Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Rootkit?, Syware?, Malware?, Keylogger?, can't identify.


Recommended Posts

So i downloaded a virus way back it ran CMD but requested a file replace, didnt give it perms and i closed the program and deleted it, and my discord got hacked so i ran malwarebytes, ran a scan and removed detections, and 2 days later all my saved Gmails in my computer needed to be reverified, not trying to sign in, needed to be reverified, and now 2022 some brazilian tried to sign in to one of my Gmails so i changed the password and now im paranoid, Ran MVAR, TDDSkiller, Rkill, and RogueKiller, i am so paranoid please help

Link to post
Share on other sites

  • Replies 63
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

Hello @IamDumb and :welcome:

Please run the following and we'll see what we can find and get you fixed up if needed.

 

 

Please run the following steps and post back the logs as an attachment when ready.
Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed.
Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed.
If you still have trouble downloading the software please click on Reveal Hidden Contents below for examples of how to allow the download.

 

Spoiler
 
 
 
 
Spoiler

When downloading with some browsers you may see a different style of screens that may block FRST from downloading. The program is safe and used hundreds of times a week by many users.

Example of Microsoft Edge blocking the download

image.png

image.png

image.png

 



STEP 01

  • If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Double-click to run the program
  • Accept the End User License Agreement.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, if items are found please click Quarantine.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here each time
  • Please attach the Additions.txt log to your reply as well.
  • On your next reply, you should be attaching frst.txt and additions.txt to your post, every time.

 

Thanks

Link to post
Share on other sites

  • Root Admin

Please run the requested scans and post back the requested logs or we will not be able to assist you.

If it is a firmware rootkit there is not cure. Throw the computer away. 

Sorry, I'm being facetious. The point is stop trying to scare yourself with boogeyman things you've read in some magazine or web article. 

Run the requested scans and post back the logs.

Thank you

 

