Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Have Malware, Virus etc unsure what type [Closed]

Started by blackmama , Jul 02 2021 04:06 PM

  • This topic is locked This topic is locked

#1
blackmama
Posted 02 July 2021 - 04:06 PM

blackmama

    New Member

  • Member
  • Pip
  • 3 posts

I have some sort of Virus Malware etc on my laptop.  I noticed after lending the laptop out to someone for 5 mins that she had downloaded a csv file with all my saved passwords on it.  I can see in Network devises there is an XBOX and something called a TwonkyWonky server which are definitely not mine.  As my son uses my old icloud account his phone was also hacked and his girlfriends also.  My neighbor is my best friend and my Microsoft account is on her computer her laptop and my phone seem to have something on it.  Even as I write this twice with no input from me my post is highlighted and deleted so I have had to copy and paste as I go. I have run every antiMalware, anti virus that I can think of and installed numerous clean Windows 10.  I have even changed the hard drive 4x to no avail.  I am hoping you can help please?  TIA I have run Farber see below thank u so much I was about to chuck this laptop away.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-07-2021
Ran by hotoo (administrator) on HELZCOMPUTER (LENOVO 3369A62) (03-07-2021 06:22:38)
Running from C:\Users\hotoo\Downloads
Loaded Profiles: hotoo
Platform: Windows 10 Home Version 21H1 19043.1081 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft OneDrive\21.109.0530.0001\FileCoAuth.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowsstore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CloudExperienceHostBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msinfo32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <10>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-289658593-2826232128-3048907409-1001\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1976184 2021-07-02] (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {83495084-EB43-44C6-AF0D-91FDEDFC676E} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-23] (Mozilla Corporation -> Mozilla Foundation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{9d9da3ca-fcce-4754-99e0-bcff502e81e6}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge Profile: C:\Users\hotoo\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-03]

