• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Solved I think I might be infected, I'm not sure exactly of the symptoms and problems however.

Status
Not open for further replies.
S

skeller1

PCHF Member
Feb 29, 2024
26
0
23
#1
I have recently downloaded a GD modding tool called geode SDK. While many say that it is safe, I have noticed a lot of features running in the past (widgets are almost always open, phonelink all the time), many problem reports (around 1 a day near time I log on) since the day of install. I have also noticed random strings in the recent changes in my bios which I have never seen before. All scans come up clean but I'm not too sure. Also, system is using a lot of Disk while indexing, I know that's normal but it says its paused? Nothing comes up as suspicious in autoruns or procexp. I have only noticed more crashes and blue screens (still not a lot). Also there is an unknown account in my registry with random symbols.
 
#4
Here are logs requested.

If any cracked software is located on the PC it is not to my knowledge, I am willing to remove it if discovered -from the rules above.
 

Attachments

  • FRST.txt
    61.7 KB · Views: 3
  • Addition.txt
    102.8 KB · Views: 0
#5
If this turns out to be a highly advanced virus - capable of spreading through the internet/local networking, should I be concerned about the other computers on the network.
 

Attachments

  • image_2024-02-29_154129292.png
    image_2024-02-29_154129292.png
    73.7 KB · Views: 5
#6
I know I shouldn't be looking for solutions on my own while requesting help, but I updated drivers - gpu - bluetooth - etc. main one being Bios got updated by windows - PC feels much faster uploading new logs after driver updates soon.
 
#13
Copy the content of the code box below.
Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.


