Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Fake job recruiters hide malware in developer coding challenges

Featured Deal: Pay once and get 1TB of Koofr cloud storage for life

Latest Buyer's Guide:     Best VPNs in 2025

Generic User Avatar

Concerned about spyware / hijack by hackers that keep having access to my device

Started by SadhuSaddhi , Jul 06 2021 05:53 AM

  • This topic is locked This topic is locked
8 replies to this topic

#1 SadhuSaddhi

SadhuSaddhi

  • Avatar image
  • Members
  • 25 posts
  • OFFLINE
    •  
  • Local time:05:58 PM

Posted 06 July 2021 - 05:53 AM

Still having clues that certain people have access to my private data. There is no way it can be anything else but this computer or the router.

 

I changed windows, hdd, scanned, blocked ipv6 and all the remote settings but somehow these people keep connecting to my stuff and get my passwords after I change them. I suspect something really professional here.

 

IS there a way to scan my router for a rat virus or anything else possible ?

 

Is the pc clean looking ? this is the desktop

 

Any other tool to deep scan to see if we find their trace ?

 

 

 

 

 

 

 

Thank you with great regards,

From Iceland

S.

 

Take a look and answer my 3 questions   please 

 

 

FRST :

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-07-2021
Ran by v (administrator) on V-PC (MSI MS-7788) (06-07-2021 13:42:28)
Running from C:\Users\v\Downloads
Loaded Profiles: v
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <39>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Simply Super Software -> Simply Super Software) C:\Program Files (x86)\Trojan Remover\Trjscan.exe
(WOLF OF WEBSTREET (OPC) PRIVATE LIMITED -> Copyright 2017.) C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe
(Wondershare software CO., LIMITED -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9268672 2018-03-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe [15767792 2021-06-02] (WOLF OF WEBSTREET (OPC) PRIVATE LIMITED -> Copyright 2017.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-22] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020704 2014-07-09] (Wondershare software CO., LIMITED -> Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-135735136-4288442710-2493696898-1000\...\Run: [uTorrent] => C:\Users\v\AppData\Roaming\uTorrent\uTorrent.exe [2136872 2021-06-04] (BitTorrent Inc -> BitTorrent Inc.) [File not signed]
HKU\S-1-5-21-135735136-4288442710-2493696898-1000\...\Run: [Opera Browser Assistant] => S:\assistant\browser_assistant.exe [4042960 2021-06-02] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-135735136-4288442710-2493696898-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\91.0.4472.124\Installer\chrmstp.exe [2021-06-25] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1276000C-E3BB-4502-9074-3672A6863AF2} - System32\Tasks\Opera scheduled Autoupdate 1622973751 => S:\launcher.exe [2199760 2021-06-02] (Opera Software AS -> Opera Software) <==== ATTENTION
Task: {22E8F83A-5D10-46D8-8A69-725037F483F0} - System32\Tasks\TR_AntiHijack => C:\Program Files (x86)\Trojan Remover\TRAntiHJ.exe
Task: {3BE88604-5134-4E00-BAB3-036944360B67} - System32\Tasks\TR_Updater => C:\Program Files (x86)\Trojan Remover\Trupd.exe [10554264 2021-06-18] (Simply Super Software -> Simply Super Software)
Task: {41EF6D9F-26B1-4E56-831B-C2109044240B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2021-06-02] (Google LLC -> Google LLC)
Task: {6D36A180-BFD7-4F71-9D75-99A953075994} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-22] (Mozilla Corporation -> Mozilla Foundation)
Task: {8C00B549-47F9-4A76-9BE3-2E2050337760} - System32\Tasks\TR_FastScan_Daily_v => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [6499736 2021-02-28] (Simply Super Software -> Simply Super Software)
Task: {8D52D53E-68F8-4EDC-B4DE-B4E3322E70F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2021-06-02] (Google LLC -> Google LLC)
Task: {A94DF406-4C66-4642-AC8E-D56D5FFE37FD} - System32\Tasks\TR_FastScan_AtLogon => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [6499736 2021-02-28] (Simply Super Software -> Simply Super Software)
Task: {F2813303-1449-423C-94B0-969228AB3962} - System32\Tasks\Opera scheduled assistant Autoupdate 1622973752 => S:\launcher.exe [2199760 2021-06-02] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="S:\assistant" $(Arg0)
Task: {F9AB3915-AA0D-4AF6-95D8-1EE9E922B769} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_v => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [5968264 2021-01-14] (Janos Mathe -> H.D.S. Hungary)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 193.231.252.1 213.154.124.1
Tcpip\..\Interfaces\{13BC1ACF-6CFF-473D-9CF0-CAB1F2C69FF7}: [DhcpNameServer] 193.231.252.1 213.154.124.1
 
FireFox:
========
FF DefaultProfile: 1xgc9yoj.default
FF ProfilePath: C:\Users\v\AppData\Roaming\Mozilla\Firefox\Profiles\1xgc9yoj.default [2021-06-24]
FF ProfilePath: C:\Users\v\AppData\Roaming\Mozilla\Firefox\Profiles\xgee1ms4.default-release [2021-07-06]
FF Plugin: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-06-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-06-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-01-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-01-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)
 
Chrome: 
=======
CHR Profile: C:\Users\v\AppData\Local\Google\Chrome\User Data\Default [2021-07-06]
CHR Notifications: Default -> hxxps://www.facebook.com
CHR Extension: (Slides) - C:\Users\v\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-06-02]
CHR Extension: (Docs) - C:\Users\v\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-06-02]
CHR Extension: (Google Drive) - C:\Users\v\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-06-02]
CHR Extension: (YouTube) - C:\Users\v\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-06-02]
CHR Extension: (uBlock Origin) - C:\Users\v\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-06-29]
CHR Extension: (Sheets) - C:\Users\v\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-06-02]
CHR Extension: (HTTPS Everywhere) - C:\Users\v\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2021-06-01]
CHR Extension: (Google Docs Offline) - C:\Users\v\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-26]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\v\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-06-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\v\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-02]
CHR Extension: (Gmail) - C:\Users\v\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-06-02]
CHR Extension: (Chrome Media Router) - C:\Users\v\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-02]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
 
Opera: 
=======
OPR Profile: C:\Users\v\AppData\Roaming\Opera Software\Opera Stable [2021-07-06]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\v\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-06-06]
StartMenuInternet: (HKU\S-1-5-21-135735136-4288442710-2493696898-1000) OperaStable - "S:\\Launcher.exe"
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe [15767792 2021-06-02] (WOLF OF WEBSTREET (OPC) PRIVATE LIMITED -> Copyright 2017.)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2021-06-02] (Zemana Ltd. -> Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2021-06-02] (Zemana Ltd. -> Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-07-06 13:42 - 2021-07-06 13:43 - 000012305 _____ C:\Users\v\Downloads\FRST.txt
2021-07-06 13:40 - 2021-07-06 13:43 - 000000000 ____D C:\FRST
2021-07-06 13:40 - 2021-07-06 13:40 - 002301440 _____ (Farbar) C:\Users\v\Downloads\FRST64.exe
2021-07-06 01:59 - 2021-07-06 01:59 - 000000000 ____D C:\ProgramData\TEMP
2021-07-05 23:16 - 2021-07-05 23:16 - 000012395 _____ C:\Users\v\Desktop\Alexandru Radu CV B - Shortcut.lnk
2021-07-04 02:10 - 2021-07-04 02:10 - 014447149 _____ C:\Users\v\Downloads\10000000-354417472949762-817613097326390010-n-spsm2wzp-2sag_Q84IqX6f_O0ST.mp4
2021-07-04 01:59 - 2021-07-04 01:59 - 028767579 _____ C:\Users\v\Downloads\10000000-354417472949762-817613097326390010-n_Spsm2wZP_2Sag.mp4
2021-07-04 01:47 - 2021-07-04 01:47 - 018083616 _____ C:\Users\v\Downloads\10000000-354417472949762-817613097326390010-n_EYf66l33_Nw5D.mp4
2021-07-04 01:38 - 2021-07-04 01:39 - 477790800 _____ (TechSmith Corporation) C:\Users\v\Downloads\camtasia.exe
2021-07-04 01:37 - 2021-07-04 01:38 - 000000977 _____ C:\Users\v\Desktop\Handbrake.lnk
2021-07-04 01:37 - 2021-07-04 01:37 - 000000000 ____D C:\Users\v\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2021-07-04 01:37 - 2021-07-04 01:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
2021-07-04 01:36 - 2021-07-04 01:37 - 000000000 ____D C:\Program Files\Handbrake
2021-07-04 01:36 - 2021-07-04 01:36 - 007205327 _____ C:\Users\v\Downloads\HandBrake-0.9.6-x86_64-Win_GUI.exe
2021-07-04 01:34 - 2021-07-04 01:34 - 010554159 _____ C:\Users\v\Downloads\HandBrake-1.0.0-x86_64-Win_GUI.exe
2021-07-04 01:31 - 2021-07-04 01:31 - 013534240 _____ C:\Users\v\Downloads\HandBrake-1.3.3-x86_64-Win_GUI.exe
2021-07-04 01:17 - 2021-07-04 01:17 - 000000000 ____D C:\Users\v\Documents\Adobe
2021-07-04 01:14 - 2021-07-04 01:14 - 000000000 ____D C:\Users\v\AppData\Local\cache
2021-07-04 01:13 - 2021-07-04 01:15 - 000000000 ____D C:\Users\v\AppData\Local\Movavi
2021-07-04 01:13 - 2021-07-04 01:13 - 000012605 _____ C:\ProgramData\juutbubq.wrj
2021-07-04 01:13 - 2021-07-04 01:13 - 000000925 _____ C:\Users\v\Desktop\Movavi Video Editor Plus 2021.lnk
2021-07-04 01:13 - 2021-07-04 01:13 - 000000016 _____ C:\ProgramData\mntemp
2021-07-04 01:13 - 2021-07-04 01:13 - 000000000 ____D C:\Users\v\AppData\Roaming\Movavi Video Editor Plus 2021
2021-07-04 01:13 - 2021-07-04 01:13 - 000000000 ____D C:\Users\v\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movavi Video Editor Plus 2021
2021-07-04 01:13 - 2021-07-04 01:13 - 000000000 ____D C:\Users\v\AppData\Local\VideoEditorPlus
2021-07-04 01:13 - 2021-07-04 01:13 - 000000000 ____D C:\Users\v\AppData\Local\CrashRpt
2021-07-04 01:12 - 2021-07-04 01:12 - 078777016 _____ (Movavi) C:\Users\v\Downloads\MovaviVideoEditorPlusSetupC.exe
2021-07-04 01:04 - 2021-07-04 01:04 - 039412465 _____ C:\Users\v\Desktop\10000000_354417472949762_817613097326390010_n.mp4
2021-07-03 23:17 - 2021-07-03 23:17 - 007493601 _____ C:\Users\v\Downloads\WhatsApp Video 2021-07-03 at 17.17.46.mp4
2021-07-03 16:55 - 2021-07-03 16:55 - 005195349 _____ C:\Users\v\Downloads\WhatsApp Video 2021-07-03 at 16.47.21.mp4
2021-07-02 03:14 - 2021-07-05 23:42 - 000000000 ____D C:\ProgramData\Mozilla
2021-07-02 03:14 - 2021-07-02 03:14 - 000332984 _____ (Mozilla) C:\Users\v\Downloads\Firefox Installer (2).exe
2021-07-02 03:14 - 2021-07-02 03:14 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-07-02 02:54 - 2021-07-02 02:54 - 000000000 ____D C:\Users\v\Desktop\New folder (4)
2021-07-01 02:58 - 2021-07-01 02:59 - 070858912 _____ (Discord Inc.) C:\Users\v\Downloads\DiscordSetup.exe
2021-06-30 00:17 - 2021-06-30 00:17 - 000000000 ____D C:\Users\v\AppData\Local\CAPCOM
2021-06-30 00:16 - 2021-06-30 00:16 - 000000000 ____D C:\Users\Public\Documents\Steam
2021-06-30 00:16 - 2021-06-30 00:16 - 000000000 ____D C:\ProgramData\Documents\Steam
2021-06-30 00:15 - 2021-06-30 00:15 - 000000000 ____D C:\Users\v\AppData\LocalLow\Rival Games Ltd
2021-06-29 23:42 - 2021-06-29 23:42 - 000000000 ____D C:\Users\v\AppData\Roaming\NVIDIA
2021-06-29 23:26 - 2021-06-29 23:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2021-06-29 23:19 - 2021-06-29 23:19 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2021-06-29 23:19 - 2018-01-24 03:19 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2021-06-29 23:19 - 2018-01-24 02:11 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2021-06-29 23:19 - 2018-01-24 01:57 - 005950024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2021-06-29 23:19 - 2018-01-24 01:57 - 002589168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2021-06-29 23:19 - 2018-01-24 01:57 - 001766288 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2021-06-29 23:19 - 2018-01-24 01:57 - 000633328 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2021-06-29 23:19 - 2018-01-24 01:57 - 000450352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2021-06-29 23:19 - 2018-01-24 01:57 - 000122768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2021-06-29 23:19 - 2018-01-24 01:57 - 000082744 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2021-06-29 23:19 - 2018-01-24 01:42 - 000137712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2021-06-29 23:19 - 2018-01-22 08:46 - 007947791 _____ C:\Windows\system32\nvcoproc.bin
2021-06-29 23:19 - 2017-11-02 23:15 - 000928568 _____ C:\Windows\system32\vulkan-1.dll
2021-06-29 23:19 - 2017-11-02 23:15 - 000798520 _____ C:\Windows\SysWOW64\vulkan-1.dll
2021-06-29 23:19 - 2017-11-02 23:15 - 000490808 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2021-06-29 23:19 - 2017-11-02 23:14 - 000591672 _____ C:\Windows\system32\vulkaninfo.exe
2021-06-29 23:18 - 2021-06-29 23:18 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2021-06-29 23:18 - 2018-01-24 03:19 - 000532976 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2021-06-29 23:18 - 2018-01-24 03:19 - 000438768 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 040269808 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 035359216 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 035180016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 027940336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 022583576 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 019795824 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 019686704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 018738544 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 017309584 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2021-06-29 23:17 - 2018-01-24 03:19 - 016450056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 015415776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 013444552 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 012842984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 011026080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 010900432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 004376344 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 003904496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 003874544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 003433776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 001976120 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439077.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 001682288 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 001673616 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439077.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 001134768 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 001125872 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 001054280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 000987960 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 000939312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 000885680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 000492048 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 000407248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 000226760 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2021-06-29 23:17 - 2018-01-24 03:19 - 000171712 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 000154208 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 000149736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 000132256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 000045600 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2021-06-29 23:17 - 2018-01-24 03:19 - 000045511 _____ C:\Windows\system32\nvinfo.pb
2021-06-29 23:17 - 2018-01-24 03:19 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2021-06-29 23:17 - 2018-01-24 03:19 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2021-06-29 23:15 - 2021-06-29 23:15 - 000000000 ____D C:\NVIDIA
2021-06-29 22:40 - 2021-06-29 22:40 - 000000000 ____D C:\Windows\system32\appmgmt
2021-06-29 22:38 - 2021-06-29 22:38 - 000000000 ____D C:\Users\v\AppData\Local\SKIDROW
2021-06-29 22:38 - 2021-06-29 22:38 - 000000000 ____D C:\Users\v\AppData\Local\Risen2
2021-06-29 22:34 - 2021-06-29 22:34 - 000000984 _____ C:\Users\Public\Desktop\Risen 2 Dark Waters.lnk
2021-06-29 22:34 - 2021-06-29 22:34 - 000000984 _____ C:\ProgramData\Desktop\Risen 2 Dark Waters.lnk
2021-06-29 22:34 - 2021-06-29 22:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver
2021-06-29 22:25 - 2021-06-29 22:25 - 000000796 _____ C:\Users\v\Desktop\Thief of Thieves Season One.lnk
2021-06-29 22:25 - 2021-06-29 22:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thief of Thieves Season One
2021-06-29 21:50 - 2021-06-29 21:50 - 000000813 _____ C:\Users\v\Desktop\Ultimate Marvel vs. Capcom 3.lnk
2021-06-29 21:50 - 2021-06-29 21:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultimate Marvel vs. Capcom 3
2021-06-29 21:42 - 2021-06-29 21:43 - 000033104 _____ C:\Users\v\Downloads\Thief.of.Thieves.Season.One-CODEX.torrent
2021-06-29 19:57 - 2021-06-29 19:57 - 000330350 _____ C:\Users\v\Downloads\Dragon.Ball.Z.Kakarot-CODEX.torrent
2021-06-29 19:53 - 2021-06-29 19:53 - 000100266 _____ C:\Users\v\Downloads\Ultimate.Marvel.vs.Capcom.3-CODEX.torrent
2021-06-29 14:52 - 2021-06-29 14:52 - 000022182 _____ C:\Users\v\Downloads\GUILTY.GEAR.STRIVE-FLT.torrent
2021-06-29 13:26 - 2021-06-29 13:26 - 002158370 _____ C:\Users\v\Downloads\12 Jacket (3mm Spine) [GDOB-30H3-007].zip
2021-06-29 13:24 - 2021-06-29 13:24 - 001912136 _____ C:\Users\v\Downloads\12 Label [GD30E].zip
2021-06-29 13:23 - 2021-06-29 13:23 - 000451899 _____ C:\Users\v\Downloads\12inch_Labels.pdf
2021-06-29 13:23 - 2021-06-29 13:23 - 000444047 _____ C:\Users\v\Downloads\12inch_PictureDisc.pdf
2021-06-29 13:23 - 2021-06-29 13:23 - 000056760 _____ C:\Users\v\Downloads\12inch_Jacket.pdf
2021-06-29 10:07 - 2021-06-29 10:07 - 000249552 _____ C:\Users\v\Downloads\Street.Fighter.V.Champion.Edition.Season.5-CODEX.torrent
2021-06-29 10:05 - 2021-06-29 10:05 - 000130818 _____ C:\Users\v\Downloads\TEKKEN.7.Ultimate.Edition-CODEX.torrent
2021-06-29 10:04 - 2021-06-29 10:04 - 000026726 _____ C:\Users\v\Downloads\Dragon.Ball.FighterZ-CODEX (1).torrent
2021-06-29 10:02 - 2021-06-29 10:02 - 000026726 _____ C:\Users\v\Downloads\Dragon.Ball.FighterZ-CODEX.torrent
2021-06-28 16:56 - 2021-07-01 16:40 - 000000000 ____D C:\Users\v\Desktop\ultima amenintare
2021-06-27 21:45 - 2021-06-28 16:50 - 000002171 _____ C:\Users\v\Desktop\dlscrib.com-pdf-dmitry-nicolaevici-fonareff-metacontactpdf-dl_1887dd30abef74d76e11738cb0700c90 - Shortcut.lnk
2021-06-27 21:45 - 2021-06-27 21:45 - 005441205 _____ C:\Users\v\Downloads\dlscrib.com-pdf-dmitry-nicolaevici-fonareff-metacontactpdf-dl_1887dd30abef74d76e11738cb0700c90.pdf
2021-06-27 04:00 - 2021-06-27 04:00 - 003453311 _____ C:\Users\v\Desktop\Czerniowice 1902_03 Spr. 26.pdf
2021-06-26 18:32 - 2021-06-26 18:32 - 000016286 _____ C:\Users\v\Downloads\LNSB_0064417 (1).pdf
2021-06-26 18:29 - 2021-06-26 18:29 - 000016286 _____ C:\Users\v\Downloads\LNSB_0064417.pdf
2021-06-26 18:28 - 2021-06-26 18:28 - 000014839 _____ C:\Users\v\Downloads\LNSB_0081206.pdf
2021-06-26 18:28 - 2021-06-26 18:28 - 000014299 _____ C:\Users\v\Downloads\LNSB_0064509.pdf
2021-06-26 18:28 - 2021-06-26 18:28 - 000014291 _____ C:\Users\v\Downloads\LNSB_0064510.pdf
2021-06-26 18:28 - 2021-06-26 18:28 - 000014284 _____ C:\Users\v\Downloads\LNSB_0069967.pdf
2021-06-26 18:04 - 2021-06-26 18:04 - 000642993 _____ C:\Users\v\Downloads\video-1624365862.mp4
2021-06-24 20:17 - 2021-06-24 20:17 - 000000000 ____D C:\Users\v\Desktop\New folder (3)
2021-06-24 16:32 - 2021-06-24 16:32 - 000332984 _____ (Mozilla) C:\Users\v\Downloads\Firefox Installer (1).exe
2021-06-24 16:31 - 2021-07-05 23:41 - 000000000 ____D C:\Users\v\AppData\LocalLow\Mozilla
2021-06-24 16:31 - 2021-07-02 03:14 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-06-24 16:31 - 2021-07-02 03:14 - 000000924 _____ C:\Users\Public\Desktop\Firefox.lnk
2021-06-24 16:31 - 2021-07-02 03:14 - 000000924 _____ C:\ProgramData\Desktop\Firefox.lnk
2021-06-24 16:31 - 2021-06-24 16:31 - 000000000 ____D C:\Users\v\AppData\Roaming\Mozilla
2021-06-24 16:31 - 2021-06-24 16:31 - 000000000 ____D C:\Users\v\AppData\Local\Mozilla
2021-06-24 16:30 - 2021-07-02 11:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-06-24 16:30 - 2021-07-02 03:14 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-06-24 16:30 - 2021-06-24 16:30 - 000332984 _____ (Mozilla) C:\Users\v\Downloads\Firefox Installer.exe
2021-06-22 22:14 - 2021-06-23 19:38 - 000000000 ____D C:\Users\v\Desktop\newart
2021-06-22 21:42 - 2021-06-22 21:42 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2021-06-21 16:39 - 2021-06-29 13:01 - 000000000 ____D C:\Users\v\Desktop\New folder (2)
2021-06-21 00:52 - 2021-06-25 21:25 - 000000000 ____D C:\Users\v\Desktop\New folder
2021-06-21 00:01 - 2021-06-21 00:01 - 000324139 _____ C:\Users\v\Downloads\Prezentare2.pdf
2021-06-19 18:02 - 2021-06-19 18:03 - 000000000 ____D C:\Users\v\Desktop\serpent
2021-06-13 21:55 - 2021-06-13 21:55 - 008698255 _____ C:\Users\v\Desktop\Saga of the Jomsvikings.pdf
2021-06-11 13:35 - 2021-07-06 13:19 - 000000000 ___HD C:\Users\v\Downloads\.opera
2021-06-11 13:35 - 2021-07-06 13:19 - 000000000 ___HD C:\Users\v\.opera
2021-06-11 01:15 - 2021-06-12 22:13 - 000001168 _____ C:\Users\v\Desktop\Hidden Process Finder.lnk
2021-06-11 01:15 - 2021-06-11 01:15 - 001373264 _____ (NoVirusThanks Company Srl ) C:\Users\v\Downloads\hidden_process_finder_setup.exe
2021-06-11 01:15 - 2021-06-11 01:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoVirusThanks
2021-06-11 01:15 - 2021-06-11 01:15 - 000000000 ____D C:\Program Files\NoVirusThanks
2021-06-06 13:02 - 2021-06-06 13:02 - 000004076 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1622973752
2021-06-06 13:02 - 2021-06-06 13:02 - 000003924 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1622973751
2021-06-06 13:02 - 2021-06-06 13:02 - 000000601 _____ C:\Users\v\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2021-06-06 13:02 - 2021-06-06 13:02 - 000000000 ____D C:\Users\v\AppData\Local\Opera Software
2021-06-06 13:01 - 2021-06-06 13:01 - 000000000 ____D C:\Users\v\AppData\Roaming\Opera Software
2021-06-06 12:59 - 2021-06-06 12:59 - 002573568 _____ (Opera Software) C:\Users\v\Downloads\OperaSetup.exe
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-07-06 13:43 - 2021-06-02 04:39 - 000054234 _____ C:\Windows\ZAM.krnl.trace
2021-07-06 13:43 - 2021-06-02 04:39 - 000029749 _____ C:\Windows\ZAM_Guard.krnl.trace
2021-07-06 13:14 - 2009-07-14 08:13 - 000713888 _____ C:\Windows\system32\PerfStringBackup.INI
