2> (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2010.7621.0_x64__8wekyb3d8bbwe\Cortana.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (NoVirusThanks Company Srl -> NoVirusThanks Company Srl) C:\Program Files\NoVirusThanks\Win Update Stop\WinUpdStopSvc.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2> (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Smadsoft) [File not signed] C:\Program Files (x86)\SMADAV\SMΔRTP.exe (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [SMΔRT-Protection] => C:\Program Files (x86)\Smadav\SMΔRTP.exe [1932368 2020-10-18] (Smadsoft) [File not signed] HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) HKU\S-1-5-21-1429262469-2834305963-1999796374-1001\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-1429262469-2834305963-1999796374-1001\...\Policies\Explorer\DisallowRun: [1] Mshta.exe HKU\S-1-5-21-1429262469-2834305963-1999796374-1001\...\Policies\Explorer\DisallowRun: [2] powershell.exe HKU\S-1-5-21-1429262469-2834305963-1999796374-1001\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.183\Installer\chrmstp.exe [2020-11-03] (Google LLC -> Google LLC) HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0D25DE17-467F-43C3-8174-E6D8574FA8FD} - System32\Tasks\smadav => C:\Program Files (x86)\Smadav\SMΔRTP.exe [1932368 2020-10-18] (Smadsoft) [File not signed] Task: {1E797CD6-2F70-44BD-B519-AFE615B50895} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [91920 2020-11-04] (Microsoft Corporation -> Microsoft Corporation) Task: {236042CC-9E55-4CB8-84C6-415833B826B9} - System32\Tasks\Agent Activation Runtime\S-1-5-21-1429262469-2834305963-1999796374-1001 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-08-31] (Microsoft Windows -> ) Task: {3664511D-3D32-47C3-9ABF-6017E24F516A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1395480 2020-11-04] (Microsoft Corporation -> Microsoft Corporation) Task: {489C9EEF-D3B5-4924-8D89-FAAC73842F2C} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506384 2019-10-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {5D04BAAD-32D3-42A8-B8DB-D46EEAB97791} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [124624 2020-06-03] (Mozilla Corporation -> Mozilla Foundation) Task: {7A5108B6-D36B-40BD-8371-3DA0B49EF5EE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2420640 2020-11-04] (Microsoft Corporation -> Microsoft Corporation) Task: {AA6A1B7D-3C5C-4BBF-912B-74C9515C2BE4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-14] (Google LLC -> Google LLC) Task: {B3965C1D-F1EC-43B2-B2E5-33599FD76FC0} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506384 2019-10-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {C52CADFA-0253-40D0-BF0A-AEE48C869226} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2420640 2020-11-04] (Microsoft Corporation -> Microsoft Corporation) Task: {C7C21D2B-3ADE-42CA-84A5-9F2FC5B87253} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-14] (Google LLC -> Google LLC) Task: {E21BDD8A-34DC-401E-90A6-08116FA9ED6B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1395480 2020-11-04] (Microsoft Corporation -> Microsoft Corporation) Task: {F4B995A9-1F09-47D9-B858-60DD6004730E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [91920 2020-11-04] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.44.1 Tcpip\..\Interfaces\{2e42116d-968b-4972-9813-f403bb95fd19}: [DhcpNameServer] 192.168.44.1 Tcpip\..\Interfaces\{e1b75c01-b675-427c-b127-1fe34d2260ff}: [DhcpNameServer] 192.168.43.1 Edge: ====== DownloadDir: C:\Users\ASUS\Downloads Edge HomeButtonPage: HKU\S-1-5-21-1429262469-2834305963-1999796374-1001 -> about:tabs Edge Session Restore: HKU\S-1-5-21-1429262469-2834305963-1999796374-1001 -> is enabled. Edge DefaultProfile: Default Edge Profile: C:\Users\ASUS\AppData\Local\Microsoft\Edge\User Data\Default [2020-11-06] Edge DownloadDir: C:\Users\ASUS\Downloads Edge Notifications: Default -> hxxps://drive.google.com; hxxps://mail.google.com; hxxps://meet.google.com; hxxps://web.telegram.org Edge HomePage: Default -> edge://newtab/ Edge DefaultSearchURL: Default -> hxxps://viu-static.akamaized.net/favicon/android-chrome-192x192.png Edge Session Restore: Default -> is enabled. Edge Extension: (Viu) - C:\Users\ASUS\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\daegohakgnkcblfeacnlbgagpngmaphb [2020-10-11] Edge Extension: (Bausastra Jawa Jangkep) - C:\Users\ASUS\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gnplfmhjpfagdmlogmpcjifnlkbcmiel [2020-10-19] Edge Extension: (AdBlock — best ad blocker) - C:\Users\ASUS\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2020-11-04] FireFox: ======== FF DefaultProfile: gxa4r248.default FF ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\gxa4r248.default [2020-06-22] FF NewTab: Mozilla\Firefox\Profiles\gxa4r248.default -> hxxps://securesearch.org/homepage?hp=2&pId=GR160102&iDate=2020-06-22 04:05:45&bName= FF ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\2jiyeosw.default-release [2020-11-05] FF Homepage: Mozilla\Firefox\Profiles\2jiyeosw.default-release -> hxxps://securesearch.org/homepage?hp=2&pId=GR160102&iDate=2020-06-22 04:05:45&bName= FF NewTab: Mozilla\Firefox\Profiles\2jiyeosw.default-release -> hxxps://securesearch.org/homepage?hp=2&pId=GR160102&iDate=2020-06-22 04:05:45&bName= FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\2jiyeosw.default-release\Extensions\sp@avast.com.xpi [2020-06-14] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-11-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-11-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN) Chrome: ======= CHR Profile: C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default [2020-11-07] CHR Notifications: Default -> hxxps://drive.google.com; hxxps://meet.google.com CHR Session Restore: Default -> is enabled. CHR Extension: (Slides) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-06-20] CHR Extension: (Docs) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-06-20] CHR Extension: (Google Drive) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-23] CHR Extension: (Google Docs Offline) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-10-23] CHR Extension: (Avast Online Security) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-06-20] CHR Extension: (Chrome Web Store Payments) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-06-20] CHR Extension: (LINE) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ophjlpahpchlmihnnnihgmmeilfjmjjc [2020-10-12] CHR Extension: (Chrome Media Router) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-11] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9619824 2018-12-26] (Microsoft Corporation -> Microsoft Corporation) R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe [1995184 2020-07-08] (FOXIT SOFTWARE INC. -> Foxit Software Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7265328 2020-11-04] (Malwarebytes Inc -> Malwarebytes) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5097896 2020-09-22] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-07-10] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\NisSrv.exe [2372048 2020-11-05] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MsMpEng.exe [128376 2020-11-05] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinUpdStopSvc; C:\Program Files\NoVirusThanks\Win Update Stop\WinUpdStopSvc.exe [2178280 2018-08-25] (NoVirusThanks Company Srl -> NoVirusThanks Company Srl) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [108504 2019-04-24] (ASUSTek Computer Inc. -> ASUSTek COMPUTER INC.) R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation -> EldoS Corporation) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-11-04] (Malwarebytes Corporation -> Malwarebytes) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [217600 2020-11-06] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-11-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197792 2020-11-06] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [74936 2020-11-06] (Malwarebytes Inc -> Malwarebytes) R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-11-04] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [134304 2020-11-06] (Malwarebytes Inc -> Malwarebytes) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-11-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [428264 2020-11-05] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [69864 2020-11-05] (Microsoft Windows -> Microsoft Corporation) S3 HIDSwitch; \SystemRoot\System32\drivers\AsHIDSwitch64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-11-07 00:06 - 2020-11-07 00:10 - 000017741 _____ C:\Users\ASUS\Downloads\FRST.txt 2020-11-07 00:04 - 2020-11-07 00:08 - 000000000 ____D C:\FRST 2020-11-06 23:58 - 2020-11-06 23:58 - 000000000 ____D C:\WINDOWS\rss 2020-11-06 23:58 - 2020-11-06 23:58 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\EpicNet Inc 2020-11-06 23:58 - 2020-11-06 23:58 - 000000000 ____D C:\Users\ASUS\AppData\Local\EpicNet Inc 2020-11-06 23:57 - 2020-11-06 23:57 - 000074936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2020-11-06 23:56 - 2020-11-06 23:56 - 000217600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2020-11-06 23:56 - 2020-11-06 23:56 - 000197792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2020-11-06 23:56 - 2020-11-06 23:56 - 000134304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2020-11-06 23:53 - 2020-11-06 23:53 - 000002199 _____ C:\Users\ASUS\Desktop\scanreport 1153.txt 2020-11-06 23:52 - 2020-11-06 23:53 - 000000000 ____D C:\AdwCleaner 2020-11-06 23:34 - 2020-11-06 23:35 - 002298368 _____ (Farbar) C:\Users\ASUS\Downloads\FRST64.exe 2020-11-06 23:11 - 2020-11-06 23:27 - 008447152 _____ (Malwarebytes) C:\Users\ASUS\Downloads\adwcleaner_8.0.8.exe 2020-11-06 21:53 - 2020-11-06 21:53 - 000002247 _____ C:\Users\ASUS\Desktop\malwarebytes report 20201106.txt 