Code: 
start::
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {849D9653-A72B-47AE-A5DC-F85A865F5AF1} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem124.0.6315.0{04924188-BFB1-4855-A608-E443B1A4A74C} => C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
CHR Extension: (GoGuardian License) - C:\Users\leuma\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eegbmflcfolipjhkofnodgnkolcibdmn [2022-09-18] [UpdateUrl:hxxp://goguardian.com/licenses/update.php] <==== ATTENTION
CHR Extension: (GoGuardian) - C:\Users\leuma\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\haldlgldplgnggkjaafhelgiaglafanh [2024-02-21] [UpdateUrl:hxxps://ext.goguardian.com/stable.xml] <==== ATTENTION
S2 GoogleUpdaterInternalService124.0.6315.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION
S2 GoogleUpdaterService124.0.6315.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION
S3 cpuz154; \??\C:\WINDOWS\temp\cpuz154\cpuz154_x64.sys [X] <==== ATTENTION
Task: {4B0583A7-D267-4B48-B31E-23719C41A604} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe  (No File)
Task: {DD5F13DD-1CA3-4818-9A42-1B259A35736E} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{E8E8DED3-1948-4126-BCC3-2BD484C21E1C} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe  /ua /installsource scheduler (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2137828512-2473441878-3475286344-1001\...\Run: [] => [X]
S3 cpuz154; \??\C:\WINDOWS\temp\cpuz154\cpuz154_x64.sys [X] <==== ATTENTION
S3 equ8_helper; \??\C:\WINDOWS\system32\DRIVERS\equ8_helper.sys [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
BootExecute: autocheck autochk *
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{986cdb5f-0396-4d6e-ae48-07adb455aa1a}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{986cdb5f-0396-4d6e-ae48-07adb455aa1a}: [DhcpDomain] home
Tcpip\..\Interfaces\{bd415625-2877-4107-88a0-b58f5b18cb26}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{bd415625-2877-4107-88a0-b58f5b18cb26}: [DhcpDomain] home
Tcpip\..\Interfaces\{bd415625-2877-4107-88a0-b58f5b18cb26}\960786F6E6560213130237: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{bd415625-2877-4107-88a0-b58f5b18cb26}\B4F45484C45425F55374548545: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{bd415625-2877-4107-88a0-b58f5b18cb26}\B4F45484C45425F55374548545: [DhcpDomain] home
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
2024-02-28 19:19 - 2024-02-28 19:20 - 000000000 ____D C:\ProgramData\NortonRnR
2024-02-28 19:10 - 2024-02-28 19:10 - 000000000 ____D C:\ProgramData\Norton
2024-02-28 17:55 - 2024-02-28 17:55 - 000000000 ____D C:\Program Files\Common Files\Avast Software
ShortcutWithArgument: C:\Users\leuma\OneDrive\Desktop\Sgkoehler - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\leuma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\NWEA Secure Testing.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 1" --app-id=omkghcboodpimaoimdkmigofhjcpmpeb
ShortcutWithArgument: C:\Users\leuma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 1" --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf
ShortcutWithArgument: C:\Users\leuma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 1" --app-id=kefjledonklijopmnomlcbpllchaibag
ShortcutWithArgument: C:\Users\leuma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube (1).lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 1" --app-id=agimnkijcaahngcdmfeangaknmldooml
ShortcutWithArgument: C:\Users\leuma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Zoom.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 1" --app-id=hmbjbjdpkobdjplfobhljndfdfdipjhg
ShortcutWithArgument: C:\Users\leuma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Samuel (pcsdny.org) - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
AlternateDataStreams: C:\ProgramData\agent.1707882884.bdinstall.v2.bin:5E2CFC1D0E [5170]
AlternateDataStreams: C:\ProgramData\agent.uninstall.1707944391.bdinstall.v2.bin:D06885BE25 [5170]
AlternateDataStreams: C:\ProgramData\cl.1707882935.bdinstall.v2.bin:18A6DF2911 [5170]
AlternateDataStreams: C:\ProgramData\cl.kit.1707882932.bdinstall.v2.bin:D1E9703777 [5170]
AlternateDataStreams: C:\ProgramData\cl.uninstall.1707885032.bdinstall.v2.bin:6CF27840B9 [5170]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [5170]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [5170]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2019.lnk:6569B2479D [5170]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [5170]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [5170]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [5170]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk:C5D586BE93 [5170]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [5170]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [5170]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk:104946E0EA [5170]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019.lnk:7A8AE192A6 [5170]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk:C2E9D79AC5 [5170]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk:7AD7FA8AB1 [5170]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [4042]