FireFox:
========
FF DefaultProfile: at99ql4x.default
FF ProfilePath: C:\Users\hotoo\AppData\Roaming\Mozilla\Firefox\Profiles\at99ql4x.default [2021-07-02]
FF ProfilePath: C:\Users\hotoo\AppData\Roaming\Mozilla\Firefox\Profiles\evtn2hlr.default-release [2021-07-03]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\21.109.0530.0001\FileSyncHelper.exe [2262904 2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\21.109.0530.0001\OneDriveUpdaterService.exe [2728312 2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746688 2021-04-28] (Oracle Corporation -> Oracle Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [239616 2021-04-28] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [249536 2021-04-28] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-03 15:32 - 2021-07-03 05:03 - 072089600 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-07-03 15:09 - 2021-07-03 15:09 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-07-03 14:01 - 2021-07-03 14:01 - 000000000 ___RD C:\Users\hotoo\3D Objects
2021-07-03 14:01 - 2021-07-03 14:01 - 000000000 ____D C:\Users\hotoo\AppData\Roaming\Adobe
2021-07-03 14:01 - 2021-07-03 14:01 - 000000000 ____D C:\Users\hotoo\AppData\Local\VirtualStore
2021-07-03 14:01 - 2021-07-03 14:01 - 000000000 ____D C:\Users\hotoo\AppData\Local\Publishers
2021-07-03 14:01 - 2021-07-03 05:26 - 000000000 __SHD C:\Users\hotoo\IntelGraphicsProfiles
2021-07-03 14:01 - 2021-07-02 23:34 - 000000000 ____D C:\Users\hotoo\AppData\Local\Packages
2021-07-03 14:01 - 2021-07-02 22:18 - 000000000 ____D C:\ProgramData\Packages
2021-07-03 14:01 - 2021-07-02 21:04 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-07-03 14:00 - 2021-07-03 14:00 - 000000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-07-03 14:00 - 2021-07-02 21:35 - 000000000 ____D C:\Users\hotoo\AppData\Local\ConnectedDevicesPlatform
2021-07-03 13:57 - 2021-07-03 13:57 - 000000020 ___SH C:\Users\hotoo\ntuser.ini
2021-07-03 13:57 - 2021-07-03 04:44 - 000000000 ____D C:\Users\hotoo
2021-07-03 12:37 - 2021-07-03 05:08 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-07-03 12:34 - 2021-07-03 12:34 - 000000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2021-07-03 12:32 - 2021-07-03 12:32 - 000000000 _SHDL C:\Users\Default User
2021-07-03 12:32 - 2021-07-03 12:32 - 000000000 _SHDL C:\Users\All Users
2021-07-03 12:32 - 2021-07-03 12:32 - 000000000 _SHDL C:\Documents and Settings
2021-07-03 12:25 - 2021-07-02 22:21 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-07-03 12:25 - 2021-07-02 22:21 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-07-03 12:25 - 2021-07-02 22:21 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-07-03 12:24 - 2021-07-03 12:24 - 000000000 ____D C:\Program Files\Intel
2021-07-03 12:24 - 2021-07-03 12:24 - 000000000 ____D C:\Intel
2021-07-03 12:24 - 2015-07-30 22:45 - 000072688 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2021-07-03 12:24 - 2015-07-30 22:45 - 000069104 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2021-07-03 12:21 - 2021-07-03 12:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-07-03 12:21 - 2021-07-03 05:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-07-03 12:20 - 2021-07-03 12:20 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-07-03 12:20 - 2021-07-03 04:36 - 000258688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-07-03 12:20 - 2021-07-03 04:12 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-07-03 12:20 - 2021-07-02 21:43 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-03 06:17 - 2021-07-03 06:20 - 000020893 _____ C:\Users\hotoo\Downloads\Addition.txt
2021-07-03 06:07 - 2021-07-03 06:25 - 000005484 _____ C:\Users\hotoo\Downloads\FRST.txt
2021-07-03 06:05 - 2021-07-03 06:24 - 000000000 ____D C:\FRST
2021-07-03 06:03 - 2021-07-03 06:03 - 000001149 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2021-07-03 06:03 - 2021-07-03 06:03 - 000001149 _____ C:\ProgramData\Desktop\Oracle VM VirtualBox.lnk
2021-07-03 06:03 - 2021-07-03 06:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2021-07-03 06:03 - 2021-07-03 06:03 - 000000000 ____D C:\Program Files\Oracle
2021-07-03 06:03 - 2021-04-28 14:27 - 000187648 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2021-07-03 06:03 - 2021-04-28 14:26 - 001038080 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2021-07-03 06:01 - 2021-07-03 06:02 - 002300416 _____ (Farbar) C:\Users\hotoo\Downloads\FRST64.exe
2021-07-03 05:52 - 2021-07-03 06:00 - 261515264 _____ C:\Users\hotoo\Downloads\kali-linux-2021.2-installer-amd64.iso
2021-07-03 05:50 - 2021-07-03 05:50 - 108114104 _____ (Oracle Corporation) C:\Users\hotoo\Downloads\VirtualBox-6.1.22-144080-Win.exe
2021-07-03 04:38 - 2021-07-03 04:38 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-07-03 04:38 - 2021-07-03 04:38 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-07-03 04:10 - 2021-07-03 04:10 - 000000000 ____D C:\Users\hotoo\AppData\Local\Sysinternals
2021-07-03 04:08 - 2021-07-03 04:08 - 001029520 _____ (Sysinternals - www.sysinternals.com) C:\Users\hotoo\Downloads\Tcpview.exe
2021-07-03 04:07 - 2021-07-03 04:07 - 001801526 _____ C:\Users\hotoo\Downloads\TCPView.zip
2021-07-03 03:27 - 2021-07-03 03:27 - 000000000 ____D C:\Users\hotoo\AppData\Local\ElevatedDiagnostics
2021-07-03 01:27 - 2021-07-03 01:27 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-07-03 01:25 - 2021-07-03 01:25 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-07-03 01:24 - 2021-07-03 01:24 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-07-03 01:24 - 2021-07-03 01:24 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-07-03 01:24 - 2021-07-03 01:24 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-07-03 01:23 - 2021-07-03 01:23 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-07-03 01:23 - 2021-07-03 01:23 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll
2021-07-03 01:23 - 2021-07-03 01:23 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-07-03 01:23 - 2021-07-03 01:23 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-07-03 01:22 - 2021-07-03 01:22 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-07-03 01:22 - 2021-07-03 01:22 - 000011333 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-07-03 01:20 - 2021-07-03 01:20 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-07-03 01:20 - 2021-07-03 01:20 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-07-03 01:19 - 2021-07-03 01:19 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-07-03 01:19 - 2021-07-03 01:19 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-07-03 01:19 - 2021-07-03 01:19 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-07-03 01:16 - 2021-07-03 01:16 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-07-03 01:16 - 2021-07-03 01:16 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-07-03 01:16 - 2021-07-03 01:16 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-07-03 01:15 - 2021-07-03 01:15 - 000097792 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-07-03 01:14 - 2021-07-03 01:14 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-07-03 01:14 - 2021-07-03 01:14 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-07-03 01:14 - 2021-07-03 01:14 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-07-03 01:13 - 2021-07-03 01:13 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-07-03 01:13 - 2021-07-03 01:13 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-07-03 01:12 - 2021-07-03 01:12 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-07-03 01:12 - 2021-07-03 01:12 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-07-03 01:12 - 2021-07-03 01:12 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-07-03 00:17 - 2021-07-03 00:17 - 000000000 ____D C:\Users\hotoo\Documents\Security
2021-07-02 23:46 - 2021-07-02 23:46 - 000000164 _____ C:\Users\hotoo\Documents\share.txt
2021-07-02 23:36 - 2021-07-02 23:36 - 000000000 ____D C:\Users\hotoo\Documents\VlcpVideoV1.0.1
2021-07-02 23:32 - 2021-07-02 23:32 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-07-02 23:22 - 2021-07-02 23:22 - 000000000 ____D C:\Users\hotoo\AppData\Local\Comms
2021-07-02 22:50 - 2021-07-02 22:50 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-07-02 22:50 - 2021-07-02 22:50 - 000000000 ___RD C:\Users\Default\OneDrive
2021-07-02 22:50 - 2021-07-02 22:50 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2021-07-02 22:30 - 2021-07-02 22:30 - 000000000 ____D C:\Users\hotoo\AppData\Local\OneDrive
2021-07-02 22:00 - 2021-07-02 22:03 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-07-02 21:55 - 2021-07-03 05:27 - 000000000 ____D C:\Users\hotoo\AppData\LocalLow\Mozilla
2021-07-02 21:55 - 2021-07-02 21:55 - 000000000 ____D C:\Users\hotoo\AppData\Roaming\Mozilla
2021-07-02 21:55 - 2021-07-02 21:55 - 000000000 ____D C:\Users\hotoo\AppData\Local\Mozilla
2021-07-02 21:52 - 2021-07-03 05:28 - 000000000 ___RD C:\Users\hotoo\OneDrive
2021-07-02 21:51 - 2021-07-02 23:20 - 000000000 ____D C:\Users\hotoo\AppData\Local\PlaceholderTileLogoFolder
2021-07-02 21:51 - 2021-07-02 21:51 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-07-02 21:51 - 2021-07-02 21:51 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2021-07-02 21:51 - 2021-07-02 21:51 - 000000993 _____ C:\ProgramData\Desktop\Firefox.lnk
2021-07-02 21:51 - 2021-07-02 21:51 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-07-02 21:50 - 2021-07-03 05:28 - 000000000 ____D C:\ProgramData\Mozilla
2021-07-02 21:50 - 2021-07-02 21:51 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-07-02 21:50 - 2021-07-02 21:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-07-02 21:49 - 2021-07-02 21:50 - 055526992 _____ (Mozilla) C:\Users\hotoo\Downloads\mozilla-firefox-89-0-2.exe
2021-07-02 21:39 - 2021-07-02 21:39 - 000000000 ___HD C:\$WinREAgent
2021-07-02 21:07 - 2021-07-02 21:07 - 000000000 ____D C:\Users\hotoo\Documents\FeedbackHub
2021-07-02 21:06 - 2021-07-02 21:06 - 000000000 ____D C:\Users\Public\Documents\MDMDiagnostics
2021-07-02 21:06 - 2021-07-02 21:06 - 000000000 ____D C:\ProgramData\Documents\MDMDiagnostics
2021-07-02 21:04 - 2021-07-02 21:04 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-06-22 00:38 - 2021-07-03 12:34 - 000000000 ____D C:\WINDOWS\Panther
2021-06-22 00:36 - 2021-06-22 00:36 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-06-22 00:35 - 2021-07-03 12:35 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2021-06-22 00:35 - 2021-07-03 04:20 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-06-22 00:35 - 2021-06-22 00:35 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2021-06-22 00:35 - 2021-06-22 00:35 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2021-06-22 00:35 - 2021-06-22 00:35 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2021-06-22 00:35 - 2021-06-22 00:35 - 000000000 ____D C:\WINDOWS\Setup
2021-06-22 00:35 - 2021-06-22 00:35 - 000000000 ____D C:\WINDOWS\OCR
2021-06-22 00:35 - 2021-06-22 00:35 - 000000000 ____D C:\WINDOWS\addins
2021-06-22 00:35 - 2021-06-22 00:35 - 000000000 ____D C:\ProgramData\ssh