2020-11-06 19:50 - 2020-11-06 19:51 - 000000000 ____D C:\KVRT_Data 2020-11-06 19:26 - 2020-11-06 19:26 - 000000000 ____D C:\WINDOWS\SpeechsTracing 2020-11-06 17:58 - 2020-11-06 18:06 - 185196912 _____ (AO Kaspersky Lab) C:\Users\ASUS\Downloads\KVRT.exe 2020-11-06 17:17 - 2020-11-06 19:15 - 000277968 _____ C:\WINDOWS\ntbtlog.txt 2020-11-06 17:17 - 2020-11-06 17:17 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2020-11-06 13:44 - 2020-11-06 16:11 - 000067541 _____ C:\Users\ASUS\Downloads\Database WA External 2-1.xlsx 2020-11-06 13:17 - 2020-11-06 13:18 - 007319166 _____ C:\Users\ASUS\Downloads\(NEW) KPK_WhatsApp (1).xlsx 2020-11-06 08:49 - 2020-11-06 09:02 - 000000514 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics 2020-11-05 23:28 - 2020-11-05 23:28 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation 2020-11-05 23:28 - 2020-11-05 23:28 - 000000000 ____D C:\WINDOWS\LastGood.Tmp 2020-11-05 23:26 - 2020-08-07 13:52 - 001780944 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe 2020-11-05 23:26 - 2020-08-07 13:52 - 001780944 _____ C:\WINDOWS\system32\vulkaninfo.exe 2020-11-05 23:26 - 2020-08-07 13:52 - 001371344 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe 2020-11-05 23:26 - 2020-08-07 13:52 - 001371344 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2020-11-05 23:26 - 2020-08-07 13:52 - 001086672 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll 2020-11-05 23:26 - 2020-08-07 13:52 - 001086672 _____ C:\WINDOWS\system32\vulkan-1.dll 2020-11-05 23:26 - 2020-08-07 13:52 - 000946384 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll 2020-11-05 23:26 - 2020-08-07 13:52 - 000946384 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2020-11-05 23:26 - 2020-08-07 13:52 - 000456592 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2020-11-05 23:26 - 2020-08-07 13:52 - 000349928 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2020-11-05 23:26 - 2020-08-07 13:50 - 006652816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2020-11-05 23:26 - 2020-08-07 13:50 - 005883280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2020-11-05 23:26 - 2020-08-07 13:50 - 003901672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2020-11-05 23:26 - 2020-08-07 13:50 - 002367720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2020-11-05 23:26 - 2020-08-07 13:50 - 002076568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2020-11-05 23:26 - 2020-08-07 13:50 - 001722096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6445167.dll 2020-11-05 23:26 - 2020-08-07 13:50 - 001569688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2020-11-05 23:26 - 2020-08-07 13:50 - 001486744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2020-11-05 23:26 - 2020-08-07 13:50 - 001482992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6445167.dll 2020-11-05 23:26 - 2020-08-07 13:50 - 001146264 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2020-11-05 23:26 - 2020-08-07 13:50 - 000812440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2020-11-05 23:26 - 2020-08-07 13:50 - 000674032 _____ C:\WINDOWS\system32\nvofapi64.dll 2020-11-05 23:26 - 2020-08-07 13:50 - 000670616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2020-11-05 23:26 - 2020-08-07 13:50 - 000655600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2020-11-05 23:26 - 2020-08-07 13:50 - 000555928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2020-11-05 23:26 - 2020-08-07 13:50 - 000541936 _____ C:\WINDOWS\SysWOW64\nvofapi.dll 2020-11-05 23:26 - 2020-08-07 13:48 - 004716168 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2020-11-05 21:11 - 2020-11-06 12:58 - 000044935 _____ C:\Users\ASUS\Downloads\Database WA External 2.xlsx 2020-11-05 18:13 - 2020-11-05 18:13 - 000005702 _____ C:\Users\ASUS\Downloads\WuReset2.0.bat 2020-11-05 16:58 - 2020-11-05 16:59 - 006717838 _____ C:\Users\ASUS\Downloads\(NEW) KPK_WhatsApp.xlsx 2020-11-05 15:52 - 2020-11-05 15:52 - 000753302 _____ C:\Users\ASUS\Downloads\Kuesioner Internal SPI 2019 - 20 Agustus 2019-provinsi.pdf 2020-11-05 15:52 - 2020-11-05 15:52 - 000483309 _____ C:\Users\ASUS\Downloads\Kuesioner Eksternal SPI 2019 - 27 Agustus 2019.pdf 2020-11-04 16:06 - 2020-11-04 16:08 - 001523229 _____ C:\Users\ASUS\Downloads\Ceklis Revisi 041120.xlsx 2020-11-04 14:23 - 2020-11-04 14:23 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2020-11-04 14:23 - 2020-11-04 14:23 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2020-11-04 14:23 - 2020-11-04 14:23 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2020-11-04 14:21 - 2020-11-04 14:21 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2020-11-04 14:18 - 2020-11-04 14:13 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2020-11-04 14:17 - 2020-11-04 14:13 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2020-11-04 14:14 - 2020-11-04 14:14 - 000000000 ____D C:\ProgramData\Malwarebytes 2020-11-04 13:55 - 2020-11-04 13:55 - 