2022-09-16 22:40 - 2024-02-21 11:53 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2023-06-10 10:47 - 2023-10-25 16:14 - 000000435 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
172.21.16.1 SamsPC.mshome.net # 2028 10 1 23 21 14 25 492
Hosts:
\leuma\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe => No File
FirewallRules: [TCP Query User{E28F5BA8-D505-4F57-9E36-E85BC0B79097}C:\users\leuma\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\leuma\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe => No File
FirewallRules: [UDP Query User{659BF5D6-9E5F-4F8F-9485-BFC8D98DCFCC}C:\program files (x86)\call of duty\_retail_\cod.exe] => (Allow) C:\program files (x86)\call of duty\_retail_\cod.exe => No File
FirewallRules: [TCP Query User{9DC64836-D451-4B2C-A8E1-90E7D6C3FB72}C:\program files (x86)\call of duty\_retail_\cod.exe] => (Allow) C:\program files (x86)\call of duty\_retail_\cod.exe => No File
FirewallRules: [UDP Query User{926D645C-D394-431B-8755-7E3048F770CC}C:\program files (x86)\steam\steamapps\common\one-armed cook\oac\binaries\win64\oac.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\one-armed cook\oac\binaries\win64\oac.exe => No File
FirewallRules: [TCP Query User{DC94B065-C37F-4918-BD29-E116DF19601C}C:\program files (x86)\steam\steamapps\common\one-armed cook\oac\binaries\win64\oac.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\one-armed cook\oac\binaries\win64\oac.exe => No File
FirewallRules: [UDP Query User{49CD6EC4-496F-4CC2-A486-0B7108B85154}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [TCP Query User{95CA5247-0A4A-41DB-98ED-E39068E97E9D}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [{04A26CE4-2D72-4691-BF6E-0AB829402107}] => (Allow) C:\Users\leuma\AppData\Local\Packages\B9ECED6F.ArmouryCrate_qmba6cd70vzyy\LocalState\GridUpdateFile\ASUSGCDriverUpdateClient.exe => No File
FirewallRules: [TCP Query User{B8745214-6D67-4179-ADD8-D9860BC1569D}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s1.0.0.1pc_c7441957_d1592481_s50764_52750213\2733897110\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s1.0.0.1pc_c7441957_d1592481_s50764_52750213\2733897110\rainbowsix.exe => No File
FirewallRules: [UDP Query User{C7D1E4EF-1D96-45E4-9359-1A243063CEF3}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s1.0.0.1pc_c7441957_d1592481_s50764_52750213\2733897110\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s1.0.0.1pc_c7441957_d1592481_s50764_52750213\2733897110\rainbowsix.exe => No File
FirewallRules: [TCP Query User{77683B2E-E445-4828-8434-6B08F8D22A3A}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s1.1.0_c7457292_d1594789_s50878_52944494\3907774934\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s1.1.0_c7457292_d1594789_s50878_52944494\3907774934\rainbowsix.exe => No File
FirewallRules: [UDP Query User{142E39F0-566A-4F8E-B097-3C390446C218}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s1.1.0_c7457292_d1594789_s50878_52944494\3907774934\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s1.1.0_c7457292_d1594789_s50878_52944494\3907774934\rainbowsix.exe => No File
FirewallRules: [{A8730ED6-0EBA-48F2-AD7F-B91F04CD90FD}] => (Allow) C:\Program Files\Unity Hub\Unity Hub.exe => No File
FirewallRules: [{A8730ED6-0EBA-48F2-AD7F-B91F04CD90FD}] => (Allow) C:\Program Files\Unity Hub\Unity Hub.exe => No File
FirewallRules: [TCP Query User{5A1ACE64-56D2-4933-9177-70B0D3222263}C:\program files\unity hub\unity hub.exe] => (Allow) C:\program files\unity hub\unity hub.exe => No File
FirewallRules: [UDP Query User{46E9C7B4-2EC4-4EA5-8C76-541D9BBF543F}C:\program files\unity hub\unity hub.exe] => (Allow) C:\program files\unity hub\unity hub.exe => No File
\leuma\appdata\local\ubisoft\r6siege\y8s1.1.0.1pc_c7483627_d1598026_s50996_53580025\3694708263\rainbowsix.exe => No File
FirewallRules: [UDP Query User{5F3F8C02-90AF-4F0C-956D-789068D70787}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s1.1.0.1pc_c7483627_d1598026_s50996_53580025\3694708263\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s1.1.0.1pc_c7483627_d1598026_s50996_53580025\3694708263\rainbowsix.exe => No File
FirewallRules: [{C0DBDFDC-B9B3-44B5-805A-CFA0E65E1CEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MrMine\win-unpacked\Mr.Mine.exe => No File
FirewallRules: [{7F6D3718-E233-4912-B9D6-AE7FA47164F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MrMine\win-unpacked\Mr.Mine.exe => No File
FirewallRules: [{C84E7B3F-44DA-41DB-8B3F-51C3FE6C0DBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{6734C6B1-2CD9-4F2F-9733-2D4C2685F2F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [TCP Query User{14D83773-3345-4011-9C9D-B13CAA613426}C:\users\leuma\appdata\local\discord\app-1.0.9012\discord.exe] => (Allow) C:\users\leuma\appdata\local\discord\app-1.0.9012\discord.exe => No File
