Hello, again.
Welcome to Sysnative Forums.
I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.
Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:
1.
Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!
2.
Do not run any tools unless instructed to do so. Also,
do not uninstall or install any software during the procedure, unless I ask you to do so.
3.
Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs,
please uninstall them now, before we start the cleaning procedure.
4.
If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
5. You have to reply to my posts
within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least
once per day so that we can resolve your issues effectively and efficiently.
6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post.
Please, be patient, while I analyze your logs.
=====================
First comments/instructions regarding to your logs:
1. Move FRST tool
Please move FRST tool from your Downloads folder on to your Desktop.
2. P2P program
You have
qBittorrent installed in your computer. This is a
P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again. But it is your computer and of course your decision.
- If you decide to keep it, DON'T use it during the cleaning procedure.
- If you decide to uninstall it, uninstall it now.
3. FRST fix
Please do the following to run a FRST fix.
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
- Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1206.2 - AVAST Software) Hidden
CustomCLSID: HKU\S-1-5-21-2579348349-3800810321-2869270608-1002_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\Inventor Interoperability 2023\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-2579348349-3800810321-2869270608-1002_Classes\CLSID\{169B5B8E-E315-41C7-9574-66FC7E530D10}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2023\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-2579348349-3800810321-2869270608-1002_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2023\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-2579348349-3800810321-2869270608-1002_Classes\CLSID\{74F5CC00-49A9-11CF-A2F9-444553540000}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD LT 2021\en-US\acadltficn.dll => No File
CustomCLSID: HKU\S-1-5-21-2579348349-3800810321-2869270608-1002_Classes\CLSID\{89b2b650-c4dd-d68b-46e7-3176f1973c8b}\localserver32 -> "C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2579348349-3800810321-2869270608-1002_Classes\CLSID\{8B4929F8-076F-4AEC-AFEE-8928747B7AE3}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2023\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-2579348349-3800810321-2869270608-1002_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\Inventor Interoperability 2023\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-2579348349-3800810321-2869270608-1002_Classes\CLSID\{AA46BA8A-9825-40FD-8493-0BA3C4D5CEB5}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2023\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-2579348349-3800810321-2869270608-1002_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\JP\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-2579348349-3800810321-2869270608-1002_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2023\en-US\acadficn.dll => No File
CustomCLSID: HKU\S-1-5-21-2579348349-3800810321-2869270608-1002_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\Inventor Interoperability 2023\Bin\TestServer.dll => No File
