I think I might be infected, I'm not sure exactly of the symptoms and problems however.

Collapse
X
Collapse
 
  • Page of 4
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 template Next
  • skeller1
    PCHF Member
    • Feb 2024
    • 25
    #1

    I think I might be infected, I'm not sure exactly of the symptoms and problems however.

    I have recently downloaded a GD modding tool called geode SDK. While many say that it is safe, I have noticed a lot of features running in the past (widgets are almost always open, phonelink all the time), many problem reports (around 1 a day near time I log on) since the day of install. I have also noticed random strings in the recent changes in my bios which I have never seen before. All scans come up clean but I’m not too sure. Also, system is using a lot of Disk while indexing, I know that’s normal but it says its paused? Nothing comes up as suspicious in autoruns or procexp. I have only noticed more crashes and blue screens (still not a lot). Also there is an unknown account in my registry with random symbols.
    Tags: None
    • veeg
      PCHF Director
      • Jul 2016
      • 8978
      #2
      Hello

      Let me tag our expert..

      @Malnutrition

        Comment

        • Malnutrition
          PCHF Moderator
          • Jul 2016
          • 7041
          #3
          Please post FRST and Addition.txt logs. Instructions below.

          [HEADING=2]Information - [Prework] Please Read Before Posting[/HEADING]

            Comment

            • skeller1
              PCHF Member
              • Feb 2024
              • 25
              #4
              Here are logs requested.

              If any cracked software is located on the PC it is not to my knowledge, I am willing to remove it if discovered -from the rules above.

                Comment

                • skeller1
                  PCHF Member
                  • Feb 2024
                  • 25
                  #5
                  If this turns out to be a highly advanced virus - capable of spreading through the internet/local networking, should I be concerned about the other computers on the network.

                    Comment

                    • skeller1
                      PCHF Member
                      • Feb 2024
                      • 25
                      #6
                      I know I shouldn’t be looking for solutions on my own while requesting help, but I updated drivers - gpu - bluetooth - etc. main one being Bios got updated by windows - PC feels much faster uploading new logs after driver updates soon.

                        Comment

                        • skeller1
                          PCHF Member
                          • Feb 2024
                          • 25
                          #7
                          Updated Logs

                            Comment

                            • skeller1
                              PCHF Member
                              • Feb 2024
                              • 25
                              #8
                              Is there a way to remove a post?

                                Comment

                                • Malnutrition
                                  PCHF Moderator
                                  • Jul 2016
                                  • 7041
                                  #9
                                  I am almost home about one hour, I’ll take a look

                                    Comment

                                    • skeller1
                                      PCHF Member
                                      • Feb 2024
                                      • 25
                                      #10
                                      Thanks in advance! So far I think I’m good

                                        Comment

                                        • Malnutrition
                                          PCHF Moderator
                                          • Jul 2016
                                          • 7041
                                          #11
                                          There is one user ahead of you. Expect a reply to your thread in a couple hours max.

                                            Comment

                                            • skeller1
                                              PCHF Member
                                              • Feb 2024
                                              • 25
                                              #12
                                              Okay, problem, i accidentally disabled my mouse driver using autoruns - waiting on system restore point.