2021-06-22 00:34 - 2021-06-22 00:34 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2021-06-22 00:34 - 2021-06-22 00:34 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2021-06-22 00:34 - 2021-06-22 00:34 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2021-06-22 00:34 - 2021-06-22 00:34 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2021-06-22 00:34 - 2021-06-22 00:34 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2021-06-22 00:34 - 2021-06-22 00:34 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2021-06-22 00:34 - 2021-06-22 00:34 - 000000000 ____D C:\WINDOWS\system32\winrm
2021-06-22 00:34 - 2021-06-22 00:34 - 000000000 ____D C:\WINDOWS\system32\WCN
2021-06-22 00:34 - 2021-06-22 00:34 - 000000000 ____D C:\WINDOWS\system32\slmgr
2021-06-22 00:34 - 2021-06-22 00:34 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2021-06-22 00:34 - 2021-06-22 00:34 - 000000000 ____D C:\WINDOWS\system32\0409
2021-06-22 00:34 - 2021-06-22 00:34 - 000000000 ____D C:\WINDOWS\DigitalLocker
2021-06-22 00:28 - 2021-07-03 13:53 - 000000000 ____D C:\ProgramData\USOPrivate
2021-06-22 00:28 - 2021-07-03 12:35 - 000000000 ____D C:\WINDOWS\system32\spool
2021-06-22 00:28 - 2021-07-03 12:23 - 000000000 ____D C:\WINDOWS\appcompat
2021-06-22 00:28 - 2021-07-03 05:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-06-22 00:28 - 2021-07-03 05:27 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-06-22 00:28 - 2021-07-03 05:26 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-06-22 00:28 - 2021-07-03 05:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-22 00:28 - 2021-07-03 04:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-06-22 00:28 - 2021-07-03 04:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-06-22 00:28 - 2021-07-03 04:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-06-22 00:28 - 2021-07-03 04:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-06-22 00:28 - 2021-07-03 04:22 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-06-22 00:28 - 2021-07-03 04:21 - 000000000 ____D C:\WINDOWS\SystemResources
2021-06-22 00:28 - 2021-07-03 04:21 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-06-22 00:28 - 2021-07-03 04:21 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-06-22 00:28 - 2021-07-03 04:20 - 000000000 ____D C:\WINDOWS\system32\setup
2021-06-22 00:28 - 2021-07-03 04:20 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-06-22 00:28 - 2021-07-03 04:20 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-06-22 00:28 - 2021-07-03 04:20 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-06-22 00:28 - 2021-07-03 04:17 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-06-22 00:28 - 2021-07-03 04:17 - 000000000 ____D C:\WINDOWS\Provisioning
2021-06-22 00:28 - 2021-07-03 04:17 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-06-22 00:28 - 2021-07-03 04:17 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-06-22 00:28 - 2021-07-03 04:17 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-06-22 00:28 - 2021-07-02 23:34 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-22 00:28 - 2021-07-02 22:50 - 000000000 ___RD C:\Program Files (x86)
2021-06-22 00:28 - 2021-07-02 22:20 - 000000000 ____D C:\WINDOWS\ServiceState
2021-06-22 00:28 - 2021-06-22 00:38 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-06-22 00:28 - 2021-06-22 00:35 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-06-22 00:28 - 2021-06-22 00:34 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-06-22 00:28 - 2021-06-22 00:34 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-06-22 00:28 - 2021-06-22 00:34 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-06-22 00:28 - 2021-06-22 00:34 - 000000000 ___SD C:\WINDOWS\system32\dsc
2021-06-22 00:28 - 2021-06-22 00:34 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-06-22 00:28 - 2021-06-22 00:34 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2021-06-22 00:28 - 2021-06-22 00:34 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-06-22 00:28 - 2021-06-22 00:34 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-06-22 00:28 - 2021-06-22 00:34 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-06-22 00:28 - 2021-06-22 00:34 - 000000000 ____D C:\WINDOWS\system32\MUI
2021-06-22 00:28 - 2021-06-22 00:34 - 000000000 ____D C:\WINDOWS\system32\Com
2021-06-22 00:28 - 2021-06-22 00:34 - 000000000 ____D C:\WINDOWS\IME
2021-06-22 00:28 - 2021-06-22 00:34 - 000000000 ____D C:\WINDOWS\Help
2021-06-22 00:28 - 2021-06-22 00:34 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-06-22 00:28 - 2021-06-22 00:34 - 000000000 ____D C:\Program Files\Windows NT
2021-06-22 00:28 - 2021-06-22 00:34 - 000000000 ____D C:\Program Files\Windows Defender
2021-06-22 00:28 - 2021-06-22 00:34 - 000000000 ____D C:\Program Files\Common Files\System
2021-06-22 00:28 - 2021-06-22 00:34 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-06-22 00:28 - 2021-06-22 00:34 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-06-22 00:28 - 2021-06-22 00:34 - 000000000 ____D C:\Program Files (x86)\Windows NT
2021-06-22 00:28 - 2021-06-22 00:34 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-06-22 00:28 - 2021-06-22 00:29 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2021-06-22 00:28 - 2021-06-22 00:29 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-06-22 00:28 - 2021-06-22 00:29 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2021-06-22 00:28 - 2021-06-22 00:29 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-06-22 00:28 - 2021-06-22 00:29 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2021-06-22 00:28 - 2021-06-22 00:29 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2021-06-22 00:28 - 2021-06-22 00:29 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2021-06-22 00:28 - 2021-06-22 00:29 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 __SHD C:\Program Files\Windows Sidebar