000000000 ____D C:\Program Files\Malwarebytes 2020-11-04 13:51 - 2020-11-04 13:53 - 002062144 _____ (Malwarebytes) C:\Users\ASUS\Downloads\MBSetup.exe 2020-11-04 12:09 - 2020-11-04 12:09 - 000000165 ____H C:\Users\ASUS\Downloads\~$Database buat WA (Autosaved).xlsx 2020-11-04 11:04 - 2020-11-04 11:04 - 000000165 ____H C:\Users\ASUS\Downloads\~$Salinan dari KPK_WhatsApp (1).xlsx 2020-11-04 08:00 - 2020-11-04 08:00 - 000000165 ____H C:\Users\ASUS\Downloads\~$Database buat WA.xlsx 2020-11-04 07:38 - 2020-11-04 07:38 - 000000000 ____D C:\Program Files\Microsoft Office 15 2020-11-04 07:36 - 2020-11-04 07:36 - 000440120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll 2020-11-04 07:36 - 2020-11-04 07:36 - 000083784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll 2020-11-04 07:23 - 2020-11-05 16:01 - 000058036 _____ C:\Users\ASUS\Downloads\Database buat WA.xlsx 2020-11-03 14:54 - 2020-11-03 14:54 - 000000165 ____H C:\Users\ASUS\Downloads\~$KPK_WhatsApp (2).xlsx 2020-11-03 13:25 - 2020-11-03 13:27 - 001972524 _____ C:\WINDOWS\Minidump\110320-44953-01.dmp 2020-11-03 12:53 - 2020-11-03 12:53 - 000000165 ____H C:\Users\ASUS\Downloads\~$KPK_WhatsApp (1) (Autosaved).xlsx 2020-11-03 12:45 - 2020-11-03 13:25 - 000000000 ____D C:\WINDOWS\Minidump 2020-11-03 12:45 - 2020-11-03 12:55 - 001961596 _____ C:\WINDOWS\Minidump\110320-45421-01.dmp 2020-11-03 10:45 - 2020-11-03 10:47 - 052473621 _____ C:\Users\ASUS\Downloads\GMT20201102-153924_Chintya-Ra_1920x1030.mp4 2020-11-03 10:39 - 2020-11-03 10:39 - 000000165 ____H C:\Users\ASUS\Downloads\~$KPK_WhatsApp (1).xlsx 2020-11-03 10:34 - 2020-11-03 10:34 - 000000000 ___SD C:\Users\ASUS\Documents\My Data Sources 2020-11-02 18:39 - 2020-11-02 22:00 - 000001374 _____ C:\Users\ASUS\Documents\template kpk.txt 2020-11-02 16:50 - 2020-11-02 16:50 - 000289216 _____ C:\Users\ASUS\Downloads\Surat Pengantar SPI 2020.pdf 2020-11-02 13:55 - 2020-11-02 13:56 - 000002364 _____ C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2020-10-24 18:42 - 2020-10-24 23:10 - 000855310 _____ C:\Users\ASUS\Downloads\Nurul Aisyah_Dokumen Persyaratan.pdf 2020-10-23 12:57 - 2020-10-23 12:57 - 000236909 _____ C:\Users\ASUS\Downloads\20201019-pengumuman-tenaga-pendukung-teknis-kemenko-bidang-perekonomian-gelombang-x-tahun-2020.pdf 2020-10-22 11:59 - 2020-10-22 12:24 - 061257487 _____ C:\Users\ASUS\Downloads\Emergency Couple by Despersa.pdf 2020-10-19 16:55 - 2020-10-19 16:55 - 000002928 _____ C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bausastra Jawa Jangkep.lnk 2020-10-18 19:30 - 2020-10-18 19:31 - 001323422 _____ C:\Users\ASUS\Downloads\Partner In Love by Meccaila.pdf 2020-10-18 19:27 - 2020-10-18 19:28 - 008474295 _____ C:\Users\ASUS\Downloads\The Worker Machine by Meccaila.pdf 2020-10-16 23:01 - 2020-10-16 23:01 - 006630180 _____ C:\Users\ASUS\Downloads\Another Time by Cellestine.pdf 2020-10-12 15:58 - 2020-10-12 16:02 - 038657338 _____ C:\Users\ASUS\Documents\Musuh Bebuyutan by Sally Thorne.pdf 2020-10-11 16:13 - 2020-10-11 16:13 - 000002874 _____ C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viu.lnk 2020-10-10 20:26 - 2020-10-12 18:11 - 001377333 _____ C:\Users\ASUS\Documents\the-hating-game.pdf ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-11-07 00:02 - 2020-06-14 02:17 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\Smadav 2020-11-06 23:58 - 2019-12-07 16:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-11-06 23:57 - 2020-06-14 01:27 - 000000000 __SHD C:\Users\ASUS\IntelGraphicsProfiles 2020-11-06 23:56 - 2020-08-30 14:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-11-06 23:56 - 2020-08-30 13:30 - 000008192 ___SH C:\DumpStack.log.tmp 2020-11-06 23:56 - 2020-06-21 11:47 - 000008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat 2020-11-06 23:56 - 2020-06-14 01:26 - 000000000 ____D C:\ProgramData\NVIDIA 2020-11-06 23:56 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\ServiceState 2020-11-06 23:55 - 2019-12-07 16:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2020-11-06 23:28 - 2020-08-30 13:31 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2020-11-06 19:40 - 2020-06-21 12:25 - 000000000 ____D C:\Users\ASUS\AppData\Local\CrashDumps 2020-11-06 17:13 - 2020-08-30 13:38 - 000000000 ____D C:\Users\ASUS 2020-11-06 16:54 - 2019-12-07 16:13 - 000000000 ____D C:\WINDOWS\INF 2020-11-06 11:41 - 2020-06-14 01:26 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2020-11-06 08:54 - 2020-08-31 02:35 - 000489734 _____ C:\WINDOWS\system32\perfh011.dat 2020-11-06 08:54 - 2020-08-31 02:35 - 000133410 _____ C:\WINDOWS\system32\perfc011.dat 2020-11-06 08:54 - 2020-08-31 02:11 - 000499778 _____ C:\WINDOWS\system32\perfh012.dat 2020-11-06 08:54 - 2020-08-31 02:11 - 000133434 _____ C:\WINDOWS\system32\perfc012.dat 2020-11-06 08:54 - 2020-08-30 13:50 - 002072138 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2020-11-05 23:30 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\Help 