                                                Comment

                                                • Malnutrition
                                                  PCHF Moderator
                                                  • Jul 2016
                                                  • 7041
                                                  #13
                                                  Copy the content of the code box below.
                                                  [COLOR=rgb(184, 49, 47)]Do not copy the word code!!!
                                                  Right Click FRST and run as Administrator.
                                                  Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
                                                  Attach it to your next message.
                                                  Code:
                                                  start::
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {849D9653-A72B-47AE-A5DC-F85A865F5AF1} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem124.0.6315.0{04924188-BFB1-4855-A608-E443B1A4A74C} => C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
CHR Extension: (GoGuardian License) - C:\Users\leuma\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eegbmflcfolipjhkofnodgnkolcibdmn [2022-09-18] [UpdateUrl:hxxp://goguardian.com/licenses/update.php] <==== ATTENTION
CHR Extension: (GoGuardian) - C:\Users\leuma\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\haldlgldplgnggkjaafhelgiaglafanh [2024-02-21] [UpdateUrl:hxxps://ext.goguardian.com/stable.xml] <==== ATTENTION
S2 GoogleUpdaterInternalService124.0.6315.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION
S2 GoogleUpdaterService124.0.6315.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION
S3 cpuz154; \??\C:\WINDOWS\temp\cpuz154\cpuz154_x64.sys [X] <==== ATTENTION
Task: {4B0583A7-D267-4B48-B31E-23719C41A604} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe  (No File)
Task: {DD5F13DD-1CA3-4818-9A42-1B259A35736E} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{E8E8DED3-1948-4126-BCC3-2BD484C21E1C} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe  /ua /installsource scheduler (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2137828512-2473441878-3475286344-1001\...\Run: [] => [X]
S3 cpuz154; \??\C:\WINDOWS\temp\cpuz154\cpuz154_x64.sys [X] <==== ATTENTION
S3 equ8_helper; \??\C:\WINDOWS\system32\DRIVERS\equ8_helper.sys [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
BootExecute: autocheck autochk *
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{986cdb5f-0396-4d6e-ae48-07adb455aa1a}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{986cdb5f-0396-4d6e-ae48-07adb455aa1a}: [DhcpDomain] home
Tcpip\..\Interfaces\{bd415625-2877-4107-88a0-b58f5b18cb26}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{bd415625-2877-4107-88a0-b58f5b18cb26}: [DhcpDomain] home
Tcpip\..\Interfaces\{bd415625-2877-4107-88a0-b58f5b18cb26}\960786F6E6560213130237: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{bd415625-2877-4107-88a0-b58f5b18cb26}\B4F45484C45425F55374548545: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{bd415625-2877-4107-88a0-b58f5b18cb26}\B4F45484C45425F55374548545: [DhcpDomain] home
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
2024-02-28 19:19 - 2024-02-28 19:20 - 000000000 ____D C:\ProgramData\NortonRnR
2024-02-28 19:10 - 2024-02-28 19:10 - 000000000 ____D C:\ProgramData\Norton
2024-02-28 17:55 - 2024-02-28 17:55 - 000000000 ____D C:\Program Files\Common Files\Avast Software
ShortcutWithArgument: C:\Users\leuma\OneDrive\Desktop\Sgkoehler - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\leuma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\NWEA Secure Testing.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 1" --app-id=omkghcboodpimaoimdkmigofhjcpmpeb
ShortcutWithArgument: C:\Users\leuma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 1" --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf
ShortcutWithArgument: C:\Users\leuma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 1" --app-id=kefjledonklijopmnomlcbpllchaibag
ShortcutWithArgument: C:\Users\leuma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube (1).lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 1" --app-id=agimnkijcaahngcdmfeangaknmldooml
ShortcutWithArgument: C:\Users\leuma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Zoom.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 1" --app-id=hmbjbjdpkobdjplfobhljndfdfdipjhg
ShortcutWithArgument: C:\Users\leuma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Samuel (pcsdny.org) - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
AlternateDataStreams: C:\ProgramData\agent.1707882884.bdinstall.v2.bin:5E2CFC1D0E [5170]
AlternateDataStreams: C:\ProgramData\agent.uninstall.1707944391.bdinstall.v2.bin:D06885BE25 [5170]