Link to post
Share on other sites

Im sorry, Here are the files
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2022 01
Ran by ligma (17-02-2022 20:08:34)
Running from C:\Users\ligma\Downloads
Microsoft Windows 11 Home Single Language Version 21H2 22000.493 (X64) (2021-11-22 07:11:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-186171375-666470736-2748468894-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-186171375-666470736-2748468894-503 - Limited - Disabled)
Guest (S-1-5-21-186171375-666470736-2748468894-501 - Limited - Disabled)
ligma (S-1-5-21-186171375-666470736-2748468894-1001 - Administrator - Enabled) => C:\Users\ligma
WDAGUtilityAccount (S-1-5-21-186171375-666470736-2748468894-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ASUS GPU TweakII (HKLM-x32\...\InstallShield_{2914BAB6-CA16-4B5A-BF41-2466656C7040}) (Version: 2.3.8.0 - ASUSTek COMPUTER INC.)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden
blender (HKLM\...\{E25D8B7D-33C9-42AC-9BF7-291767CAA4DE}) (Version: 3.0.1 - Blender Foundation)
CCleaner (HKLM\...\CCleaner) (Version: 5.89 - Piriform)
Cheat Engine 7.3 (HKLM\...\Cheat Engine_is1) (Version:  - Cheat Engine)
Discord (HKU\S-1-5-21-186171375-666470736-2748468894-1001\...\Discord) (Version: 1.0.9003 - Discord Inc.)
Discord (HKU\S-1-5-21-186171375-666470736-2748468894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Discord) (Version: 1.0.9003 - Discord Inc.)
Documentation Manager (HKLM\...\{BBADC524-5F32-4DF2-AF23-81B4D10FAA4E}) (Version: 22.90.0.5 - Intel Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{209F4B4B-3DF2-4825-9906-D4D6A80EC09E}) (Version: 1.3.0.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.)
Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 98.0.4758.102 - Google LLC)
HWiNFO64 Version 7.16 (HKLM\...\HWiNFO64_is1) (Version: 7.16 - Martin Malik - REALiX)
Intel Processor Diagnostic Tool 64bit (HKLM\...\{6E05E656-6ED8-49DE-AA9C-C4677F7086C5}) (Version: 4.1.5 - Intel Corporation)
Intel(R) Graphics Driver Software (HKLM-x32\...\{b4e016a7-e963-49d7-9b66-4d635026af31}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00002090-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.90.2.1 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{bc0ed593-235e-47bf-9b81-bb287a4eea34}) (Version: 22.90.0.5 - Intel Corporation) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lively Wallpaper version 1.7.4.2 (HKU\.DEFAULT\...\{E3E43E1B-DEC8-44BF-84A6-243DBA3F2CB1}}_is1) (Version: 1.7.4.2 - rocksdanister)
Malwarebytes version 4.5.4.168 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.4.168 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 98.0.1108.50 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 98.0.1108.50 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-186171375-666470736-2748468894-1001\...\OneDriveSetup.exe) (Version: 22.012.0117.0003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-186171375-666470736-2748468894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 22.012.0117.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{2FA9DAAC-895B-4E99-99D9-DC2965FBE79C}) (Version: 2.87.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30139 (HKLM-x32\...\{2c673fb6-3e65-4751-965d-33d30b68a8a6}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 3.1.21 (x86) (HKLM-x32\...\{d1c9f155-e14a-4486-b545-dde658719aac}) (Version: 3.1.21.30622 - Microsoft Corporation)
Mz Game Accelerator (HKLM\...\MzGameAccelerator_is1) (Version: 1.1.0 - Mz Game Accelerator)
NVIDIA FrameView SDK 1.2.7321.30900954 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.7321.30900954 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.25.0.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.25.0.84 - NVIDIA Corporation)
NVIDIA Graphics Driver 511.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 511.65 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.1.3 - OBS Project)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.5.8 - Rainmeter)
REDRAGON PERDITION Gaming Mouse (HKLM-x32\...\{54DFCAF8-3EC5-4E61-A70C-9EE17DE8AE5C}}_is1) (Version:  - )
Riot Vanguard (HKLM\...\Riot Vanguard) (Version:  - Riot Games, Inc.)
RivaTuner Statistics Server 7.3.3 (HKLM-x32\...\RTSS) (Version: 7.3.3 - Unwinder)
Roblox Player for ligma (HKU\S-1-5-21-186171375-666470736-2748468894-1001\...\roblox-player) (Version:  - Roblox Corporation)
Roblox Player for ligma (HKU\S-1-5-21-186171375-666470736-2748468894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\roblox-player) (Version:  - Roblox Corporation)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.53.576 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.9.3 - Rockstar Games)
RogueKiller version 15.2.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.2.0.0 - Adlice Software)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sublime Text 3 (HKLM-x32\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
VALORANT (HKU\S-1-5-21-186171375-666470736-2748468894-1001\...\Riot Game valorant.live) (Version:  - Riot Games, Inc)
VALORANT (HKU\S-1-5-21-186171375-666470736-2748468894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Riot Game valorant.live) (Version:  - Riot Games, Inc)
Voicemod (HKLM\...\{8435A407-F778-4647-9CDB-46E5EC50BAD0}_is1) (Version: 2.25.0.5 - Voicemod S.L.)
VSDC Free Video Editor version 6.9.5.382 (HKLM\...\VSDC Free Video Editor_is1) (Version: 6.9.5.382 - Flash-Integro LLC)
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)

Packages:
=========
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2022-01-04] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-02-04] (NVIDIA Corp.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.178.765.0_x86__zpdnekdrzrea0 [2022-02-15] (Spotify AB) [Startup Task]
TikTok -> C:\Program Files\WindowsApps\BytedancePte.Ltd.TikTok_1.0.5.0_neutral__6yccndn6064se [2022-02-13] (Bytedance Pte. Ltd.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-186171375-666470736-2748468894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{89b2b650-c4dd-d68b-46e7-3176f1973c8b}\localserver32 -> "C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-186171375-666470736-2748468894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{d936918b-9c4b-555e-074a-c79314be04e1}\localserver32 -> "C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-186171375-666470736-2748468894-1001_Classes\CLSID\{89b2b650-c4dd-d68b-46e7-3176f1973c8b}\localserver32 -> "C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-186171375-666470736-2748468894-1001_Classes\CLSID\{d936918b-9c4b-555e-074a-c79314be04e1}\localserver32 -> "C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe" -ToastActivated => No File
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_651bb78e61d538aa\OptaneShellExt.dll [2021-08-26] (Intel Corporation -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-02-17] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_651bb78e61d538aa\OptaneShellExt.dll [2021-08-26] (Intel Corporation -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_94944f9da089b579\nvshext.dll [2022-01-29] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-02-17] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.voxacm160] => C:\WINDOWS\system32\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed]
HKLM\...\Drivers32: [msacm.scg726] => C:\WINDOWS\system32\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.alf2cd] => C:\WINDOWS\system32\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lame] => C:\WINDOWS\system32\lame.ax [245760 2005-08-01] () [File not signed]
HKLM\...\Drivers32: [vidc.dvsd] => C:\WINDOWS\system32\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed]
HKLM\...\Drivers32: [vidc.mpg4] => C:\WINDOWS\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp42] => C:\WINDOWS\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp43] => C:\WINDOWS\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.xvid] => C:\WINDOWS\system32\xvidvfw.dll [139264 2004-07-03] () [File not signed]
HKLM\...\Drivers32: [vidc.DIVX] => C:\WINDOWS\system32\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP62] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.LAGS] => C:\WINDOWS\system32\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\WINDOWS\system32\rtvcvfw64.dll [246272 2012-09-29] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-29] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\ligma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Zoom.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 21" --app-id=hmbjbjdpkobdjplfobhljndfdfdipjhg
ShortcutWithArgument: C:\Users\ligma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\David Ymmanuel T. (donbosco.edu.ph) - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\ligma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69514ab4fcfe459c\Haha Plane go BRRR!! - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 19"
ShortcutWithArgument: C:\Users\ligma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\HotdogGuyy - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"