2020-11-05 23:29 - 2020-06-14 01:27 - 000000000 ____D C:\Program Files (x86)\VulkanRT 2020-11-05 23:29 - 2020-06-14 01:26 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2020-11-05 23:29 - 2020-06-14 01:26 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2020-11-05 19:50 - 2019-12-07 16:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2020-11-05 18:16 - 2019-12-07 16:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2020-11-05 17:13 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2020-11-05 09:56 - 2020-06-13 23:48 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2020-11-05 09:49 - 2020-06-22 12:03 - 000795000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2020-11-05 05:27 - 2020-06-20 22:43 - 000000000 ____D C:\Users\ASUS\AppData\Local\ElevatedDiagnostics 2020-11-05 04:54 - 2020-06-14 02:16 - 000000000 ____D C:\ProgramData\Avast Software 2020-11-05 03:54 - 2019-12-07 16:14 - 000000000 ___HD C:\Program Files\WindowsApps 2020-11-05 03:44 - 2020-06-14 02:15 - 000000000 ____D C:\ProgramData\KMSAutoS 2020-11-04 17:56 - 2020-06-20 22:26 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2020-11-04 14:18 - 2019-12-07 16:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2020-11-04 08:11 - 2020-06-14 01:30 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2020-11-04 07:37 - 2019-12-07 16:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2020-11-04 07:29 - 2020-07-03 11:48 - 000000000 ____D C:\Users\ASUS\AppData\Local\Spotify 2020-11-04 07:19 - 2020-07-02 12:21 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\Spotify 2020-11-04 07:03 - 2020-08-30 14:30 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2020-11-04 07:03 - 2020-08-30 14:30 - 000003346 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2020-11-04 07:03 - 2020-08-30 14:30 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2020-11-04 07:03 - 2020-08-30 14:30 - 000003122 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2020-11-04 07:03 - 2020-08-30 14:30 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1429262469-2834305963-1999796374-1001 2020-11-04 07:03 - 2020-08-30 14:30 - 000002416 _____ C:\WINDOWS\system32\Tasks\smadav 2020-11-04 07:03 - 2020-08-30 14:30 - 000002346 _____ C:\WINDOWS\system32\Tasks\RtHDVBg_ListenToDevice 2020-11-04 07:03 - 2020-08-30 14:30 - 000002302 _____ C:\WINDOWS\system32\Tasks\RTKCPL 2020-11-03 15:39 - 2020-06-14 01:41 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-11-03 15:39 - 2020-06-14 01:41 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2020-11-03 15:39 - 2020-06-14 01:41 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2020-11-02 18:36 - 2020-09-11 19:31 - 000000000 ____D C:\Users\ASUS\Downloads\Telegram Desktop 2020-11-02 18:32 - 2020-09-10 16:58 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\Telegram Desktop 2020-11-02 15:19 - 2019-12-07 16:14 - 000000000 ____D C:\WINDOWS\system32\NDF 2020-11-02 13:57 - 2020-06-14 00:03 - 000000000 ___RD C:\Users\ASUS\OneDrive 2020-11-01 22:00 - 2020-08-13 13:07 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\vlc 2020-10-31 12:16 - 2020-06-13 23:59 - 000000000 ____D C:\Users\ASUS\AppData\Local\Packages 2020-10-26 20:06 - 2020-06-14 00:16 - 000000000 ____D C:\ProgramData\Packages 2020-10-25 22:30 - 2020-06-20 23:40 - 000000000 ____D C:\Users\ASUS\AppData\Local\PlaceholderTileLogoFolder 2020-10-22 19:31 - 2020-06-14 02:17 - 000000000 __SHD C:\[Smad-Cage] 2020-10-20 17:53 - 2020-06-14 02:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMADAV Antivirus 2020-10-20 17:53 - 2020-06-14 02:17 - 000000000 ____D C:\Program Files (x86)\SMADAV 2020-10-12 15:53 - 2020-08-12 21:33 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\Foxit Software ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Addition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted November 6, 2020 ID:1419034 Share Posted November 6, 2020 Hiya commegalife, Thanks for those logs, continue: Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and run the updated version.NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The following directories are emptied: Â Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. Next, Please download Zemana AntiMalware and save it to your Desktop. Â Install the program and once the installation is complete it will start automatically. Without changing any options, press Scan to begin. After the short scan is finished, if threats are detected press Next to remove them. Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually. Open Zemana again then do the following to get the latest report Open Reports > select the report in question to highlight > select "Ctrl - A" keys together to highlight full report message > then "Ctrl - C" keys to copy to clipboard > then open notepad and select paste to copy the report there, then attach to reply.... Let me see those logs.... Next, Download "Microsoft's Safety Scanner" and save direct to the desktop Ensure to get the correct version for your system....https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Right click on the Tool, select Run as Administrator the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\msert.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Let me see those logs in your reply... Thank you, Kevin.. fixlist.txt 1 Link to post Share on other sites More sharing options...