AlternateDataStreams: C:\ProgramData\cl.1707882935.bdinstall.v2.bin:18A6DF2911 [5170]
AlternateDataStreams: C:\ProgramData\cl.kit.1707882932.bdinstall.v2.bin:D1E9703777 [5170]
AlternateDataStreams: C:\ProgramData\cl.uninstall.1707885032.bdinstall.v2.bin:6CF27840B9 [5170]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [5170]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [5170]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2019.lnk:6569B2479D [5170]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [5170]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [5170]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [5170]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk:C5D586BE93 [5170]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [5170]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [5170]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk:104946E0EA [5170]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019.lnk:7A8AE192A6 [5170]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk:C2E9D79AC5 [5170]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk:7AD7FA8AB1 [5170]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [4042]
2022-09-16 22:40 - 2024-02-21 11:53 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2023-06-10 10:47 - 2023-10-25 16:14 - 000000435 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
172.21.16.1 SamsPC.mshome.net # 2028 10 1 23 21 14 25 492
Hosts:
\leuma\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe => No File
FirewallRules: [TCP Query User{E28F5BA8-D505-4F57-9E36-E85BC0B79097}C:\users\leuma\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\leuma\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe => No File
FirewallRules: [UDP Query User{659BF5D6-9E5F-4F8F-9485-BFC8D98DCFCC}C:\program files (x86)\call of duty\_retail_\cod.exe] => (Allow) C:\program files (x86)\call of duty\_retail_\cod.exe => No File
FirewallRules: [TCP Query User{9DC64836-D451-4B2C-A8E1-90E7D6C3FB72}C:\program files (x86)\call of duty\_retail_\cod.exe] => (Allow) C:\program files (x86)\call of duty\_retail_\cod.exe => No File
FirewallRules: [UDP Query User{926D645C-D394-431B-8755-7E3048F770CC}C:\program files (x86)\steam\steamapps\common\one-armed cook\oac\binaries\win64\oac.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\one-armed cook\oac\binaries\win64\oac.exe => No File
FirewallRules: [TCP Query User{DC94B065-C37F-4918-BD29-E116DF19601C}C:\program files (x86)\steam\steamapps\common\one-armed cook\oac\binaries\win64\oac.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\one-armed cook\oac\binaries\win64\oac.exe => No File
FirewallRules: [UDP Query User{49CD6EC4-496F-4CC2-A486-0B7108B85154}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [TCP Query User{95CA5247-0A4A-41DB-98ED-E39068E97E9D}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [{04A26CE4-2D72-4691-BF6E-0AB829402107}] => (Allow) C:\Users\leuma\AppData\Local\Packages\B9ECED6F.ArmouryCrate_qmba6cd70vzyy\LocalState\GridUpdateFile\ASUSGCDriverUpdateClient.exe => No File
FirewallRules: [TCP Query User{B8745214-6D67-4179-ADD8-D9860BC1569D}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s1.0.0.1pc_c7441957_d1592481_s50764_52750213\2733897110\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s1.0.0.1pc_c7441957_d1592481_s50764_52750213\2733897110\rainbowsix.exe => No File
FirewallRules: [UDP Query User{C7D1E4EF-1D96-45E4-9359-1A243063CEF3}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s1.0.0.1pc_c7441957_d1592481_s50764_52750213\2733897110\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s1.0.0.1pc_c7441957_d1592481_s50764_52750213\2733897110\rainbowsix.exe => No File
FirewallRules: [TCP Query User{77683B2E-E445-4828-8434-6B08F8D22A3A}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s1.1.0_c7457292_d1594789_s50878_52944494\3907774934\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s1.1.0_c7457292_d1594789_s50878_52944494\3907774934\rainbowsix.exe => No File
FirewallRules: [UDP Query User{142E39F0-566A-4F8E-B097-3C390446C218}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s1.1.0_c7457292_d1594789_s50878_52944494\3907774934\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s1.1.0_c7457292_d1594789_s50878_52944494\3907774934\rainbowsix.exe => No File
FirewallRules: [{A8730ED6-0EBA-48F2-AD7F-B91F04CD90FD}] => (Allow) C:\Program Files\Unity Hub\Unity Hub.exe => No File
FirewallRules: [{A8730ED6-0EBA-48F2-AD7F-B91F04CD90FD}] => (Allow) C:\Program Files\Unity Hub\Unity Hub.exe => No File
FirewallRules: [TCP Query User{5A1ACE64-56D2-4933-9177-70B0D3222263}C:\program files\unity hub\unity hub.exe] => (Allow) C:\program files\unity hub\unity hub.exe => No File
FirewallRules: [UDP Query User{46E9C7B4-2EC4-4EA5-8C76-541D9BBF543F}C:\program files\unity hub\unity hub.exe] => (Allow) C:\program files\unity hub\unity hub.exe => No File