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 __RSD C:\WINDOWS\Media
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 __RHD C:\Users\Public\Libraries
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ___SD C:\WINDOWS\system32\Nui
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\Web
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\WaaS
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\Vss
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\tracing
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\TAPI
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\SystemApps
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\winevt
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\ti-et
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\ta-lk
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\ta-in
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\si-lk
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\ras
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\osa-Osge-001
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\my-mm
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\IME
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\icsxml
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\ias
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\Hydrogen
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\ff-Adlm-SN
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\DriverState
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\downlevel
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\DDFs
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\ContainerSettingsProviders
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\am-et
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\System
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\SKB
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\security
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\schemas
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\SchCache
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\Resources
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\rescache
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\Registration
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\PLA
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\Performance
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\ModemLogs
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\L2Schemas
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\InputMethod
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\IdentityCRL
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\Globalization
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\ELAMBKUP
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\Cursors
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\Containers
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\Branding
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\ProgramData\USOShared
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\Program Files\Windows Security
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\Program Files\Windows Portable Devices
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\Program Files\ModifiableWindowsApps
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\Program Files\Common Files\Services
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2021-06-22 00:28 - 2021-06-22 00:28 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2021-06-22 00:28 - 2021-06-22 00:24 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2021-06-22 00:28 - 2021-06-22 00:24 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2021-06-22 00:28 - 2021-06-22 00:24 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-06-22 00:28 - 2021-06-22 00:24 - 000017635 _____ C:\WINDOWS\system32\Drivers\etc\services
2021-06-22 00:28 - 2021-06-22 00:24 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2021-06-22 00:28 - 2021-06-22 00:24 - 000003103 _____ C:\WINDOWS\SysWOW64\mmc.exe.config
2021-06-22 00:28 - 2021-06-22 00:24 - 000003103 _____ C:\WINDOWS\system32\mmc.exe.config
2021-06-22 00:28 - 2021-06-22 00:24 - 000001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2021-06-22 00:28 - 2021-06-22 00:24 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2021-06-22 00:28 - 2021-06-22 00:24 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2021-06-22 00:28 - 2021-06-22 00:24 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2021-06-22 00:28 - 2021-06-22 00:24 - 000000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2021-06-22 00:28 - 2021-06-22 00:24 - 000000219 _____ C:\WINDOWS\system.ini
2021-06-22 00:28 - 2021-06-22 00:24 - 000000092 _____ C:\WINDOWS\win.ini
2021-06-22 00:26 - 2021-07-03 06:20 - 000000000 ____D C:\WINDOWS\INF
2021-06-22 00:18 - 2021-07-03 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-06-22 00:15 - 2021-07-03 12:22 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-06-22 00:15 - 2021-07-03 05:03 - 011796480 _____ C:\WINDOWS\system32\config\SYSTEM
2021-06-22 00:15 - 2021-07-03 05:03 - 000524288 _____ C:\WINDOWS\system32\config\DEFAULT
2021-06-22 00:15 - 2021-07-03 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-06-22 00:15 - 2021-07-03 05:03 - 000131072 _____ C:\WINDOWS\system32\config\SAM
2021-06-22 00:15 - 2021-07-03 05:03 - 000065536 _____ C:\WINDOWS\system32\config\SECURITY
2021-06-22 00:15 - 2021-07-03 01:48 - 000000000 ____D C:\WINDOWS\servicing
2021-06-22 00:15 - 2021-06-22 00:28 - 000000000 ____D C:\WINDOWS\system32\SMI
2021-06-22 00:13 - 2021-06-22 00:39 - 000000000 ___HD C:\$SysReset