FirewallRules: [UDP Query User{BE434046-6A9B-4F26-97BC-91E2CF63C157}C:\users\leuma\appdata\local\discord\app-1.0.9012\discord.exe] => (Allow) C:\users\leuma\appdata\local\discord\app-1.0.9012\discord.exe => No File
FirewallRules: [TCP Query User{60124DAE-22FE-4FC9-AD06-F501EB9DB388}C:\users\leuma\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\leuma\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [UDP Query User{B2731647-79E8-4882-A4BF-BC8DD86900B8}C:\users\leuma\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\leuma\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [TCP Query User{2A726339-DADC-41A9-8914-6B3B9BC11D58}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.0.0_c7601998_d1623946_s51910_56423089\2462180076\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.0.0_c7601998_d1623946_s51910_56423089\2462180076\rainbowsix.exe => No File
FirewallRules: [UDP Query User{85E330CC-19FE-49F8-A773-C5D5B6FEFBC3}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.0.0_c7601998_d1623946_s51910_56423089\2462180076\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.0.0_c7601998_d1623946_s51910_56423089\2462180076\rainbowsix.exe => No File
FirewallRules: [TCP Query User{575F6A8A-9C8C-488F-AF8A-11002F5882E8}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe => No File
FirewallRules: [UDP Query User{D4316D56-7658-4545-A65B-CB8D1433E67E}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe => No File
FirewallRules: [TCP Query User{575F6A8A-9C8C-488F-AF8A-11002F5882E8}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe => No File
FirewallRules: [UDP Query User{D4316D56-7658-4545-A65B-CB8D1433E67E}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe => No File
FirewallRules: [TCP Query User{5EEE811C-F88A-4388-A1B0-5DBB04A629FC}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.2.0_c7655632_d1634063_s52436_57712329\3636891513\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.2.0_c7655632_d1634063_s52436_57712329\3636891513\rainbowsix.exe => No File
FirewallRules: [UDP Query User{49149CAC-625C-4A05-B674-3D56178ED4BA}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.2.0_c7655632_d1634063_s52436_57712329\3636891513\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.2.0_c7655632_d1634063_s52436_57712329\3636891513\rainbowsix.exe => No File
FirewallRules: [TCP Query User{9C151E71-D0A6-4B5E-8C2F-128CB9CAC648}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe => No File
FirewallRules: [UDP Query User{26604220-F4D2-4AE7-A28A-76610442F305}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe => No File
FirewallRules: [TCP Query User{91A44749-FD1E-4078-82A5-587ACE30CAD7}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.3.0_c7675263_d1637483_s52558_58222837\638688133\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.3.0_c7675263_d1637483_s52558_58222837\638688133\rainbowsix.exe => No File
FirewallRules: [UDP Query User{BF0B4B22-D9F5-4BC9-9021-5119A61B841B}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.3.0_c7675263_d1637483_s52558_58222837\638688133\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.3.0_c7675263_d1637483_s52558_58222837\638688133\rainbowsix.exe => No File
FirewallRules: [TCP Query User{AF4B9D4E-D254-4F6D-B37D-0F616E98A83F}C:\program files\epic games\roguecompany\roguecompany\binaries\win64\roguecompany.exe] => (Allow) C:\program files\epic games\roguecompany\roguecompany\binaries\win64\roguecompany.exe => No File
FirewallRules: [UDP Query User{BA24413C-6511-436D-A5ED-C8D673A005C6}C:\program files\epic games\roguecompany\roguecompany\binaries\win64\roguecompany.exe] => (Allow) C:\program files\epic games\roguecompany\roguecompany\binaries\win64\roguecompany.exe => No File
FirewallRules: [TCP Query User{2DBA6CAD-9A5C-4CC3-B89D-D581F6C10530}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.3.0.1_c7694411_d1804656_s52750_58816277\2781265655\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.3.0.1_c7694411_d1804656_s52750_58816277\2781265655\rainbowsix.exe => No File
FirewallRules: [UDP Query User{ADDA16A8-E359-48B9-BC8E-BC5E45F7F8DB}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.3.0.1_c7694411_d1804656_s52750_58816277\2781265655\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.3.0.1_c7694411_d1804656_s52750_58816277\2781265655\rainbowsix.exe => No File
FirewallRules: [TCP Query User{F09D4F96-D233-4BB1-A67A-851CF21AD523}C:\users\leuma\appdata\local\discord\app-1.0.9015\discord.exe] => (Allow) C:\users\leuma\appdata\local\discord\app-1.0.9015\discord.exe => No File
FirewallRules: [UDP Query User{784188FA-7749-4620-BAC7-A22C9B062B5B}C:\users\leuma\appdata\local\discord\app-1.0.9015\discord.exe] => (Allow) C:\users\leuma\appdata\local\discord\app-1.0.9015\discord.exe => No File
FirewallRules: [{B49B1399-FE8B-4C1E-A35D-C1E868420A6C}] => (Allow) C:\users\leuma\appdata\local\discord\app-1.0.9012\discord.exe => No File
FirewallRules: [{7D152524-1A6D-4A2F-AA69-C2EE9FF9B15D}] => (Allow) C:\users\leuma\appdata\local\discord\app-1.0.9012\discord.exe => No File