\leuma\appdata\local\ubisoft\r6siege\y8s1.1.0.1pc_c7483627_d1598026_s50996_53580025\3694708263\rainbowsix.exe => No File
FirewallRules: [UDP Query User{5F3F8C02-90AF-4F0C-956D-789068D70787}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s1.1.0.1pc_c7483627_d1598026_s50996_53580025\3694708263\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s1.1.0.1pc_c7483627_d1598026_s50996_53580025\3694708263\rainbowsix.exe => No File
FirewallRules: [{C0DBDFDC-B9B3-44B5-805A-CFA0E65E1CEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MrMine\win-unpacked\Mr.Mine.exe => No File
FirewallRules: [{7F6D3718-E233-4912-B9D6-AE7FA47164F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MrMine\win-unpacked\Mr.Mine.exe => No File
FirewallRules: [{C84E7B3F-44DA-41DB-8B3F-51C3FE6C0DBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{6734C6B1-2CD9-4F2F-9733-2D4C2685F2F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [TCP Query User{14D83773-3345-4011-9C9D-B13CAA613426}C:\users\leuma\appdata\local\discord\app-1.0.9012\discord.exe] => (Allow) C:\users\leuma\appdata\local\discord\app-1.0.9012\discord.exe => No File
FirewallRules: [UDP Query User{BE434046-6A9B-4F26-97BC-91E2CF63C157}C:\users\leuma\appdata\local\discord\app-1.0.9012\discord.exe] => (Allow) C:\users\leuma\appdata\local\discord\app-1.0.9012\discord.exe => No File
FirewallRules: [TCP Query User{60124DAE-22FE-4FC9-AD06-F501EB9DB388}C:\users\leuma\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\leuma\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [UDP Query User{B2731647-79E8-4882-A4BF-BC8DD86900B8}C:\users\leuma\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\leuma\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [TCP Query User{2A726339-DADC-41A9-8914-6B3B9BC11D58}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.0.0_c7601998_d1623946_s51910_56423089\2462180076\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.0.0_c7601998_d1623946_s51910_56423089\2462180076\rainbowsix.exe => No File
FirewallRules: [UDP Query User{85E330CC-19FE-49F8-A773-C5D5B6FEFBC3}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.0.0_c7601998_d1623946_s51910_56423089\2462180076\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.0.0_c7601998_d1623946_s51910_56423089\2462180076\rainbowsix.exe => No File
FirewallRules: [TCP Query User{575F6A8A-9C8C-488F-AF8A-11002F5882E8}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe => No File
FirewallRules: [UDP Query User{D4316D56-7658-4545-A65B-CB8D1433E67E}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe => No File
FirewallRules: [TCP Query User{575F6A8A-9C8C-488F-AF8A-11002F5882E8}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe => No File
FirewallRules: [UDP Query User{D4316D56-7658-4545-A65B-CB8D1433E67E}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe => No File
FirewallRules: [TCP Query User{5EEE811C-F88A-4388-A1B0-5DBB04A629FC}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.2.0_c7655632_d1634063_s52436_57712329\3636891513\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.2.0_c7655632_d1634063_s52436_57712329\3636891513\rainbowsix.exe => No File
FirewallRules: [UDP Query User{49149CAC-625C-4A05-B674-3D56178ED4BA}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.2.0_c7655632_d1634063_s52436_57712329\3636891513\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.2.0_c7655632_d1634063_s52436_57712329\3636891513\rainbowsix.exe => No File
FirewallRules: [TCP Query User{9C151E71-D0A6-4B5E-8C2F-128CB9CAC648}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe => No File
FirewallRules: [UDP Query User{26604220-F4D2-4AE7-A28A-76610442F305}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe => No File
FirewallRules: [TCP Query User{91A44749-FD1E-4078-82A5-587ACE30CAD7}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.3.0_c7675263_d1637483_s52558_58222837\638688133\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.3.0_c7675263_d1637483_s52558_58222837\638688133\rainbowsix.exe => No File
FirewallRules: [UDP Query User{BF0B4B22-D9F5-4BC9-9021-5119A61B841B}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.3.0_c7675263_d1637483_s52558_58222837\638688133\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.3.0_c7675263_d1637483_s52558_58222837\638688133\rainbowsix.exe => No File
FirewallRules: [TCP Query User{AF4B9D4E-D254-4F6D-B37D-0F616E98A83F}C:\program files\epic games\roguecompany\roguecompany\binaries\win64\roguecompany.exe] => (Allow) C:\program files\epic games\roguecompany\roguecompany\binaries\win64\roguecompany.exe => No File
FirewallRules: [UDP Query User{BA24413C-6511-436D-A5ED-C8D673A005C6}C:\program files\epic games\roguecompany\roguecompany\binaries\win64\roguecompany.exe] => (Allow) C:\program files\epic games\roguecompany\roguecompany\binaries\win64\roguecompany.exe => No File