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)


==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-07-2021
Ran by hotoo (03-07-2021 06:27:53)
Running from C:\Users\hotoo\Downloads
Windows 10 Home Version 21H1 19043.1081 (X64) (2021-07-03 02:34:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-289658593-2826232128-3048907409-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-289658593-2826232128-3048907409-503 - Limited - Disabled)
defaultuser100000 (S-1-5-21-289658593-2826232128-3048907409-1006 - Limited - Enabled)
Guest (S-1-5-21-289658593-2826232128-3048907409-501 - Limited - Disabled)
hotoo (S-1-5-21-289658593-2826232128-3048907409-1001 - Administrator - Enabled) => C:\Users\hotoo
WDAGUtilityAccount (S-1-5-21-289658593-2826232128-3048907409-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.59 - Microsoft Corporation)
Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 21.109.0530.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Mozilla Firefox 89.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 89.0.2 (x64 en-US)) (Version: 89.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 89.0.2 - Mozilla)
Oracle VM VirtualBox 6.1.22 (HKLM\...\{573CC601-ED8D-450F-BE6F-A313DD77A4A0}) (Version: 6.1.22 - Oracle Corporation)

Packages:
=========
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-07-02] (Microsoft Corporation)
TranslucentTB -> C:\Program Files\WindowsApps\28017CharlesMilette.TranslucentTB_9.0.0.0_x86__v826wp6bftszj [2021-07-02] (Charles Milette) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.109.0530.0001\amd64\FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.109.0530.0001\amd64\FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.109.0530.0001\amd64\FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.109.0530.0001\amd64\FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.109.0530.0001\amd64\FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.109.0530.0001\amd64\FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.109.0530.0001\amd64\FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.109.0530.0001\amd64\FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.109.0530.0001\amd64\FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.109.0530.0001\amd64\FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.109.0530.0001\amd64\FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.109.0530.0001\amd64\FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.109.0530.0001\amd64\FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.109.0530.0001\amd64\FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.109.0530.0001\amd64\FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.109.0530.0001\amd64\FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.109.0530.0001\amd64\FileSyncShell64.dll [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-07-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-06-22 00:28 - 2021-06-22 00:24 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-289658593-2826232128-3048907409-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hotoo\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\logo.png
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{22A7707C-3248-4563-B12A-1FB928118D85}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{371D2680-E67B-4C15-A896-C553036FFBD2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{182EE3A6-23AA-42FC-B360-EA4B924569E2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2CAD70D4-0DD4-4123-9143-85A043749E01}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5478D4B6-4F48-4E2A-BAD9-920895D3D274}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{28E86BF1-668E-4916-8917-C5FB5B23AA18}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

