Hi, Kako. :)
Thanks for the logs.
Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:
1.
Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!
2.
Do not run any tools unless instructed to do so. Also,
do not uninstall or install any software during the procedure, unless I ask you to do so.
3.
Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs,
please uninstall them now, before we start the cleaning procedure.
4.
If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
5. You have to reply to my posts
within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least
once per day so that we can resolve your issues effectively and efficiently.
6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post.
Please, be patient, while I analyze your logs.
=====================
I reviewed your logs and there is no sign of an active infection. However, there are some important things which have to be corrected (e.g. remnants from previous security or other programs, missing files, restriction in Windows updates, hard disk free space).
To begin with:
1. FRST fix
Please do the following to run a FRST fix.
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
- Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-1313878405-3833788410-3686594989-1001_Classes\CLSID\{2EF7E390-2F7C-4F9A-9B7D-4A87B56B711D}\InprocServer32 -> C:\Users\Kako\AppData\Local\Microsoft\EdgeUpdate\1.3.173.51\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1313878405-3833788410-3686594989-1001_Classes\CLSID\{38971E90-14FD-44F6-AA45-1447B653F873}\InprocServer32 -> C:\Users\Kako\AppData\Local\Microsoft\EdgeUpdate\1.3.173.45\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1313878405-3833788410-3686594989-1001_Classes\CLSID\{B29F5F83-90DF-479A-BDE7-8A9F4412E394}\InprocServer32 -> C:\Users\Kako\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1313878405-3833788410-3686594989-1001_Classes\CLSID\{E8791438-3525-48BF-A600-C577AD1674C2}\InprocServer32 -> C:\Users\Kako\AppData\Local\Microsoft\EdgeUpdate\1.3.173.49\psuser_64.dll => No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
FirewallRules: [{480C6602-A8F0-4CD4-AA2D-AB8069EA5E9D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{9E6EFAB9-EFA3-4B1E-B67D-E4ECCBA59176}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{01DF0815-250E-4BEF-A399-C43432F6D46B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{C9B70DF6-3CB5-42AC-9DE3-6A0E1C192420}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{B7B9D074-48C5-42B7-919C-8FC97EFDCF20}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe => No File
FirewallRules: [{D3EF72C4-1E05-4870-AF23-4CA110E4ECD0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe => No File
FirewallRules: [{BE6B1F07-4D3A-4670-B526-391355A4DC81}] => (Allow) F:\SteamLibrary\steamapps\common\No Man's Sky\Binaries\NMS.exe => No File
FirewallRules: [{C796FA8E-BAE7-4FCD-A45C-EFF3E35CA1D3}] => (Allow) F:\SteamLibrary\steamapps\common\No Man's Sky\Binaries\NMS.exe => No File
FirewallRules: [{500F7830-4416-4798-ACEB-FF68CAAACD4E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe => No File
FirewallRules: [{43EAD9B0-19B8-44FF-834E-F4A321930525}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe => No File
FirewallRules: [TCP Query User{C6639EA7-E119-4000-8DF2-7692F650AF8A}F:\steamlibrary\steamapps\common\xcom 2\xcom2-warofthechosen\binaries\win64\xcom2.exe] => (Allow) F:\steamlibrary\steamapps\common\xcom 2\xcom2-warofthechosen\binaries\win64\xcom2.exe => No File
FirewallRules: [UDP Query User{8A0D96D6-8339-4AC2-8A3B-6388A2D95A56}F:\steamlibrary\steamapps\common\xcom 2\xcom2-warofthechosen\binaries\win64\xcom2.exe] => (Allow) F:\steamlibrary\steamapps\common\xcom 2\xcom2-warofthechosen\binaries\win64\xcom2.exe => No File
FirewallRules: [{19F31669-0414-437A-8710-F62D737F46E0}] => (Allow) C:\Users\Kako\AppData\Local\Temp\bittorrent\bittorrent.exe => No File
FirewallRules: [{615E0381-5DDA-44D9-B04B-6DF73EAF36B0}] => (Allow) C:\Users\Kako\AppData\Local\Temp\bittorrent\bittorrent.exe => No File
FirewallRules: [{6187853F-1F25-491A-B7B0-A406E7D4D711}] => (Allow) C:\Users\Kako\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
FirewallRules: [{BBE21DD7-FA25-4CB5-8545-69F5D0ADEE97}] => (Allow) C:\Users\Kako\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
FirewallRules: [TCP Query User{046B984D-BEC7-494E-9ACF-06A479BECA56}C:\users\kako\appdata\roaming\bittorrent\updates\bittorrent.exe] => (Allow) C:\users\kako\appdata\roaming\bittorrent\updates\bittorrent.exe => No File
FirewallRules: [UDP Query User{B2C499B2-24AD-4BA0-9D31-8C0993C8710B}C:\users\kako\appdata\roaming\bittorrent\updates\bittorrent.exe] => (Allow) C:\users\kako\appdata\roaming\bittorrent\updates\bittorrent.exe => No File
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-1313878405-3833788410-3686594989-1001\...\Run: [ASRock A-Tuning] => [X]
Task: {580239FE-222A-4B28-9E3C-80A0846F7053} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Kako\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2023-03-16] (ESET, spol. s r.o. -> ESET)
Task: {65924CB8-6F67-4689-A935-12B9205CAA51} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1313878405-3833788410-3686594989-1001Core{6E28A36B-8109-4CAC-8E70-87BD156D7722} => C:\Users\Kako\AppData\Local\Google\Update\GoogleUpdate.exe /c (No File)
Task: {A779348C-C67C-41A6-8804-6EA6B5100F62} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Kako\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2023-03-16] (ESET, spol. s r.o. -> ESET)
Task: {FFBE5C82-7AF3-4B4A-9F8D-78585F7F0994} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1313878405-3833788410-3686594989-1001UA{1E048778-4B77-43A7-843A-72B5F7ECC983} => C:\Users\Kako\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler (No File)
S3 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [802976 2020-12-04] (Bitdefender SRL -> Bitdefender)
S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [615840 2021-10-01] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S3 PORTMON; \??\C:\Users\Kako\Desktop\PORTMSYS.SYS [X]
2023-02-16 00:49 - 2023-02-16 01:21 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2023-02-16 00:49 - 2023-02-16 01:21 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2023-02-05 23:39 - 2023-02-19 05:41 - 000000000 ____D C:\Users\Kako\AppData\Local\BitTorrentHelper
2023-02-05 23:38 - 2023-03-16 16:02 - 000000000 ____D C:\Users\Kako\AppData\Roaming\bittorrent
2023-02-05 23:38 - 2023-02-05 23:38 - 000000000 ____D C:\Users\Kako\AppData\LocalLow\BitTorrent.WebView2
2023-02-05 23:38 - 2023-02-05 23:38 - 000000000 ____D C:\Users\Kako\AppData\Local\Adaware
C:\WINDOWS\system32\DRIVERS\bddci.sys
C:\WINDOWS\System32\DRIVERS\Trufos.sys
CMD: netsh advfirewall reset
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
- Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.[/*]
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt on your Desktop.
- Post the log in your next reply.
2. Run AdwCleaner (scan only)
Download
AdwCleaner and save it to your desktop.
- Double click AdwCleaner.exe to run it.
- Click Scan Now.
- When the scan has finished, a Scan Results window will open.
- Click Cancel (at this point do not attempt to Quarantine anything that is found)
- Now click the Log Filestab.
- Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
- A Notepad file will open containing the results of the scan.
- Please post the contents of the file in your next reply.
3. Run Malwarebytes (scan only)
- Open Malwarebytes you have already installed.
- Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
Code:
Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.
- Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
- When finished, you will see the Threat Scan Summary window open.
If threats are not found, click
View Report and proceed to the
two last steps below.
If threats are found, make sure that
all threats are not selected, close the program and proceed to the next steps below.
- Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
- Find the report with the most recent date and double click on it.
- Click on Export and then Copy to Clipboard.
- Paste its content here, in your next reply.
In your next reply, please post:
- The fixlog.txt
- The AdwCleaner[S0*].txt
- The Malwarebytes report