FirewallRules: [TCP Query User{2DBA6CAD-9A5C-4CC3-B89D-D581F6C10530}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.3.0.1_c7694411_d1804656_s52750_58816277\2781265655\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.3.0.1_c7694411_d1804656_s52750_58816277\2781265655\rainbowsix.exe => No File
FirewallRules: [UDP Query User{ADDA16A8-E359-48B9-BC8E-BC5E45F7F8DB}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.3.0.1_c7694411_d1804656_s52750_58816277\2781265655\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.3.0.1_c7694411_d1804656_s52750_58816277\2781265655\rainbowsix.exe => No File
FirewallRules: [TCP Query User{F09D4F96-D233-4BB1-A67A-851CF21AD523}C:\users\leuma\appdata\local\discord\app-1.0.9015\discord.exe] => (Allow) C:\users\leuma\appdata\local\discord\app-1.0.9015\discord.exe => No File
FirewallRules: [UDP Query User{784188FA-7749-4620-BAC7-A22C9B062B5B}C:\users\leuma\appdata\local\discord\app-1.0.9015\discord.exe] => (Allow) C:\users\leuma\appdata\local\discord\app-1.0.9015\discord.exe => No File
FirewallRules: [{B49B1399-FE8B-4C1E-A35D-C1E868420A6C}] => (Allow) C:\users\leuma\appdata\local\discord\app-1.0.9012\discord.exe => No File
FirewallRules: [{7D152524-1A6D-4A2F-AA69-C2EE9FF9B15D}] => (Allow) C:\users\leuma\appdata\local\discord\app-1.0.9012\discord.exe => No File
FirewallRules: [{BA8583A8-8EAB-4345-8212-DA7C1B14550C}] => (Allow) C:\users\leuma\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [{E2B583DE-92FD-4D34-91C9-6A2936D950B2}] => (Allow) C:\users\leuma\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [{AFCEDB9F-686D-4E35-ADE6-544AEB2CFAFB}] => (Allow) C:\users\leuma\appdata\local\discord\app-1.0.9015\discord.exe => No File
FirewallRules: [{57368575-EE64-43EF-8DA3-0CAB198CE090}] => (Allow) C:\users\leuma\appdata\local\discord\app-1.0.9015\discord.exe => No File
FirewallRules: [TCP Query User{3990A5CE-24C1-48D7-AB73-CA7FBB72385F}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.3.0.1_c7718154_d1809049_s52750_59407467\3902465399\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.3.0.1_c7718154_d1809049_s52750_59407467\3902465399\rainbowsix.exe => No File
FirewallRules: [UDP Query User{4987A66C-BA24-4631-B6D0-CAAF575D9C26}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.3.0.1_c7718154_d1809049_s52750_59407467\3902465399\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.3.0.1_c7718154_d1809049_s52750_59407467\3902465399\rainbowsix.exe => No File
FirewallRules: [{E3C6AC95-164A-44DD-B2FB-73943E0B8E5A}] => (Allow) C:\Users\leuma\AppData\Local\Roblox\Versions\RobloxStudioLauncherBeta.exe => No File
FirewallRules: [{9FA16884-6917-4045-B279-E9F31C9C11B6}] => (Allow) C:\Users\leuma\AppData\Local\Roblox\Versions\RobloxStudioLauncherBeta.exe => No File
FirewallRules: [{C2C275F4-E06C-4416-9B9A-FE8055436F0A}] => (Allow) C:\Users\leuma\AppData\Local\Roblox\Versions\RobloxStudioLauncherBeta.exe => No File
FirewallRules: [{7450C8AD-6146-43E0-B460-FFD83CA88122}] => (Allow) C:\Users\leuma\AppData\Local\Roblox\Versions\RobloxStudioLauncherBeta.exe => No File
FirewallRules: [{CEEBDAF5-4EC2-4AC8-8A4D-A4D7D0F7F1E4}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{41AE1359-372E-4388-BFB2-002B94319952}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{8F0154FB-701E-4C1D-8F6D-E2376E9F1070}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File
FirewallRules: [{6B458BE4-08F1-4231-BB66-CDCE3F1959D5}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe => No File
FirewallRules: [{0A910373-817A-409E-B47C-42C57F2C1402}] => (Allow) C:\Program Files\reWASD\reWASDEngine.exe => No File
FirewallRules: [{B118F2D8-5419-4434-BE70-63A94C3EABCC}] => (Allow) C:\Program Files\reWASD\reWASDEngine.exe => No File
FirewallRules: [{E429C0A7-EFE7-4706-BF6B-FCB7B944E8B0}] => (Allow) C:\Program Files\reWASD\reWASD.exe => No File
FirewallRules: [{09B64F60-81FA-4ED5-8D74-44D657EE83F7}] => (Allow) C:\Program Files\reWASD\reWASD.exe => No File
FirewallRules: [{BAA354D9-C9D4-4D39-9F05-A34F3FE7C2C0}] => (Allow) LPort=35474
FirewallRules: [{DD719352-C504-420D-BBB7-1A7317A83044}] => (Allow) LPort=35475
FirewallRules: [{B0B0AA8F-8533-4C6E-B2D7-1609B0504309}] => (Allow) LPort=35476
FirewallRules: [{DBA95B23-5DEE-49FA-A9A6-796FEE54D0D7}] => (Allow) LPort=36474
FirewallRules: [{79A6F233-1E0B-41EF-97DA-E4028531CD3C}] => (Allow) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe => No File
CMD: del /f /s /q %windir%\prefetch\*.*
CMD: del /s /q C:\Windows\SoftwareDistribution\download\*.*
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
Cmd: NETSH winsock reset catalog
Cmd: NETSH int ipv4 reset reset.log
Cmd: NETSH int ipv6 reset reset.log
Cmd: ipconfig /release
Cmd: ipconfig /renew
Cmd: ipconfig /flushdns
Cmd: ipconfig /registerdns
Cmd: bitsadmin /reset /allusers
Cmd: Winmgmt /salvagerepository
Cmd: Winmgmt /resetrepository
Cmd: Winmgmt /resyncperf
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
emptytemp:
Reboot:
End::