commegalife Posted November 6, 2020 Author ID:1419077 Share Posted November 6, 2020 Hi, Kevin! Thank you! I will follow your next instruction, but before, I'd like to ask FRST won't delete the files in the download folder, will it? I just want to make sure since I ran FRST64 from there 🥺 Link to post Share on other sites More sharing options...
kevinf80 Posted November 6, 2020 ID:1419080 Share Posted November 6, 2020 Nothing will be removed from your downloads folder..... 1 Link to post Share on other sites More sharing options...
commegalife Posted November 6, 2020 Author ID:1419082 Share Posted November 6, 2020 Kevin, the computer restarted, but the FRST tool didn't run after restart. Is that okay? Or it should've run again after restart? I check my folder, your fixlist.txt is gone, and there's fixlog.txt Link to post Share on other sites More sharing options...
commegalife Posted November 6, 2020 Author ID:1419086 Share Posted November 6, 2020 Fix result of Farbar Recovery Scan Tool (x64) Version: 06-11-2020 Ran by ASUS (07-11-2020 05:13:46) Run:1 Running from C:\Users\ASUS\Downloads Loaded Profiles: ASUS Boot Mode: Normal ============================================== fixlist content: ***************** SystemRestore: On CreateRestorePoint: CloseProcesses: HKU\S-1-5-21-1429262469-2834305963-1999796374-1001\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-1429262469-2834305963-1999796374-1001\...\Policies\Explorer\DisallowRun: [1] Mshta.exe HKU\S-1-5-21-1429262469-2834305963-1999796374-1001\...\Policies\Explorer\DisallowRun: [2] powershell.exe HKU\S-1-5-21-1429262469-2834305963-1999796374-1001\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTIONÂ S3 HIDSwitch; \SystemRoot\System32\drivers\AsHIDSwitch64.sys [X]Â 2020-11-06 23:58 - 2020-11-06 23:58 - 000000000 ____D C:\Users\ASUS\AppData\Roaming\EpicNet Inc 2020-11-06 23:58 - 2020-11-06 23:58 - 000000000 ____D C:\Users\ASUS\AppData\Local\EpicNet Inc 2020-11-06 08:54 - 2020-08-31 02:35 - 000489734 _____ C:\WINDOWS\system32\perfh011.dat 2020-11-06 08:54 - 2020-08-31 02:35 - 000133410 _____ C:\WINDOWS\system32\perfc011.dat 2020-11-06 08:54 - 2020-08-31 02:11 - 000499778 _____ C:\WINDOWS\system32\perfh012.dat 2020-11-06 08:54 - 2020-08-31 02:11 - 000133434 _____ C:\WINDOWS\system32\perfc012.dat 2020-11-06 08:54 - 2020-08-30 13:50 - 002072138 _____ C:\WINDOWS\system32\PerfStringBackup.INI ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => Â -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => Â -> No File CMD: winmgmt /verifyrepository cmd: sfc /scannow Hosts: EmptyTemp: ***************** SystemRestore: On => completed Restore point was successfully created. Processes closed successfully. "HKU\S-1-5-21-1429262469-2834305963-1999796374-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisallowRun" => removed successfully "HKU\S-1-5-21-1429262469-2834305963-1999796374-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\1" => removed successfully "HKU\S-1-5-21-1429262469-2834305963-1999796374-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\2" => removed successfully "HKU\S-1-5-21-1429262469-2834305963-1999796374-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\3" => removed successfully HKLM\SOFTWARE\Policies\Mozilla => removed successfully HKLM\SOFTWARE\Policies\Google => removed successfully HKLM\System\CurrentControlSet\Services\HIDSwitch => removed successfully HIDSwitch => service removed successfully "C:\Users\ASUS\AppData\Roaming\EpicNet Inc" => not found "C:\Users\ASUS\AppData\Local\EpicNet Inc" => not found C:\WINDOWS\system32\perfh011.dat => moved successfully C:\WINDOWS\system32\perfc011.dat => moved successfully C:\WINDOWS\system32\perfh012.dat => moved successfully C:\WINDOWS\system32\perfc012.dat => moved successfully C:\WINDOWS\system32\PerfStringBackup.INI => moved successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully ========= winmgmt /verifyrepository ========= WMI repository is consistent ========= End of CMD: ========= ========= sfc /scannow ========= Beginning system scan. Â This process will take some time. There is a system repair pending which requires reboot to complete. Â Restart Windows and run sfc again. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 10248192 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 748478639 B Java, Flash, Steam htmlcache => 1083 B Windows/system/drivers => 110702221 B Edge => 2834255 B Chrome => 301581563 B Firefox => 37540094 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 264156 B NetworkService => 11193042 B ASUS => 197738230 B RecycleBin => 0 B EmptyTemp: => 1.3 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 05:20:53 ==== Link to post Share on other sites More sharing options...
