Seems to me that you got infected, you downloaded some 3rd party antivirus and Windows Defender got disabled. There are also remnants from several programs you uninstalled.
So...
Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:
1.
Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!
2.
Do not run any tools unless instructed to do so. Also,
do not uninstall or install any software during the procedure, unless I ask you to do so.
3.
Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs,
please uninstall them now, before we start the cleaning procedure.
4.
If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
5. You have to reply to my posts
within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least
once per day so that we can resolve your issues effectively and efficiently.
6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post.
Please, be patient, while I analyze your logs.
==============================
Let's start from somewhere.
FRST fix
Please do the following to run a FRST fix.
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
- Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
HKU\S-1-5-21-2807344463-2120647681-1166750694-1001\...\StartupApproved\Run: => "360DesktopLite"
FirewallRules: [TCP Query User{662C8B2F-0E1F-44CE-BD91-7FEC7CD0902A}C:\program files (x86)\smartgaga\projecttitan\engine\projecttitan.exe] => (Block) C:\program files (x86)\smartgaga\projecttitan\engine\projecttitan.exe => No File
FirewallRules: [UDP Query User{22FF463E-8753-4B6A-9240-6D209831306D}C:\program files (x86)\smartgaga\projecttitan\engine\projecttitan.exe] => (Block) C:\program files (x86)\smartgaga\projecttitan\engine\projecttitan.exe => No File
FirewallRules: [{9931676E-8CF8-4AEB-9469-18673E37EA7C}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => No File
FirewallRules: [{94116F4B-4726-4FE0-9039-AAFB05482C82}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => No File
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
2022-10-29 19:36 - 2022-10-29 19:36 - 000000000 ____D C:\Users\Subam Karki\AppData\Local\unali-9268296
2022-10-29 19:36 - 2022-10-29 19:36 - 000000000 ____D C:\Users\Subam Karki\AppData\Local\unali-9267843
2022-10-29 19:14 - 2022-10-30 12:00 - 000000000 ____D C:\Windows\system32\Tasks\Diagnostic
2022-10-29 19:14 - 2022-10-30 12:00 - 000000000 ____D C:\Users\Subam Karki\AppData\Roaming\otodbvpamp
2022-10-29 19:14 - 2022-10-29 19:14 - 000000000 ____D C:\Users\Subam Karki\AppData\Roaming\023FE6AA811C9DC5
2022-10-29 19:08 - 2022-10-29 19:08 - 000000000 ____D C:\Users\Subam Karki\AppData\Local\unali-7577281
2022-10-29 19:00 - 2022-10-29 19:00 - 000000000 ____D C:\Users\Subam Karki\AppData\Local\CleanGenius
2022-10-29 18:41 - 2022-10-29 18:42 - 000000000 ____D C:\Users\Subam Karki\AppData\Local\unali-6016078
2022-10-29 18:41 - 2022-10-29 18:42 - 000000000 ____D C:\Users\Subam Karki\AppData\Local\unali-6015875
2022-10-28 19:52 - 2022-10-28 21:27 - 000000000 ____D C:\Users\Subam Karki\AppData\Roaming\360DesktopLite
2022-10-28 19:49 - 2022-10-29 08:37 - 000000000 ____D C:\Program Files (x86)\360
2022-10-28 15:38 - 2022-10-30 12:06 - 000000000 ____D C:\Users\Subam Karki\AppData\Roaming\f1vkwhl8p5
2022-10-28 15:33 - 2022-11-03 17:16 - 000000000 ____D C:\ProgramData\SurfaceReduction
2022-10-26 13:00 - 2022-10-26 13:00 - 000000000 _____ C:\Users\Subam Karki\AppData\Local\{E0FE5161-65E6-4637-9507-993B314A311B}
2022-10-25 19:57 - 2022-10-25 21:03 - 000000000 ____D C:\Program Files (x86)\NeoSmart Technologies
2022-10-25 19:57 - 2022-10-25 19:57 - 000000000 ____D C:\Users\Subam Karki\AppData\Local\NeoSmart_Technologies
2022-10-25 19:55 - 2022-10-25 19:55 - 002289864 _____ C:\Users\Subam Karki\Downloads\EasyBCD 2.4.exe
2022-10-22 16:01 - 2022-10-22 18:16 - 000000000 ____D C:\Users\Subam Karki\AppData\Roaming\Movavi Video Editor Plus 2022
2022-10-22 15:56 - 2022-10-22 15:56 - 000000000 ____D C:\Users\Subam Karki\AppData\Local\VideoEditorPlus
2022-10-22 15:56 - 2022-10-22 15:56 - 000000000 ____D C:\Users\Subam Karki\AppData\Local\CrashRpt
2022-10-22 15:53 - 2022-10-22 15:56 - 000000000 ____D C:\Users\Subam Karki\AppData\Local\Movavi
2022-10-22 15:53 - 2022-10-22 15:53 - 000012735 _____ C:\ProgramData\goyslgxe.nnn
2022-10-22 15:53 - 2022-10-22 15:53 - 000000016 _____ C:\ProgramData\mntemp
2022-10-14 15:29 - 2022-10-14 15:29 - 000000000 ____D C:\Users\Subam Karki\AppData\Local\Yandex
2022-10-11 13:39 - 2022-10-11 13:39 - 000000000 ____D C:\Program Files\Sublime Text 3
2022-10-06 19:00 - 2022-10-06 19:07 - 000000000 ____D C:\Users\Subam Karki\AppData\Roaming\SmartGaGa
2022-10-06 18:59 - 2022-10-06 19:53 - 000000000 ____D C:\Program Files (x86)\SmartGaGa
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:
End::
- Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt on your Desktop.
- Post the log in your next reply.