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk:B76C4E1157 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk:7661CCE9BF [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk:09A0A90EF3 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk:F9B57EE960 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk:980850BA8A [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk:E77773B271 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NI Launcher.lnk:81F4CF937B [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NI Multisim 14.2.lnk:D5C06E40C2 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NI Ultiboard 14.2.lnk:4D6B5A5522 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk:99EC184B9D [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk:86E8B79B48 [3442]
AlternateDataStreams: C:\Users\JP\Application Data:955d2a2f697b1c9b40c63a2dd2b7d393 [394]
AlternateDataStreams: C:\Users\JP\Application Data:a8f96ed9f548b3497db5ddd233a8b439 [394]
AlternateDataStreams: C:\Users\JP\AppData\Roaming:955d2a2f697b1c9b40c63a2dd2b7d393 [394]
AlternateDataStreams: C:\Users\JP\AppData\Roaming:a8f96ed9f548b3497db5ddd233a8b439 [394]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wcg_fsqvx1oymacegikm3ve_20_33_ssg00¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0CtBzytCtAtA0ByC0BtD0B0F0DyDzztAtN0D0Tzu0StAtCyDtDtN1L2XzuyDtFtBtFtDtFtCtByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzztCyB0C0Dzz0CtGyD0Dzz0BtGtDyDyBtDtGtCtA0AyDtGzyzyyDtAtB0F0E0ByE0E0AyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtDtCtDyDyD1R1RtGyB1S1TtAtGyE1Ozz1PtG1StCtD1RtG1O1Q1RtBtCzztA1OtB1Q1RtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzyyByCtAzzzzzytD%26cr%3D1170650392%26a%3Dwcg_fsqvx1oymacegikm3ve_20_33_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\S-1-5-21-2579348349-3800810321-2869270608-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wcg_fsqvx1oymacegikm3ve_20_33_ssg00¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0CtBzytCtAtA0ByC0BtD0B0F0DyDzztAtN0D0Tzu0StAtCyDtDtN1L2XzuyDtFtBtFtDtFtCtByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzztCyB0C0Dzz0CtGyD0Dzz0BtGtDyDyBtDtGtCtA0AyDtGzyzyyDtAtB0F0E0ByE0E0AyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtDtCtDyDyD1R1RtGyB1S1TtAtGyE1Ozz1PtG1StCtD1RtG1O1Q1RtBtCzztA1OtB1Q1RtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzyyByCtAzzzzzytD%26cr%3D1170650392%26a%3Dwcg_fsqvx1oymacegikm3ve_20_33_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKU\S-1-5-21-2579348349-3800810321-2869270608-1002 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wcg_fsqvx1oymacegikm3ve_20_33_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0CtBzytCtAtA0ByC0BtD0B0F0DyDzztAtN0D0Tzu0StAtCyDtDtN1L2XzuyDtFtBtFtDtFtCtByDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzztCyB0C0Dzz0CtGyD0Dzz0BtGtDyDyBtDtGtCtA0AyDtGzyzyyDtAtB0F0E0ByE0E0AyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtDtCtDyDyD1R1RtGyB1S1TtAtGyE1Ozz1PtG1StCtD1RtG1O1Q1RtBtCzztA1OtB1Q1RtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzyyByCtAzzzzzytD%26cr%3D1170650392%26a%3Dwcg_fsqvx1oymacegikm3ve_20_33_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-07-20] (McAfee, LLC -> McAfee, LLC)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-07-20] (McAfee, LLC -> McAfee, LLC)
FirewallRules: [TCP Query User{DBADAC55-38AB-469E-88E6-6D7863E506A5}F:\riot games\riot client\riotclientservices.exe] => (Allow) F:\riot games\riot client\riotclientservices.exe => No File
FirewallRules: [UDP Query User{961E3312-720E-4612-968A-F4EBA5C270FA}F:\riot games\riot client\riotclientservices.exe] => (Allow) F:\riot games\riot client\riotclientservices.exe => No File
FirewallRules: [{2D852A90-F881-433B-B204-22513E1389CA}] => (Allow) C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe => No File
FirewallRules: [TCP Query User{D48E961D-43F3-497E-9A6A-407C7F1F5238}C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe => No File
FirewallRules: [UDP Query User{F0C7FE79-A50D-4B5A-9C81-38D137F15A8D}C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe => No File
FirewallRules: [TCP Query User{76A60D1B-9099-4112-B859-09DD8F6F5EA3}C:\worldwarz\en_us\client\bin\pc\wwzretailegs.exe] => (Allow) C:\worldwarz\en_us\client\bin\pc\wwzretailegs.exe => No File