==================== Restore Points =========================

03-07-2021 03:28:22 3jul

==================== Faulty Device Manager Devices ============

Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: BCM20702A0
Description: BCM20702A0
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (07/03/2021 05:04:39 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for [bleep]\HELZCOMPUTER$ via https://STM-KeyId-57...plates/Aik/scepfailed:

GetCACaps

Method: GET(78ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (07/03/2021 04:45:33 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for [bleep]\HELZCOMPUTER$ via https://STM-KeyId-57...plates/Aik/scepfailed:

GetCACaps

Method: GET(78ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (07/03/2021 04:37:21 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for [bleep]\HELZCOMPUTER$ via https://STM-KeyId-57...plates/Aik/scepfailed:

GetCACaps

Method: GET(1812ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (07/03/2021 03:28:14 AM) (Source: SPP) (EventID: 16389) (User: )
Description: Writer Shadow Copy Optimization Writer experienced retryable error during shadow copy creation. Retrying...

More info: .

Error: (07/03/2021 03:21:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.19041.1, time stamp: 0x95286d96
Faulting module name: KERNELBASE.dll, version: 10.0.19041.906, time stamp: 0x26452a2a
Exception code: 0x8007000e
Fault offset: 0x0012a6e2
Faulting process id: 0x19b0
Faulting application start time: 0x01d76f37e5a45734
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 7860e2be-e6d5-4980-9950-a969f0de6b4e
Faulting package full name:
Faulting package-relative application ID:

Error: (07/03/2021 01:43:24 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (07/03/2021 01:09:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WinStore.App.exe version 12104.1001.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1094

Start Time: 01d76f466c1ef2b0

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowsstore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe

Report Id: 19509656-00b6-47fc-8b27-c63befb45876

Faulting package full name: Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Hang type: Navigation

Error: (07/03/2021 01:56:07 PM) (Source: CertEnroll) (EventID: 87) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment for WORKGROUP\WIN-DF1G16I36EQ$ via https://STM-KeyId-57...plates/Aik/scepfailed:

SubmitDone
Submit(Request): Bad Request
{"Message":"Failed to parse SCEP request."}
HTTP/1.1 400 Bad Request
Date: Fri, 02 Jul 2021 10:56:19 GMT
Content-Length: 43
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 45c52591-abce-4cc0-8e0d-8e3917f57601

Method: POST(9438ms)
Stage: SubmitDone
Bad request (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST)


System errors:
=============
Error: (07/03/2021 06:04:30 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (07/03/2021 06:04:30 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (07/03/2021 06:04:30 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (07/03/2021 05:07:43 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Lenovo - Extension - 10/24/2018 12:00:00 AM - 1.0.1.0.

Error: (07/03/2021 04:34:05 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server Windows.Internal.StateRepository.ApplicationExtension did not register with DCOM within the required timeout.

Error: (07/03/2021 04:33:59 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 809) (User: NT AUTHORITY)
Description: Maintenance Scheduler Group Policy Settings are not properly specified for "Invalid registry keys". Default settings are being used.

Error: (07/03/2021 04:33:29 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:38:49 AM on ‎3/‎07/‎2021 was unexpected.

Error: (07/03/2021 02:15:36 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Encryption Provider Host Service service terminated with the following error:
An exception occurred in the service when handling the control request.


Windows Defender:
================
Date: 2021-07-02 23:40:17
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...84&enterprise=0
Name: Trojan:Win32/Vigorf.A
Severity: Severe
Category: Trojan
Path: file:_C:\Users\hotoo\OneDrive\Documents\VlcpVideoV1.0.1\jg6_6asg.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: AV: 1.343.233.0, AS: 1.343.233.0, NIS: 1.343.233.0
Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4

Date: 2021-07-02 23:40:14
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...84&enterprise=0
Name: Trojan:Win32/Vigorf.A
Severity: Severe
Category: Trojan
Path: file:_C:\Users\hotoo\OneDrive\Documents\VlcpVideoV1.0.1\jg6_6asg.exe; process:_pid:6500,ProcessStart:132697066144892195
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.343.233.0, AS: 1.343.233.0, NIS: 1.343.233.0
Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4

Date: 2021-07-02 23:39:00
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...84&enterprise=0
Name: Trojan:Win32/Vigorf.A
Severity: Severe
Category: Trojan
Path: file:_C:\Users\hotoo\OneDrive\Documents\VlcpVideoV1.0.1\jg6_6asg.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: AV: 1.343.233.0, AS: 1.343.233.0, NIS: 1.343.233.0
Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4

Date: 2021-07-02 23:37:08
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...84&enterprise=0
Name: Trojan:Win32/Vigorf.A
Severity: Severe
Category: Trojan
Path: file:_C:\Users\hotoo\OneDrive\Documents\VlcpVideoV1.0.1\jg6_6asg.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.343.233.0, AS: 1.343.233.0, NIS: 1.343.233.0
Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4

Date: 2021-07-02 21:07:50
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

==================== Memory info ===========================

BIOS: LENOVO G8ET90WW (2.50 ) 12/26/2012
Motherboard: LENOVO 3369A62
Processor: Intel® Core™ i3-3227U CPU @ 1.90GHz
Percentage of memory in use: 68%
Total physical RAM: 5988.22 MB
Available physical RAM: 1900.52 MB
Total Virtual: 7652.22 MB
Available Virtual: 3016.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:595.56 GB) (Free:563.16 GB) NTFS

\\?\Volume{505ee7a1-ad29-49cb-9827-7da3c113f39d}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{ce443e91-658d-4cae-84ed-b1508e4251c2}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 72129270)

Partition: GPT.