commegalife Posted November 6, 2020 Author ID:1419089 Share Posted November 6, 2020 Scan Information Product Name    :  Zemana AntiMalware Scan Status    :  Completed Scan Date    :  11/7/2020 5:59:39 AM Scan Type    :  Smart Scan Scan Duration    :  00:01:53 Scanned Objects    :  1885 Detected Objects    :  3 Excluded Objects    :  0 Auto Upload    :  True OS    :  Windows 10 x64 Processor    :  4X Intel(R) Core(TM) i3-7100U CPU @ 2.40GHz BIOS Mode    :  UEFI Domain Info    :  WORKGROUP,False,NetSetupWorkgroupName CUID    :  12FFBE897A77DBCD7E0904  Detections MD5    :   Status    :  Scanned Object    : https://securesearch.org/homepage?hp Publisher    :   Size    :  0 Detection    :  Hijack:Browser/FirefoxHomepage Action    :  Delete ----------------------------------------------------------------------- MD5    :   Status    :  Scanned Object    : https://securesearch.org/homepage?hp Publisher    :   Size    :  0 Detection    :  Hijack:Browser/FirefoxNewtab Action    :  Delete ----------------------------------------------------------------------- MD5    :   Status    :  Scanned Object    :  default search engine - http://securesearch.org Publisher    :   Size    :  0 Detection    :  Hijack:Browser/FirefoxSearch Action    :  Delete ----------------------------------------------------------------------- Link to post Share on other sites More sharing options...
commegalife Posted November 6, 2020 Author ID:1419094 Share Posted November 6, 2020 --------------------------------------------------------------------------------------- Microsoft Safety Scanner v1.0, (build 1.327.458.0) Started On Sat Nov 07 06:12:35 2020 ->Scan ERROR: resource process://pid:100,ProcessStart:132491773885493814 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:388,ProcessStart:132491773978656659 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:624,ProcessStart:132491774261430951 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:724,ProcessStart:132491774269809174 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:744,ProcessStart:132491774269910525 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:792,ProcessStart:132491774270441670 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:2428,ProcessStart:132491774287625670 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:4048,ProcessStart:132491774312948898 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:5092,ProcessStart:132491774325346910 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:1248,ProcessStart:132491775280274159 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:9712,ProcessStart:132491775527442990 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:6776,ProcessStart:132491775716964856 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:10692,ProcessStart:132491776416944288 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:8232,ProcessStart:132491778663502601 (code 0x0000012B (299)) ->Scan ERROR: resource process://pid:7836,ProcessStart:132491779452674405 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:9712,ProcessStart:132491775527442990 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:4048,ProcessStart:132491774312948898 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:1248,ProcessStart:132491775280274159 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:6776,ProcessStart:132491775716964856 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:10692,ProcessStart:132491776416944288 (code 0x00000005 (5)) ->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000021 (33)) ->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000021 (33)) ->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000021 (33)) ->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000021 (33)) ->Scan ERROR: resource file://C:\swapfile.sys (code 0x00000021 (33)) ->Scan ERROR: resource file://C:\swapfile.sys (code 0x00000021 (33)) ->Scan ERROR: resource process://pid:4048,ProcessStart:132491774312948898 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:4048,ProcessStart:132491774312948898 (code 0x00000005 (5)) Quick Scan Results for 1EE93A40-7CF2-4B6F-9B22-FA1ACD617999: ---------------- Threat detected: VirTool:Win32/DefenderTamperingRestore   regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware     SigSeq: 0x0000055555C57273 Quick Scan Removal Results ---------------- Start 'remove' for regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware Operation succeeded ! Results Summary: ---------------- Found VirTool:Win32/DefenderTamperingRestore and Removed! Microsoft Safety Scanner Finished On Sat Nov 07 06:41:27 2020 Return code: 6 (0x6)  Link to post Share on other sites More sharing options...