FirewallRules: [UDP Query User{DEB96112-375C-4292-AE5E-0FB0A90225BA}C:\worldwarz\en_us\client\bin\pc\wwzretailegs.exe] => (Allow) C:\worldwarz\en_us\client\bin\pc\wwzretailegs.exe => No File
FirewallRules: [{347032A2-E921-43E2-B976-AA87FB95C1FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prometheus\Prometheus.exe => No File
FirewallRules: [{2B1774B6-58F0-4EC5-AED7-E9C6A2B3E785}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prometheus\Prometheus.exe => No File
FirewallRules: [TCP Query User{A2AE4BA2-A62A-4541-8A8B-C85D163BB047}C:\fallguys\fallguys_client_game.exe] => (Allow) C:\fallguys\fallguys_client_game.exe => No File
FirewallRules: [UDP Query User{1235AA67-A29E-49E4-B31B-D904D83884BB}C:\fallguys\fallguys_client_game.exe] => (Allow) C:\fallguys\fallguys_client_game.exe => No File
FirewallRules: [TCP Query User{C1747A1E-250A-430D-A37D-DDEF923CC6B4}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [UDP Query User{82C1F6DA-BA70-40EC-AB9C-FAD294D5DD72}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [TCP Query User{1386C597-2F07-4EE6-9269-954B86E65483}C:\amongus\among us.exe] => (Allow) C:\amongus\among us.exe => No File
FirewallRules: [UDP Query User{717CCEFF-7650-4829-B084-C2F473D6010F}C:\amongus\among us.exe] => (Allow) C:\amongus\among us.exe => No File
FirewallRules: [TCP Query User{B8137A64-DA99-4A3D-8383-A8EB253681B1}F:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe] => (Allow) F:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe => No File
FirewallRules: [UDP Query User{2AD5DE41-2797-40F2-BC83-AEADFBF8FF4A}F:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe] => (Allow) F:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe => No File
FirewallRules: [TCP Query User{8AD041A6-B59E-48B6-97CF-5EA392D771E1}F:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe] => (Block) F:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe => No File
FirewallRules: [UDP Query User{26575FEF-5633-4A6D-ABE3-AFA84BE416D7}F:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe] => (Block) F:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe => No File
FirewallRules: [TCP Query User{55339385-F965-4EAE-8E58-C82F1AAF67E5}F:\riot games\riot client\riotclientservices.exe] => (Allow) F:\riot games\riot client\riotclientservices.exe => No File
FirewallRules: [UDP Query User{2891CC9D-0532-4A5C-B510-CCECA84CFB76}F:\riot games\riot client\riotclientservices.exe] => (Allow) F:\riot games\riot client\riotclientservices.exe => No File
FirewallRules: [TCP Query User{B2D81386-9ECC-4B85-B7EE-E3970B7F491A}C:\dyinglight\dyinglightgame.exe] => (Allow) C:\dyinglight\dyinglightgame.exe => No File
FirewallRules: [UDP Query User{59ED0D81-AC10-4E9C-9826-961157F20710}C:\dyinglight\dyinglightgame.exe] => (Allow) C:\dyinglight\dyinglightgame.exe => No File
FirewallRules: [TCP Query User{219DF0FE-BCDE-4A96-B68A-E4293917F226}C:\dyinglight\dyinglightgame.exe] => (Allow) C:\dyinglight\dyinglightgame.exe => No File
FirewallRules: [UDP Query User{76FD337E-6D22-44CC-AD60-F0711CDE79AC}C:\dyinglight\dyinglightgame.exe] => (Allow) C:\dyinglight\dyinglightgame.exe => No File
FirewallRules: [TCP Query User{2A0E564B-1FB6-4EC4-B2D8-FA8CE92E390C}C:\users\jp\appdata\local\discord\app-1.0.9012\discord.exe] => (Block) C:\users\jp\appdata\local\discord\app-1.0.9012\discord.exe => No File
FirewallRules: [UDP Query User{04E192B8-0687-4A5B-BDED-97DA0BD6E9B4}C:\users\jp\appdata\local\discord\app-1.0.9012\discord.exe] => (Block) C:\users\jp\appdata\local\discord\app-1.0.9012\discord.exe => No File
FirewallRules: [{0FA87F7B-FD59-4B03-B456-F866525F9A61}] => (Allow) C:\Users\JP\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{A57230DE-850C-47CF-A272-4057968278C0}] => (Allow) C:\Users\JP\AppData\Roaming\Zoom\bin\airhost.exe => No File
HKLM-x32\...\Run: [Genshin Impact Beta_Launcher] => [X]
HKLM-x32\...\Run: [Genshin Impact_Launcher] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-2579348349-3800810321-2869270608-1002\...\Run: [Facebook.MessengerDesktop] => C:\Users\JP\AppData\Local\Programs\Messenger\Messenger.exe (No File)
HKU\S-1-5-21-2579348349-3800810321-2869270608-1002\...\Run: [Windscribe] => "C:\Program Files (x86)\Windscribe\Windscribe.exe" -os_restart (No File)
HKU\S-1-5-21-2579348349-3800810321-2869270608-1002\...\Run: [Netmarble Launcher] => "C:\Program Files\Netmarble\Netmarble Launcher\Netmarble Launcher.exe" (No File)
HKU\S-1-5-21-2579348349-3800810321-2869270608-1002\...\Policies\Explorer: []
HKU\S-1-5-21-2579348349-3800810321-2869270608-1002\...\Policies\Explorer: [NoSecurityTab] 1
HKU\S-1-5-21-2579348349-3800810321-2869270608-1002\...\MountPoints2: {78fe43fc-5f4d-11ea-b5fe-04d4c4e44f1b} - "D:\HiSuiteDownLoader.exe"
IFEO\dismHost.exe: [Debugger] *
IFEO\EOSNOTIFY.EXE: [Debugger] *
IFEO\InstallAgent.exe: [Debugger] *
IFEO\MusNotification.exe: [Debugger] *
IFEO\MUSNOTIFICATIONUX.EXE: [Debugger] *
IFEO\remsh.exe: [Debugger] *
IFEO\SIHClient.exe: [Debugger] *
IFEO\UpdateAssistant.exe: [Debugger] *
IFEO\UPFC.EXE: [Debugger] *
IFEO\UsoClient.exe: [Debugger] *
IFEO\WaaSMedic.exe: [Debugger] *
IFEO\WaasMedicAgent.exe: [Debugger] *
IFEO\Windows10Upgrade.exe: [Debugger] *
IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] *
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
"C:\Windows\System32\Tasks\Microsoft\Windows\Google" could not be unlocked. <==== ATTENTION
Task: {D78CCB38-90AF-4508-A006-CD7B0F428997} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineZQ => C:\Windows\SysWOW64\XPSViewer\TasksG\G-1-75-28\TG_1.3.71.25.exe (Access Denied) <==== ATTENTION <==== ATTENTION
Edge HKLM-x32\...\Edge\Extension: [fdhgeoginicibhagdmblfikbgbkahibd]
CHR HKLM\...\Chrome\Extension: [bhoagceacaklimpcejjofabngcjkebfg]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [ijahobfejgeblmkpcmgpelfibgnnjpil]
CHR HKU\S-1-5-21-2579348349-3800810321-2869270608-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bhoagceacaklimpcejjofabngcjkebfg]
CHR HKU\S-1-5-21-2579348349-3800810321-2869270608-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ijahobfejgeblmkpcmgpelfibgnnjpil]
CHR HKLM-x32\...\Chrome\Extension: [bhoagceacaklimpcejjofabngcjkebfg]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [ijahobfejgeblmkpcmgpelfibgnnjpil]
S3 Rockstar Service; "F:\GTAV\Launcher\RockstarService.exe" [X]
S2 AMDRyzenMasterDriverV19; \??\C:\Windows\system32\AMDRyzenMasterDriver.sys [X]
R2 SU10Guard; C:\Windows\USPDSATE\SU10Guard.exe [72776 2020-05-30] (Greatis Software LLC -> Greatis Software, LLC)
C:\Windows\USPDSATE
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
RemoveProxy:
cmd: netsh winsock reset
EmptyTemp:
End::
- Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt on your Desktop.
- Post the log in your next reply.
4. Eset Online Scan
Download
ESET Online Scanner and save it to your desktop.
- Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
- When the tool opens, click Get Started.
- Read and accept the license agreement.
- At the Welcome to ESET Online Scanner window, click Get Started.
- Select whether you would like to send anonymous data to ESET.
- Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
- Click on the Full Scan option.
- Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
- ESET will now begin scanning your computer. This may take some time.
- When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
- ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
- On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
- Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
In your next reply please post:
- What did you decide about qBitTorrent
- The fixlog.txt
- The eset.txt