FirewallRules: [{BA8583A8-8EAB-4345-8212-DA7C1B14550C}] => (Allow) C:\users\leuma\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [{E2B583DE-92FD-4D34-91C9-6A2936D950B2}] => (Allow) C:\users\leuma\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [{AFCEDB9F-686D-4E35-ADE6-544AEB2CFAFB}] => (Allow) C:\users\leuma\appdata\local\discord\app-1.0.9015\discord.exe => No File
FirewallRules: [{57368575-EE64-43EF-8DA3-0CAB198CE090}] => (Allow) C:\users\leuma\appdata\local\discord\app-1.0.9015\discord.exe => No File
FirewallRules: [TCP Query User{3990A5CE-24C1-48D7-AB73-CA7FBB72385F}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.3.0.1_c7718154_d1809049_s52750_59407467\3902465399\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.3.0.1_c7718154_d1809049_s52750_59407467\3902465399\rainbowsix.exe => No File
FirewallRules: [UDP Query User{4987A66C-BA24-4631-B6D0-CAAF575D9C26}C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.3.0.1_c7718154_d1809049_s52750_59407467\3902465399\rainbowsix.exe] => (Allow) C:\users\leuma\appdata\local\ubisoft\r6siege\y8s2.3.0.1_c7718154_d1809049_s52750_59407467\3902465399\rainbowsix.exe => No File
FirewallRules: [{E3C6AC95-164A-44DD-B2FB-73943E0B8E5A}] => (Allow) C:\Users\leuma\AppData\Local\Roblox\Versions\RobloxStudioLauncherBeta.exe => No File
FirewallRules: [{9FA16884-6917-4045-B279-E9F31C9C11B6}] => (Allow) C:\Users\leuma\AppData\Local\Roblox\Versions\RobloxStudioLauncherBeta.exe => No File
FirewallRules: [{C2C275F4-E06C-4416-9B9A-FE8055436F0A}] => (Allow) C:\Users\leuma\AppData\Local\Roblox\Versions\RobloxStudioLauncherBeta.exe => No File
FirewallRules: [{7450C8AD-6146-43E0-B460-FFD83CA88122}] => (Allow) C:\Users\leuma\AppData\Local\Roblox\Versions\RobloxStudioLauncherBeta.exe => No File
FirewallRules: [{CEEBDAF5-4EC2-4AC8-8A4D-A4D7D0F7F1E4}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{41AE1359-372E-4388-BFB2-002B94319952}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{8F0154FB-701E-4C1D-8F6D-E2376E9F1070}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File
FirewallRules: [{6B458BE4-08F1-4231-BB66-CDCE3F1959D5}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe => No File
FirewallRules: [{0A910373-817A-409E-B47C-42C57F2C1402}] => (Allow) C:\Program Files\reWASD\reWASDEngine.exe => No File
FirewallRules: [{B118F2D8-5419-4434-BE70-63A94C3EABCC}] => (Allow) C:\Program Files\reWASD\reWASDEngine.exe => No File
FirewallRules: [{E429C0A7-EFE7-4706-BF6B-FCB7B944E8B0}] => (Allow) C:\Program Files\reWASD\reWASD.exe => No File
FirewallRules: [{09B64F60-81FA-4ED5-8D74-44D657EE83F7}] => (Allow) C:\Program Files\reWASD\reWASD.exe => No File
FirewallRules: [{BAA354D9-C9D4-4D39-9F05-A34F3FE7C2C0}] => (Allow) LPort=35474
FirewallRules: [{DD719352-C504-420D-BBB7-1A7317A83044}] => (Allow) LPort=35475
FirewallRules: [{B0B0AA8F-8533-4C6E-B2D7-1609B0504309}] => (Allow) LPort=35476
FirewallRules: [{DBA95B23-5DEE-49FA-A9A6-796FEE54D0D7}] => (Allow) LPort=36474
FirewallRules: [{79A6F233-1E0B-41EF-97DA-E4028531CD3C}] => (Allow) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe => No File
CMD: del /f /s /q %windir%\prefetch\*.*
CMD: del /s /q C:\Windows\SoftwareDistribution\download\*.*
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
Cmd: NETSH winsock reset catalog
Cmd: NETSH int ipv4 reset reset.log
Cmd: NETSH int ipv6 reset reset.log
Cmd: ipconfig /release
Cmd: ipconfig /renew
Cmd: ipconfig /flushdns
Cmd: ipconfig /registerdns
Cmd: bitsadmin /reset /allusers
Cmd: Winmgmt /salvagerepository
Cmd: Winmgmt /resetrepository
Cmd: Winmgmt /resyncperf
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
emptytemp:
Reboot:
End::

Adware Cleaner


  • Download AdwCleaner and save it to your Desktop
  • Right-click on AdwCleaner.exeand select, Run as Administrator
  • Accept the EULA (I accept), then click on Scan Now
  • Let the scan complete
  • Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Quarantine and delete.
  • Once the cleaning process is complete, AdwCleaner will ask you to restart your computer
  • Close all other open windows and allow it to restart
  • After the restart, Notepad will open with the AdwCleaner cleaning log
  • Please Attach the contents of that log into your next reply to me
 
#14
You have remnants of Bitdefender , Norton, Avast.

Run the removal tools.

Antivirus Removal Tool

Antivirus Removal Tool (freeware) is a portable program to detect and completely remove antivirus software. It will help you to identify current and past installations, and it will provide you with the official specialized uninstallers. These are designed by the manufacturers of the antivirus...
antivirus-removal-tool.com antivirus-removal-tool.com



Once you have completed all task, and posted requested logs, please let me know how things are and post fresh FRST and Addition.txt logs for review please.
 
Status
Not open for further replies.
Top Bottom
Back
Forums
Resources
Menu