                                                  Adware Cleaner

                                                  [ul]
                                                  [li]Download AdwCleaner and save it to your Desktop[/li][li]Right-click on AdwCleaner.exeand select, Run as Administrator[/li][li]Accept the EULA (I accept), then click on Scan Now[/li][li]Let the scan complete[/li][li]Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Quarantine and delete.[/li][li]Once the cleaning process is complete, AdwCleaner will ask you to restart your computer[/li][li]Close all other open windows and allow it to restart[/li][li]After the restart, Notepad will open with the AdwCleaner cleaning log[/li][li]Please Attach the contents of that log into your next reply to me[/li][/ul]
                                                  [/COLOR]

                                                    Comment

                                                    • Malnutrition
                                                      PCHF Moderator
                                                      • Jul 2016
                                                      • 7041
                                                      #14
                                                      You have remnants of Bitdefender , Norton, Avast.

                                                      Run the removal tools.

                                                      Antivirus Removal Tool
                                                      https://antivirus-removal-tool.com/
                                                      Antivirus Removal Tool (freeware) is a portable program to detect and completely remove antivirus software. It will help you to identify current and past installations, and it will provide you with the official specialized uninstallers. These are designed by the manufacturers of the antivirus programs to completely delete all files, drivers, services, and registry records





                                                      Once you have completed all task, and posted requested logs, please let me know how things are and post fresh FRST and Addition.txt logs for review please.

                                                        Comment

                                                        • skeller1
                                                          PCHF Member
                                                          • Feb 2024
                                                          • 25
                                                          #15
                                                          What do i do with the copied text?

                                                            Comment

                                                            Previous 1 2 3 4 template Next
                                                            Working...

                                                              We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                                                              By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                                                              I Agree