commegalife Posted November 6, 2020 Author ID:1419096 Share Posted November 6, 2020 Hi, Kevin! I've finished the steps in your instruction and those are the logs. Thank you! Link to post Share on other sites More sharing options...
kevinf80 Posted November 7, 2020 ID:1419169 Share Posted November 7, 2020 Hello commegalife, Thanks for those logs, what is happening with your system now, any remaining issues or concerns...? Thank you, Kevin... Link to post Share on other sites More sharing options...
commegalife Posted November 7, 2020 Author ID:1419171 Share Posted November 7, 2020 The virus is still there 😠Link to post Share on other sites More sharing options...
kevinf80 Posted November 7, 2020 ID:1419176 Share Posted November 7, 2020 How does this virus return, is it after a reboot? or after opening any specific Program or Browser Link to post Share on other sites More sharing options...
commegalife Posted November 7, 2020 Author ID:1419178 Share Posted November 7, 2020 After reboot Please don't tell me to reinstall the windows 😠Link to post Share on other sites More sharing options...
kevinf80 Posted November 7, 2020 ID:1419179 Share Posted November 7, 2020 Hiya commegalife, Please download Malwarebytes Anti-Rootkit from here Right click on the tool (select "Run as Administrator) to start the extraction to a convenient location. (Desktop is preferable) Open the folder where the contents were unzipped and run mbar.exe Follow the instructions in the wizard to update and allow the program to scan your computer for threats. Click on the Cleanup button to remove any threats and reboot if prompted to do so. Wait while the system shuts down and the cleanup process is performed. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process. When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt Thank you, Kevin... Link to post Share on other sites More sharing options...
commegalife Posted November 7, 2020 Author ID:1419207 Share Posted November 7, 2020 Hi, Kevin Here's the log from MBAR.system-log.txt..  Thank you mbar-log-2020-11-07 (17-43-27).txt mbar-log-2020-11-07 (19-26-30).txt mbar-log-2020-11-07 (20-07-39).txt Link to post Share on other sites More sharing options...
commegalife Posted November 7, 2020 Author ID:1419208 Share Posted November 7, 2020 And this is the sytem-log Thank you, Kevin system-log.txt Link to post Share on other sites More sharing options...
kevinf80 Posted November 7, 2020 ID:1419216 Share Posted November 7, 2020 Any improvement...? Link to post Share on other sites More sharing options...
commegalife Posted November 7, 2020 Author ID:1419217 Share Posted November 7, 2020 No, even after MBAR removed them, when I reboot my laptop, and rescan it again before opening any application (except the startup ones) using MBAR, the virus keeps coming back 😅 Link to post Share on other sites More sharing options...
kevinf80 Posted November 7, 2020 ID:1419219 Share Posted November 7, 2020 Reset your router, instructons available at the following link:http://setuprouter.com/networking/how-to-reset-your-router/ Follow those instructions very carefully. Next, Download and unzip DNSJumper to your Desktop, the tool is portable no installation necessary. Tool can be downloaded here: http://www.sordum.org/downloads/?dns-jumper  Right click on Dnsjumper.exe and select "Run as Administrator" to start the tool, For XP just double click to run. rom the left hand pane select "Flush DNS" From the main interface select the dropdown under "Choose a DNS Server" From the list select either "Google Public DNS" or "Open DNS" From the left hand pane select "Apply DNS" When done re-boot your system.... Next, Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following:  Click on the Detection History tab > from main interface. Then click on "History" that will open to a historical list Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply  Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Reboot your PC then do another scan with Malwarebytes, has it returned again..? Thanks, Kevin.. Link to post Share on other sites More sharing options...
commegalife Posted November 7, 2020 Author ID:1419220 Share Posted November 7, 2020 Hi, Kevin, I'm not using any router. I'm using hotspot or bluetooth tethering from my phone 🙈  Link to post Share on other sites More sharing options...
kevinf80 Posted November 7, 2020 ID:1419223 Share Posted November 7, 2020 Set windows up for "Clean Boot" mode, full instructions here: https://support.microsoft.com/en-gb/kb/929135 Basically all none MS services are disabled, see how your system runs in that mode. With your system in clean boot mode remove the issues with Malwarebytes, reboot and see if they return.. Link to post Share on other sites More sharing options...
Recommended Posts