==================== Loaded Modules (Whitelisted) =============


==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\System32:tdsrinu.gfc [5882]
AlternateDataStreams: C:\ProgramData\empty.ico:8C1C1B484F [10]
AlternateDataStreams: C:\ProgramData\TEMP:FB6A21E3 [152]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk:B0FCB9B010 [10]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [5948]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\16529745.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\24536000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\25577545.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\31329004.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\37656172.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\89196043.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\91494121.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\16529745.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\24536000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\25577545.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\31329004.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\37656172.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\89196043.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\91494121.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-12-21 22:39 - 2022-02-16 20:43 - 000000822 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1       localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-186171375-666470736-2748468894-1001\Control Panel\Desktop\\Wallpaper -> c:\users\ligma\appdata\roaming\microsoft\windows\themes\wallpaperengineoverride.jpg
HKU\S-1-5-21-186171375-666470736-2748468894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> c:\users\ligma\appdata\roaming\microsoft\windows\themes\wallpaperengineoverride.jpg
DNS Servers: 192.168.18.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "Riot Vanguard"
HKLM\...\StartupApproved\Run32: => "Intel Driver & Support Assistant"
HKU\S-1-5-21-186171375-666470736-2748468894-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-186171375-666470736-2748468894-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-186171375-666470736-2748468894-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-186171375-666470736-2748468894-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-186171375-666470736-2748468894-1001\...\StartupApproved\Run: => "{FBEC385C-5D3B-4827-9879-F157FA9E349F}"
HKU\S-1-5-21-186171375-666470736-2748468894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-186171375-666470736-2748468894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-186171375-666470736-2748468894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-186171375-666470736-2748468894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-186171375-666470736-2748468894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "{FBEC385C-5D3B-4827-9879-F157FA9E349F}"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [Microsoft-Windows-Unified-Telemetry-Client] => (Block) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{E56994ED-0A23-40CA-A2B4-4643F880D7AB}] => (Allow) C:\Users\ligma\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{2B9B6A65-9822-422D-BF5B-7C2220F1B90F}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{043FC252-AA9B-410B-BE06-BBA92468F391}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{49CAAD49-EB05-45A2-88D0-3A1A54507E4B}] => (Allow) D:\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{1F842107-9CCF-41F2-951C-F86F00BCF235}] => (Allow) D:\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [UDP Query User{6CF399DF-A615-4A35-B03E-A26F47F17D69}D:\paladins\binaries\win64\paladins.exe] => (Allow) D:\paladins\binaries\win64\paladins.exe => No File
FirewallRules: [TCP Query User{7AD2FD3F-BA71-4FEE-B566-DD2F36CB2CE1}D:\paladins\binaries\win64\paladins.exe] => (Allow) D:\paladins\binaries\win64\paladins.exe => No File
FirewallRules: [{30AEC8C4-DA83-466B-AC7C-7E1EB9602ECA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{F4153679-9413-4C1D-A455-E55602E53B36}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{28BC2A36-1217-41C5-982A-3CCB146C6FFB}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_21302.202.1065.6968_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B5D5BE24-9048-4031-AC19-60711FE0366E}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_21302.202.1065.6968_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7F1A7301-DC1D-41DC-87A4-9E590C1A994D}] => (Allow) D:\Steam\steamapps\common\Redmatch 2\Redmatch 2.exe () [File not signed]
FirewallRules: [{56E4A304-80CA-4697-B940-4C082250FCA6}] => (Allow) D:\Steam\steamapps\common\Redmatch 2\Redmatch 2.exe () [File not signed]