==================== End of Addition.txt =======================

Attached Files


  • 0

Advertisements

#2
DR M
Posted 03 July 2021 - 02:10 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,116 posts

Hi, blackmama.

(I would feel more comfortable if I could call you with your name.)

 

Since you are certain that someone had access to your saved passwords, the first thing you have to do is to change all your passwords (wifi/router, site, cloud, email and bank accounts etc.). Also reset your phone into factory settings and contact the Authorities. 

 

The logs above are clean from malware except from this which is detected by Windows Defender as a trojan: 

 

C:\Users\hotoo\OneDrive\Documents\VlcpVideoV1.0.1\jg6_6asg.exe

 

Go on and delete it manually, otherwise I'll give you a fix to remove it. 

 

Please let me know what are the actual issues regarding this computer right now. 


  • 0

#3
DR M
Posted 03 July 2021 - 02:57 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,116 posts

Hi, again.

 

Just noticed that you have opened a thread about the same issue here too: Have Malware, Virus etc unsure what type - Virus, Trojan, Spyware, and Malware Removal Help (bleepingcomputer.com)

 

Let me know which topic you would like to continue with. It is best to receive advice from one helper at a time, as instructions can conflict and cause problems.


  • 0

#4
blackmama
Posted 03 July 2021 - 05:12 AM

blackmama

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Hi sorry for late response this is 6th time trying - also Bleeping Computer said 3x it timed out when i tried to post so i tried here surprised to see that it posted - i have just attached files because when i try to copy and paste it locks up

 

Hi my name is Helen blackmama is my nickname in a loving way.  On my registry keys i Have a HKU that i deleted with Malwarebytes RootKit.  I have changed  all my passwords for everything also although im not very good with these kind of things I have learnt alot over the last few months.  There are files I cannot delete saying that Trusted Installer is the owner and I also have a lot of system 32 files.  I ran the Farbar again after the Malware Bytes Root Kit please see attached and copied and pasted.  I have had things happen like someone opened an Ad account with Google (this is all after I changed my passwords so changed again) i was locked out of my outlook for 2 months.  Weird things happen like while trying to write this or search something on the malware etc my cursor will just jump up a few lines.  This is the 3rd time typing all of this because the whole document was highlighted and deleted.  The same happens with my phone.  I did run cmd at one stage (had a document saved which has now disappeared) so am trying to recall from some written notes I have.  3 files kept coming up pagefile, sysfile and i think something called hiberfile???? I could not access any of them.  Also in my note book I have highlighted 8wekyb3d8bbwe??? and an error 0x9004020c.  Sorry prob not that helpful.  My main concern is the devices that show up on my network like the Twonkywonky server (this is mainly when I am at my friends house next door) today remembered the ip etc 192.169.0.0.1:9000 when I clicked on it just took me to a Twonkywoky page and I could not open the content on there it also shows and XBOX and a Samsung TV I own neither.  I have a lot of unknown devices in my device manager and my laptop is always showing that it needs troubleshooting to no resolve. I will screenshot all I can and put on a word document and attach.  At first I was thinking I may be paranoid (hoping in fact) but the more I learn the more I know things are not right.  Not sure if it is normal but my laptop name changes everytime I install a fresh version of Windows 10.  One file setupact.log was huge so I have just attached it and not copied and pasted.  I hope this makes sense to you at least but def something wrong with my registry keys and the devices just weird.  thank you in advance

Attached Files


  • 0

#5
blackmama
Posted 03 July 2021 - 05:17 AM

blackmama

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

here is the setup log file i hope it works as it is locking up my FF each time i try

Attached Files


  • 0

#6
DR M
Posted 03 July 2021 - 09:14 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,116 posts

Hi, Helen.

Since I see that you run by your self several tools, please take a deep breath and read the following :) :

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

 

===========================

 

Let's make some further investigation.

1. Run AdwCleaner

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

2. Run Malwarebytes

  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.

If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.

  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

In your next reply, please post:

  • The AdwCleaner[S0*].txt
  • The Malwarebytes report

  • 0

#7
DR M
Posted 05 July 2021 - 01:19 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,116 posts

Hi, Helen.

 

Any progress regarding the above? Do you need any assistance?


  • 0

#8
DR M
Posted 07 July 2021 - 03:12 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,116 posts

Due to lack of feedback, I'm closing this topic.

 

Helen, if you need it reopened, please send me a personal message (Hoover with the mouse on my profile name and choose Send message) with a link to the topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP