Jump to content


Photo

Would you please look into my pc

Started by ChildofGod , Jul 02 2020 12:33 PM

  • Please log in to reply
7 replies to this topic

#1 ChildofGod

ChildofGod

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 02 July 2020 - 12:33 PM

Follow up to the other post i made. Was instructed to make a new post here. After completely rebooting windows 10 on my computer and resetting everything i do have suspicions the spyware or rat is still there. I factory reset my android phone aswell but i have suspicions it is still on there aswell. It is a clever stalker I have.

 

 

Related topic: https://www.spywarei...o-infect-again/


Edited by Indrid_Cold, 02 July 2020 - 04:07 PM.

#2 ChildofGod

ChildofGod

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 02 July 2020 - 12:41 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-06-2020
Ran by evenh (02-07-2020 20:28:35)
Running from C:\Users\evenh\Downloads
Windows 10 Home Version 1903 18362.900 (X64) (2020-06-29 06:33:54)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3886806719-3405671801-1433105814-500 - Administrator - Disabled)
evenh (S-1-5-21-3886806719-3405671801-1433105814-1001 - Administrator - Enabled) => C:\Users\evenh
Gjest (S-1-5-21-3886806719-3405671801-1433105814-501 - Limited - Disabled)
Standardkonto (S-1-5-21-3886806719-3405671801-1433105814-503 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3886806719-3405671801-1433105814-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Dolby Audio X2 Windows API SDK (HKLM\...\{D71C6AB2-AFD5-49A3-846D-0345319A0CC9}) (Version: 0.7.4.63 - Dolby Laboratories, Inc.) Hidden
Dolby Audio X2 Windows API SDK (HKLM\...\{F290F786-5F69-48D4-B20B-D21C7DE56EF0}) (Version: 0.8.8.88 - Dolby Laboratories, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.116 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{226be6c3-8e08-4d52-bd3a-d361008448c5}) (Version: 10.1.1.37 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4526 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{544ecb18-5d76-44bb-ac33-8d06719e39e7}) (Version: 19.20.0 - Intel Corporation)
Lenovo On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.80.50 - Lenovo) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.18 - Lenovo) Hidden
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.069.02 - Lenovo)
Malwarebytes version 4.1.2.73 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.2.73 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 83.0.478.58 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.129.31 - )
Microsoft OneDrive (HKU\S-1-5-21-3886806719-3405671801-1433105814-1001\...\OneDriveSetup.exe) (Version: 20.084.0426.0007 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
 
Packages:
=========
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.10.5.0_x86__kgqvnymyfvs32 [2020-06-29] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.39.4.0_x86__kgqvnymyfvs32 [2020-06-29] (king.com)
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2020-06-29] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2006.30.0_x64__k1h2ywk1493x8 [2020-06-29] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft Studios) [MS Ad]
MSN Vær -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-06-29] (Microsoft Corporation) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0 [2020-06-29] (Spotify AB) [Startup Task]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-07-02] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0153954129ec80b6\igfxDTCM.dll [2020-02-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-07-02] (Malwarebytes Corporation -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2020-06-28 23:38 - 2020-04-05 18:36 - 001343488 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\SQLite.Interop.dll
2020-06-28 23:38 - 2020-04-09 09:17 - 000944840 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 13:47 - 2016-07-16 13:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

#3 ChildofGod

ChildofGod

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 02 July 2020 - 12:41 PM

2020-06-28 23:46 - 2020-07-01 07:15 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-06-28 23:46 - 2020-07-01 07:15 - 000000000 ____D C:\WINDOWS\system32\Com
2020-06-28 23:46 - 2020-07-01 07:15 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-06-28 23:46 - 2020-07-01 07:15 - 000000000 ____D C:\WINDOWS\IME
2020-06-28 23:46 - 2020-07-01 07:15 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2020-06-28 23:46 - 2020-07-01 07:15 - 000000000 ____D C:\Program Files\Windows Defender
2020-06-28 23:46 - 2020-07-01 07:15 - 000000000 ____D C:\Program Files\Common Files\System
2020-06-28 23:46 - 2020-07-01 07:15 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2020-06-28 23:46 - 2020-07-01 07:15 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-06-28 23:46 - 2020-06-30 23:42 - 000000000 ___HD C:\Program Files\WindowsApps
2020-06-28 23:46 - 2020-06-29 08:35 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2020-06-28 23:46 - 2020-06-29 08:34 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2020-06-28 23:46 - 2020-06-29 08:33 - 000000000 __RSD C:\WINDOWS\Media
2020-06-28 23:46 - 2020-06-29 08:33 - 000000000 ____D C:\WINDOWS\Registration
2020-06-28 23:46 - 2020-06-29 08:33 - 000000000 ____D C:\Program Files\Windows NT
2020-06-28 23:46 - 2020-06-29 08:32 - 000000000 ____D C:\WINDOWS\system32\spool
2020-06-28 23:46 - 2020-06-29 08:31 - 000000000 ____D C:\WINDOWS\Resources
2020-06-28 23:46 - 2020-06-29 08:31 - 000000000 ____D C:\WINDOWS\Help
2020-06-28 23:46 - 2020-06-29 08:28 - 000000000 ___RD C:\WINDOWS\PrintDialog
2020-06-28 23:46 - 2020-06-29 03:48 - 000000000 ____D C:\WINDOWS\appcompat
2020-06-28 23:46 - 2020-06-29 01:00 - 000000000 ___RD C:\Program Files (x86)
2020-06-28 23:46 - 2020-06-29 00:09 - 000000000 ____D C:\WINDOWS\ServiceState
2020-06-28 23:46 - 2020-06-28 23:59 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2020-06-28 23:46 - 2020-06-28 23:51 - 000000000 ____D C:\WINDOWS\SystemResources
2020-06-28 23:46 - 2020-06-28 23:50 - 000000000 ____D C:\Users\evenh\AppData\Local\Lenovo
2020-06-28 23:46 - 2020-06-28 23:48 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2020-06-28 23:46 - 2020-06-28 23:48 - 000000000 ____D C:\WINDOWS\system32\setup
2020-06-28 23:46 - 2020-06-28 23:48 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 __SHD C:\Program Files\Windows Sidebar
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 __RHD C:\Users\Public\Libraries
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ___SD C:\WINDOWS\system32\UNP
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ___SD C:\WINDOWS\system32\Nui
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\WaaS
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\Vss
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\tracing
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\TextInput
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\TAPI
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\SystemApps
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\winevt
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\ti-et
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\ta-lk
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\ta-in
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\si-lk
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\ras
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\osa-Osge-001
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\my-mm
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\Keywords
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\IME
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\icsxml
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\ias
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\Hydrogen
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\ff-Adlm-SN
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\DriverState
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\downlevel
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\DDFs
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\am-et
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\System
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\SKB
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\ShellComponents
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\security
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\schemas
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\SchCache
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\rescache
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\Provisioning
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\PLA
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\Performance
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\ModemLogs
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\L2Schemas
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\InputMethod
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\IdentityCRL
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\Globalization
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\DiagTrack
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\Cursors
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\Containers
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\Branding
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\WINDOWS\addins
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\ProgramData\USOShared
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\Program Files\Windows Security
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\Program Files\Windows Portable Devices
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\Program Files\ModifiableWindowsApps
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\Program Files\Common Files\Services
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\Program Files (x86)\Windows NT
2020-06-28 23:46 - 2020-06-28 23:46 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2020-06-28 23:46 - 2020-06-28 23:44 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2020-06-28 23:46 - 2020-06-28 23:44 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2020-06-28 23:46 - 2020-06-28 23:44 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2020-06-28 23:46 - 2020-06-28 23:44 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2020-06-28 23:46 - 2020-06-28 23:44 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2020-06-28 23:46 - 2020-06-28 23:44 - 000018903 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2020-06-28 23:46 - 2020-06-28 23:44 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2020-06-28 23:46 - 2020-06-28 23:44 - 000003103 _____ C:\WINDOWS\SysWOW64\mmc.exe.config
2020-06-28 23:46 - 2020-06-28 23:44 - 000003103 _____ C:\WINDOWS\system32\mmc.exe.config
2020-06-28 23:46 - 2020-06-28 23:44 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2020-06-28 23:46 - 2020-06-28 23:44 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2020-06-28 23:46 - 2020-06-28 23:44 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2020-06-28 23:46 - 2020-06-28 23:42 - 000000000 ____D C:\ProgramData\USOPrivate
2020-06-28 23:46 - 2017-03-25 04:52 - 000000000 ____D C:\WINDOWS\Web
2020-06-28 23:45 - 2020-07-02 20:27 - 000000000 ____D C:\WINDOWS\INF
2020-06-28 23:45 - 2020-06-29 00:10 - 000000000 ____D C:\ProgramData\Packages
2020-06-28 23:45 - 2020-06-29 00:06 - 000000000 ____D C:\Users\evenh\AppData\Local\Publishers
2020-06-28 23:44 - 2020-07-02 10:38 - 000000000 ____D C:\Users\evenh\AppData\Local\VirtualStore
2020-06-28 23:44 - 2020-06-29 15:24 - 000000000 __SHD C:\Users\evenh\IntelGraphicsProfiles
2020-06-28 23:44 - 2020-06-29 15:24 - 000000000 ____D C:\Users\evenh\AppData\Local\ConnectedDevicesPlatform
2020-06-28 23:44 - 2020-06-29 01:45 - 000000000 ____D C:\Users\evenh\AppData\Local\Packages
2020-06-28 23:44 - 2020-06-28 23:45 - 000000000 ____D C:\Users\evenh\AppData\Local\Intel
2020-06-28 23:44 - 2020-06-28 23:44 - 000003542 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-06-28 23:44 - 2020-06-28 23:44 - 000003448 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d64ddecea11d38
2020-06-28 23:44 - 2020-06-28 23:44 - 000000000 ___RD C:\Users\evenh\3D Objects
2020-06-28 23:44 - 2020-06-28 23:44 - 000000000 ____D C:\Users\evenh\AppData\Roaming\Intel
2020-06-28 23:44 - 2020-06-28 23:44 - 000000000 ____D C:\Users\evenh\AppData\Roaming\Adobe
2020-06-28 23:44 - 2020-06-28 23:44 - 000000000 ____D C:\Users\evenh\AppData\LocalLow\Intel
2020-06-28 23:42 - 2020-06-28 23:48 - 000002380 _____ C:\Users\evenh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

#4 ChildofGod

ChildofGod

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 02 July 2020 - 12:42 PM

Result of Security Analysis by Rocket Grannie (x86) Updated: 04th, June 2020
Running from:C:\Users\evenh\Downloads (20:29:17 - 07/02/2020)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled
Internet Explorer 11
Default Browser: Google Chrome
***------------Antivirus - Antispyware - Firewall-----------***
Windows Defender (Disabled - up to Date)
Malwarebytes (Enabled - up to Date)
Windows Defender (Enabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI is not installed
Google Chrome (83.0.4103.116)
Malwarebytes (4.1.2.73)
 
***----------------Analysis Complete-------------------------***

#5 ChildofGod

ChildofGod

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 02 July 2020 - 12:43 PM

Malwarebytes
www.malwarebytes.com
 
-Loggdetaljer-
Skannedato: 02.07.2020
Skanneklokkeslett: 20:20
Loggfil: a868763a-bc90-11ea-b9d1-a81e8476a251.json
 
-Programvareinformasjon-
Versjon: 4.1.2.73
Komponentversjon: 1.0.972
Oppdater pakkeversjon: 1.0.26303
Lisens: Prøveversjon
 
-Systeminformasjon-
OS: Windows 10 (Build 18362.900)
CPU: x64
Filsystem: NTFS
Bruker: LAPTOP-TOBUB4HB\evenh
 
-Skanneoppsummering-
Skannetype: Skanning av trusler
Skann startet av: Manuelt
Resultat: Fullført
Skannede objekter: 266133
Registrerte trusler: 0
Trusler satt i karantene: 0
Forløpt tid: 3 min, 26 sek
 
-Skannealternativer-
Minne: Aktivert
Oppstart: Aktivert
Filsystem: Aktivert
Arkiver: Aktivert
Rootkits: Aktivert
Heurestikk: Aktivert
PUP: Oppdag
PUM: Oppdag
 
-Skannedetaljer-
Prosess: 0
(Ingen skadelig programvare registrert)
 
Modul: 0
(Ingen skadelig programvare registrert)
 
Registernøkkel: 0
(Ingen skadelig programvare registrert)
 
Registerverdi: 0
(Ingen skadelig programvare registrert)
 
Registerdata: 0
(Ingen skadelig programvare registrert)
 
Dataflyt: 0
(Ingen skadelig programvare registrert)
 
Mappe: 0
(Ingen skadelig programvare registrert)
 
Fil: 0
(Ingen skadelig programvare registrert)
 
Fysisk sektor: 0
(Ingen skadelig programvare registrert)
 
WMI: 0
(Ingen skadelig programvare registrert)
 
 
(end)

#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,420 posts

Posted 04 July 2020 - 04:40 AM

Hi
I'm nasdaq
 
If you still need help please follow the directives on how to run the Farbar program.
Run the program again and wait as it may be self updating.
I suggest you attach  both logs.
 
 
Download the Farbar Recovery Scan Tool (FRST).
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png
 
Attach the file(s). A 2 Steps process.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach. <- Step 1.
Click Attach this file. <- Step 2.
Click the Add reply button.
 
Please post the logs  for my review.
 
Let me know what problems persists.
 
Wait for further instructions
 
p.s.
This program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
You should restore the program from the Quarantine folder.
====

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#7 ChildofGod

ChildofGod

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 04 July 2020 - 07:02 AM

I tried initally to attach the files but the frst one was too big. It said it only allowed 74kb. Now it allows 100 but the frst file is 120kb


#8 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,420 posts

Posted 05 July 2020 - 04:49 AM

HI,
 
If you can Zip both files and attach them.
 
If not possible open your FRST.TXT log with NotePad and delete all the lines after this title.
 
==================== One month (created) ===================
 
Save the File.
 
The paste the all the line to your next reply.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760
Back to Malware Removal


  1. SpywareInfo Forum
  2. Spyware, thiefware, browser hijackers, and other advertising parasites
  3. Malware Removal
  4. Privacy Policy
Member of UNITE
Support SpywareInfo Forum - click the button