FirewallRules: [TCP Query User{321EC967-69BE-4A75-A39F-28E0DAD0BA2E}C:\users\ligma\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\ligma\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe => No File
FirewallRules: [UDP Query User{C9C5A99B-F532-4994-8B71-B12114957D6F}C:\users\ligma\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\ligma\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe => No File
FirewallRules: [TCP Query User{28127A34-974D-4373-AB64-2821AD494557}C:\users\ligma\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\ligma\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe => No File
FirewallRules: [UDP Query User{4D439FD0-7C81-438A-A1D5-7174EE6DB09D}C:\users\ligma\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\ligma\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe => No File
FirewallRules: [TCP Query User{4082EC1F-15E8-4695-BC75-4D4111AADC38}D:\gtav\gta5.exe] => (Allow) D:\gtav\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{9A096CA7-49FB-44BD-93F8-EBB7F8A1EA45}D:\gtav\gta5.exe] => (Allow) D:\gtav\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{A3242202-D364-4D55-9BD4-7B791A007CDF}D:\riot games\riot client\riotclientservices.exe] => (Allow) D:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{051D4D00-8B9C-4D43-803D-C887978AE11C}D:\riot games\riot client\riotclientservices.exe] => (Allow) D:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{0B3688B6-73A4-4280-81B8-B16507E2E1F2}D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{07CFACFB-F372-4C8F-AD56-433FA8DFCA1A}D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{43272257-B9C2-43A5-8A6C-ACA08461FF17}D:\steam\steamapps\common\u3ds\unturned.exe] => (Allow) D:\steam\steamapps\common\u3ds\unturned.exe => No File
FirewallRules: [UDP Query User{256CB580-CCBB-4848-A019-CCBB836BFFA1}D:\steam\steamapps\common\u3ds\unturned.exe] => (Allow) D:\steam\steamapps\common\u3ds\unturned.exe => No File
FirewallRules: [{B0DB963E-4842-4B5F-850C-426AEB7C6965}] => (Allow) LPort=27018
FirewallRules: [{58140381-66CD-4D28-8EC5-5375CD72FA50}] => (Allow) LPort=27018
FirewallRules: [{B360BD43-ECD8-4865-8B21-2002A0B63D25}] => (Allow) D:\Steam\steamapps\common\Aim Lab\AimLab_tb.exe () [File not signed]
FirewallRules: [{6F9814FE-5573-4D9A-99A6-303D82B7CDA4}] => (Allow) D:\Steam\steamapps\common\Aim Lab\AimLab_tb.exe () [File not signed]
FirewallRules: [{C124FC9E-D83F-46EF-8A72-484E7160BADE}] => (Allow) D:\Steam\steamapps\common\Aim Lab\AimLab.exe => No File
FirewallRules: [{C1C5EA79-2B1F-41E1-B7F1-884F916EF5DD}] => (Allow) D:\Steam\steamapps\common\Aim Lab\AimLab.exe => No File
FirewallRules: [TCP Query User{A36F40F5-A124-4BE0-90B9-2815F555E8C1}C:\windows\bfsvc.exe] => (Block) C:\windows\bfsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{1D6B78F1-5731-41F9-839A-78208770B9F8}C:\windows\bfsvc.exe] => (Block) C:\windows\bfsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CDD80A07-FF2C-452A-B24C-C1AF4120D812}] => (Allow) C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe => No File
FirewallRules: [{D387F635-BB92-476D-8F04-A1FB0DA1F58A}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
FirewallRules: [{F5D7C1C9-C53F-44EB-B898-0C1A66CE0A56}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
FirewallRules: [{DA868C42-D8A5-4BFF-BB0E-9E7E168CE2D4}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
FirewallRules: [{E6566119-D0B2-4B7D-95CF-31AC5C2869A8}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
FirewallRules: [{43D7E985-12AC-4907-B173-1E4BFCF69E6D}] => (Allow) D:\Steam\steamapps\common\ForzaHorizon4\ForzaWebHelper.exe () [File not signed]
FirewallRules: [{6957D32F-DFFD-499E-B786-305808CBE5E7}] => (Allow) D:\Steam\steamapps\common\ForzaHorizon4\ForzaWebHelper.exe () [File not signed]
FirewallRules: [{14EE4DD8-14EE-417A-903D-0FA39E3FDD48}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Multilab LLC)
FirewallRules: [{813AE2B3-CE7E-4DDF-AEC3-A5F7AA23071B}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Multilab LLC)
FirewallRules: [{C9BBE28F-320E-4F62-B17E-48D8EEEE6692}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Multilab LLC)
FirewallRules: [{F9E1E3A4-BD80-42E6-AAF2-7652CBE819EF}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Multilab LLC)
FirewallRules: [{74C84591-1800-4FAF-9609-8923BD5D0E46}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Multilab LLC)
FirewallRules: [{62921F5F-74C1-466B-8829-028076826DD3}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Multilab LLC)
FirewallRules: [{4A02AF0A-063C-40D3-B16D-C36EEB22E5C5}] => (Allow) D:\Steam\steamapps\common\Crab Game\Crab Game.exe () [File not signed]
FirewallRules: [{DAFBD07E-464A-4331-B4E0-113C69B64012}] => (Allow) D:\Steam\steamapps\common\Crab Game\Crab Game.exe () [File not signed]
FirewallRules: [{25D4C970-01A0-4670-9005-4B79C3E037B6}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
FirewallRules: [{138BB44E-7DFA-4D87-AA1E-CC33F0C6BE20}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
FirewallRules: [{0DAD97C8-117D-4A87-9899-0043583DE869}] => (Allow) D:\Steam\steamapps\common\BattleBit Remastered Playtest\BattleBit.exe () [File not signed]
FirewallRules: [{BF05E113-FB8B-467B-89B1-B3AAB1B064DD}] => (Allow) D:\Steam\steamapps\common\BattleBit Remastered Playtest\BattleBit.exe () [File not signed]
FirewallRules: [{012DE07C-99A9-48E1-8595-06E95FF35655}] => (Allow) D:\Steam\steamapps\common\Splitgate\equ8-launcher.exe (Int3 Software AB -> Int3 Software AB)
FirewallRules: [{17E5A709-2AD0-4E94-9D6E-F6832895B2E3}] => (Allow) D:\Steam\steamapps\common\Splitgate\equ8-launcher.exe (Int3 Software AB -> Int3 Software AB)
FirewallRules: [{E17E72B2-9960-425A-AD83-88FA29F0B0BF}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Multilab LLC)
FirewallRules: [{254AAE9D-F0BC-48E4-AEBB-5CC82B35A0AC}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Multilab LLC)
FirewallRules: [{C148D30C-8CB1-4619-8F6D-07587242A869}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Multilab LLC)
FirewallRules: [{7E69C2D9-7797-4648-BECB-3CD5E4E3DEBC}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Multilab LLC)
FirewallRules: [{613ACD48-4FE2-4A6D-96F6-9568D166F994}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Multilab LLC)
FirewallRules: [{ED72ABAE-F026-4E14-BC0A-3EC48CC72731}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Multilab LLC)
FirewallRules: [{D83D9A07-25E4-4EF7-91CF-EBBFDDDCF056}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\98.0.1108.50\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C8DA1CD2-E081-41A4-9261-8F66184E00B5}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [{B18057F3-80DE-40EA-A1AF-46DC140AA013}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [{98D04222-3DBD-42C9-A7ED-EB99099F046E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.178.765.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{61740CB2-C57F-4CD0-B70B-709225700C81}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.178.765.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7B198D1B-1EEC-493A-BF01-423AF5B9854B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.178.765.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{40CA9C76-9DD9-42C1-9DE0-AD49CE1FCE96}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.178.765.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{56D29241-0508-47E7-B137-C55ABBC83798}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.178.765.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{04166C9C-CA2E-4849-B063-4D38C3A4B4D9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.178.765.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5436D21B-2BBD-4FE1-A192-21C7E7D5A875}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.178.765.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{ABC812FE-6BAB-40AB-B8C7-4BBDD7710762}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.178.765.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{756886FF-347A-48CB-9A70-C2610776A692}D:\steam\steamapps\common\forzahorizon4\forzahorizon4.exe] => (Allow) D:\steam\steamapps\common\forzahorizon4\forzahorizon4.exe () [File not signed]
FirewallRules: [UDP Query User{B9A259F5-F76F-49A9-99AF-B42651E1A912}D:\steam\steamapps\common\forzahorizon4\forzahorizon4.exe] => (Allow) D:\steam\steamapps\common\forzahorizon4\forzahorizon4.exe () [File not signed]
FirewallRules: [{2DA9304C-C938-46EE-AFA9-3C98544726D7}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A6FE9D20-7B20-433D-BD3A-B7284817113A}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{EEE72398-B81F-499D-B74E-F1596D01EE7F}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{1E79C16E-4D33-4759-8807-C81A3307A659}] => (Block) C:\WINDOWS\System32\certutil.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{BF94E54B-D425-43F8-8288-F83B0D474562}] => (Block) C:\WINDOWS\System32\certreq.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{6512F29D-EE7F-4AF6-80CC-4A012113F8F5}] => (Block) C:\WINDOWS\System32\certreq.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{BE768027-A1B0-4783-9AAD-C5DC2F7CFED7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{96DF35CD-1FBC-4B68-AAA1-988A63DE726F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{88C6A219-35EE-4D00-AF15-B0648580020D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{429A8956-2B5F-462E-AC0A-2CE992146D18}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)

==================== Restore Points =========================

15-02-2022 18:12:21 Windows Modules Installer
15-02-2022 18:12:34 Windows Modules Installer
15-02-2022 18:12:46 Windows Modules Installer
15-02-2022 18:12:56 Windows Modules Installer
16-02-2022 17:41:44 Windows Modules Installer

==================== Faulty Device Manager Devices ============

Name: HD User Facing
Description: USB Video Device
Class Guid: {ca3e7ab9-b4c3-4ae6-8251-579ef933890f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (02/17/2022 08:00:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program {9496B127-1448-4EDB-9C12-98C897075D68}.exe version 3.1.0.28 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 4e8

Start Time: 01d823f5301b8ff1

Termination Time: 4294967295

Application Path: C:\Users\ligma\AppData\Local\Temp\{71D8E92D-E70F-4D15-AC65-59EDB62A69BA}\{9496B127-1448-4EDB-9C12-98C897075D68}.exe

Report Id: 196b3589-6e39-48fe-a066-a2c068a6c2d5

Faulting package full name: 

Faulting package-relative application ID: 

Hang type: Top level window is idle

Error: (02/17/2022 07:28:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: atkexComSvc.exe, version: 1.0.0.1, time stamp: 0x6001030f
Faulting module name: atkexComSvc.exe, version: 1.0.0.1, time stamp: 0x6001030f
Exception code: 0xc0000005
Fault offset: 0x0001d352
Faulting process id: 0x9cc
Faulting application start time: 0x01d823f17197d0b9
Faulting application path: C:\Program Files (x86)\ASUS\AXSP\4.02.03\atkexComSvc.exe
Faulting module path: C:\Program Files (x86)\ASUS\AXSP\4.02.03\atkexComSvc.exe
Report Id: c6f83a66-d752-497e-bb0b-6dda8faf89d5
Faulting package full name: 
Faulting package-relative application ID:

Error: (02/17/2022 07:25:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SophosInstall_Stage2.exe version 1.2.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1db0

Start Time: 01d823efc304ae80

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Sophos\CloudInstaller\SophosInstall_Stage2.exe

Report Id: acf7147a-4fa3-4300-9dc0-002064b72a2a

Faulting package full name: 

Faulting package-relative application ID: 

Hang type: Top level window is idle

Error: (02/17/2022 07:12:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: atkexComSvc.exe, version: 1.0.0.1, time stamp: 0x6001030f
Faulting module name: atkexComSvc.exe, version: 1.0.0.1, time stamp: 0x6001030f
Exception code: 0xc0000005
Fault offset: 0x0001d352
Faulting process id: 0x9cc
Faulting application start time: 0x01d823ef3d87dc19
Faulting application path: C:\Program Files (x86)\ASUS\AXSP\4.02.03\atkexComSvc.exe
Faulting module path: C:\Program Files (x86)\ASUS\AXSP\4.02.03\atkexComSvc.exe
Report Id: 8ef78166-fadd-44b4-8e44-0d4d350b69cd
Faulting package full name: 
Faulting package-relative application ID:

Error: (02/17/2022 03:46:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: atkexComSvc.exe, version: 1.0.0.1, time stamp: 0x6001030f
Faulting module name: atkexComSvc.exe, version: 1.0.0.1, time stamp: 0x6001030f
Exception code: 0xc0000005
Fault offset: 0x0001d352
Faulting process id: 0x9d8
Faulting application start time: 0x01d823d27c8a8ffa
Faulting application path: C:\Program Files (x86)\ASUS\AXSP\4.02.03\atkexComSvc.exe
Faulting module path: C:\Program Files (x86)\ASUS\AXSP\4.02.03\atkexComSvc.exe
Report Id: 37c50663-7bff-4a1c-aaaa-8ab20f35c455
Faulting package full name: 
Faulting package-relative application ID:

Error: (02/17/2022 03:16:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: atkexComSvc.exe, version: 1.0.0.1, time stamp: 0x6001030f
Faulting module name: atkexComSvc.exe, version: 1.0.0.1, time stamp: 0x6001030f
Exception code: 0xc0000005
Fault offset: 0x0001d352
Faulting process id: 0x9e4
Faulting application start time: 0x01d823ce5179cd6b
Faulting application path: C:\Program Files (x86)\ASUS\AXSP\4.02.03\atkexComSvc.exe
Faulting module path: C:\Program Files (x86)\ASUS\AXSP\4.02.03\atkexComSvc.exe
Report Id: 0a1d8d03-7f1b-4cd3-a8c4-3d05000823fe
Faulting package full name: 
Faulting package-relative application ID:

Error: (02/17/2022 03:13:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: atkexComSvc.exe, version: 1.0.0.1, time stamp: 0x6001030f
Faulting module name: atkexComSvc.exe, version: 1.0.0.1, time stamp: 0x6001030f
Exception code: 0xc0000005
Fault offset: 0x0001d352
Faulting process id: 0xa54
Faulting application start time: 0x01d823cdd2d78efc
Faulting application path: C:\Program Files (x86)\ASUS\AXSP\4.02.03\atkexComSvc.exe
Faulting module path: C:\Program Files (x86)\ASUS\AXSP\4.02.03\atkexComSvc.exe
Report Id: 358efa2c-0b4b-4350-98d8-67157338fbde
Faulting package full name: 
Faulting package-relative application ID:

Error: (02/17/2022 03:08:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: atkexComSvc.exe, version: 1.0.0.1, time stamp: 0x6001030f
Faulting module name: atkexComSvc.exe, version: 1.0.0.1, time stamp: 0x6001030f
Exception code: 0xc0000005
Fault offset: 0x0001d352
Faulting process id: 0xa04
Faulting application start time: 0x01d823cd278b407e
Faulting application path: C:\Program Files (x86)\ASUS\AXSP\4.02.03\atkexComSvc.exe
Faulting module path: C:\Program Files (x86)\ASUS\AXSP\4.02.03\atkexComSvc.exe
Report Id: c833e591-abfb-45b7-ab90-91834d761d0d
Faulting package full name: 
Faulting package-relative application ID:


System errors:
=============
Error: (02/17/2022 07:40:29 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{3F2793C5-1B23-4259-8D81-45B921D57BA6} because another computer on the network has the same name.  The server could not start.

Error: (02/17/2022 07:28:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the asComSvc service to connect.

Error: (02/17/2022 07:12:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the asComSvc service to connect.

Error: (02/17/2022 05:14:58 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (02/17/2022 05:14:58 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (02/17/2022 05:14:58 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (02/17/2022 05:14:56 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (02/17/2022 05:14:56 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2022-02-16 20:46:41
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-02-16 20:43:30
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-02-16 20:41:42
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0
Name: SettingsModifier:Win32/PossibleHostsFileHijack
Severity: Medium
Category: Settings Modifier
Path: file:_C:\Windows\System32\drivers\etc\hosts
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
Security intelligence Version: AV: 1.359.295.0, AS: 1.359.295.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.18900.3, NIS: 0.0.0.0

Date: 2022-02-16 20:35:29
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0
Name: SettingsModifier:Win32/PossibleHostsFileHijack
Severity: Medium
Category: Settings Modifier
Path: file:_C:\Windows\System32\drivers\etc\hosts
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
Security intelligence Version: AV: 1.359.295.0, AS: 1.359.295.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.18900.3, NIS: 0.0.0.0

Date: 2022-02-16 20:29:30
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0
Name: SettingsModifier:Win32/PossibleHostsFileHijack
Severity: Medium
Category: Settings Modifier
Path: file:_C:\Windows\System32\drivers\etc\hosts
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
Security intelligence Version: AV: 1.359.295.0, AS: 1.359.295.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.18900.3, NIS: 0.0.0.0
Event[0]

Date: 2022-02-17 15:18:25
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2022-02-17 15:12:08
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2022-02-16 21:08:27
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2022-02-16 13:09:42
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.359.274.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18900.3
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

CodeIntegrity:
===============
Date: 2022-02-17 08:03:40
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\fcon.dll because the set of per-page image hashes could not be found on the system.

Date: 2022-02-16 18:44:36
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2022-02-08 12:39:26
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.8-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\eppcom64.dll that did not meet the Microsoft signing level requirements.

Date: 2022-02-08 12:39:25
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\eppcom64.dll that did not meet the Windows signing level requirements.

Date: 2022-02-08 12:39:21
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\eppcom64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

BIOS: Insyde Corp. V1.16 01/18/2021
Motherboard: IL Sneezy_IL
Processor: Intel(R) Core(TM) i3-1005G1 CPU @ 1.20GHz
Percentage of memory in use: 46%
Total physical RAM: 12048.68 MB
Available physical RAM: 6461.34 MB
Total Virtual: 14608.68 MB
Available Virtual: 8189.24 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:118.13 GB) (Free:66.96 GB) NTFS
Drive d: (Data) (Fixed) (Total:931.51 GB) (Free:619.3 GB) NTFS

\\?\Volume{17ea6d1b-3d3e-42b8-8af0-8ab83359a0b7}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.35 GB) NTFS
\\?\Volume{b863c66d-68ad-4052-a45c-ffd0bb9e1b9e}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A6097235)

Partition: GPT.

==========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: A609720B)

Partition: GPT.

==================== End of Addition.txt =======================

and this is the ADWcleaner
 

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2022-02-03.4 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    02-17-2022
# Duration: 00:00:09
# OS:       Windows 10 Home Single Language
# Scanned:  32046
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [3386 octets] - [17/02/2022 16:00:21]
AdwCleaner[C00].txt - [3194 octets] - [17/02/2022 16:02:30]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
 

 

Link to post
Share on other sites

  • Root Admin

The network you're using to post should not matter as long as there are not cost issues for your mobile service plan.

Please ATTACH logs though. The forum does not always translate logs properly.

 

_mb_attach.jpg

 

 

Please run the following scan from Microsoft

 

Microsoft Safety Scanner

Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan.   
That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well
 

STEP 1

Please set File Explorer to SHOW ALL folders, all files, including hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

STEP 2

I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on the Scan Options & select the FULL scan.

Then start the scan. Have lots of patience. It may take several hours.

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on the screen display.  The only things that count are the End result at the end of the run.
  • The scan will take several hours.  Leave it alone. It will remove any other remaining threats as it goes along.  Take a very long break, do your normal personal errands .....just do not use the computer during this scan.

This is likely to run for many hours as previously mentioned  ( depending on the number of files on your machine & the speed of the hardware.)

The log is named MSERT.log  and the log will be at C:\Windows\debug\msert.log

Please attach that log with your next reply.

 

Thank you @IamDumb

 

Link to post
Share on other sites

and side question, can malware instantly get all your saved passwords because the first attack before running MB is that my discord started sending free discord nitro links to all of my friends

I watched and downloaded these files as a joke 

https://www.youtube.com/watch?v=W7yqjLhl0TU&list=LL&index=3&ab_channel=TOPFILM

https://www.youtube.com/watch?v=wkMgl3JqoVY&list=LL&index=2&ab_channel=SonicVlog


 

Link to post
Share on other sites

  • Root Admin

Please go into Control Panel, Programs, Programs and Features and uninstall the following program

CCleaner (computer experts no longer recommend the use of this program)
 

 

Your DNS Servers: 192.168.18.37

Please consider changing your default DNS Server settings. Please choose one provider only

DNS is what lets users connect to websites using domain names instead of IP addresses

  • Google Public DNS: IPv4   8.8.8.8 and 8.8.4.4   IPv6   2001:4860:4860::8888 and 2001:4860:4860::8844
  • Cloudflare: IPv4   1.1.1.1 and 1.0.0.1   IPv6   2606:4700:4700::1111 and 2606:4700:4700::1001
  • OpenDNS: IPv4   208.67.222.222 and 208.67.220.220  IPv6  2620:119:35::35 and 2620:119:53::53
  • DNSWATCH: IPv4   84.200.69.80 and 84.200.70.40   IPv6  2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b

The Ultimate Guide to Changing Your DNS Server
https://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/

Here is a YouTube video on Changing DNS settings if needed

 

 

Unrelated to malware, but you appear to have some type of device that is not running correctly. Do you need help with setting this up?

Name: HD User Facing
Description: USB Video Device
Class Guid: {ca3e7ab9-b4c3-4ae6-8251-579ef933890f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

 

Please follow the directions from the following topic to clean Google Chrome

 

Thank you

 

Link to post
Share on other sites

  • Root Admin

After you've run the items above please go ahead and run the following fix. @IamDumb

 

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

NOTE-3: As part of this fix it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites

  • Root Admin

No, when you run the Malwarebytes scanner while cleaning Google Chrome just a Quick Threat Scan

It will probably already come up clean. But you have a lot of items there in Google Chrome so it needs some maintenance at least.

Then run the FIX with Farbar

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.