2021-07-06 13:14 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
2021-07-06 13:13 - 2009-07-14 07:45 - 000014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-07-06 13:13 - 2009-07-14 07:45 - 000014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-07-06 13:09 - 2021-06-04 18:09 - 000000000 ____D C:\Users\v\AppData\Roaming\uTorrent
2021-07-06 13:08 - 2021-06-01 19:21 - 000000000 ____D C:\ProgramData\NVIDIA
2021-07-06 13:08 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-07-05 23:16 - 2021-06-01 22:05 - 000000000 ____D C:\Users\v\AppData\Local\CrashDumps
2021-07-05 12:33 - 2021-06-01 19:22 - 000000000 ____D C:\Users\v\AppData\Local\ElevatedDiagnostics
2021-07-04 02:14 - 2021-06-01 19:31 - 000000000 ____D C:\Users\v\AppData\Roaming\vlc
2021-07-04 01:20 - 2021-05-29 10:39 - 000000000 ____D C:\Users\v
2021-07-04 01:18 - 2021-06-05 15:09 - 000000000 ____D C:\Users\v\AppData\Roaming\Adobe
2021-07-02 02:57 - 2021-06-05 15:19 - 000000000 ____D C:\Users\v\AppData\Local\NVIDIA
2021-06-29 23:19 - 2021-06-01 19:21 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-06-29 23:19 - 2021-06-01 19:20 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-06-29 23:19 - 2021-06-01 19:17 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-06-29 23:19 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\Help
2021-06-29 23:02 - 2021-06-02 03:45 - 000000000 ___HD C:\Users\v\Desktop\Daniel davis assasin
2021-06-29 22:32 - 2021-06-02 04:14 - 000000000 ___HD C:\Probe si intamplari
2021-06-29 21:43 - 2021-06-04 18:12 - 000000000 ___SD C:\Users\v\AppData\LocalLow\Temp
2021-06-29 19:39 - 2021-06-01 19:20 - 000000000 ____D C:\ProgramData\Package Cache
2021-06-28 16:47 - 2021-06-01 19:46 - 000000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2021-06-26 18:25 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\system32\NDF
2021-06-25 21:27 - 2021-06-05 21:10 - 000000000 ____D C:\Users\v\Desktop\pozne
2021-06-25 04:08 - 2021-06-02 04:56 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-06-25 04:08 - 2021-06-02 04:56 - 000002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-06-25 04:08 - 2021-06-02 04:56 - 000002129 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-06-24 16:05 - 2021-06-02 04:38 - 000003892 _____ C:\Windows\system32\Tasks\TR_Updater
2021-06-24 16:05 - 2021-06-02 04:38 - 000000000 ____D C:\Program Files (x86)\Trojan Remover
2021-06-08 21:58 - 2021-06-05 14:09 - 000000000 ____D C:\Users\v\Desktop\tatau
2021-06-07 13:28 - 2021-06-02 05:01 - 000000000 ____D C:\Users\v\AppData\Local\Adobe
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2021-07-01 02:31
==================== End of FRST.txt ========================
 
 
ADDITION :
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2021
Ran by v (06-07-2021 13:43:56)
Running from C:\Users\v\Downloads
Windows 7 Ultimate (X64) (2021-05-29 07:34:48)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-135735136-4288442710-2493696898-500 - Administrator - Disabled)
Guest (S-1-5-21-135735136-4288442710-2493696898-501 - Limited - Disabled)
v (S-1-5-21-135735136-4288442710-2493696898-1000 - Administrator - Enabled) => C:\Users\v
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-135735136-4288442710-2493696898-1000\...\uTorrent) (Version: 3.5.5.45988 - BitTorrent Inc.)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
AIDA64 Extreme v6.33 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 6.33 - FinalWire Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.124 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - )
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: 5.70 - Janos Mathe)
Java 8 Update 291 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180291F0}) (Version: 8.0.2910.10 - Oracle Corporation)
MalwareFox AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Wolf of Webstreet OPC Private Limited)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movavi Video Editor Plus 2021 (HKU\S-1-5-21-135735136-4288442710-2493696898-1000\...\Movavi Video Editor Plus 2021) (Version: 21.3.0 - Movavi)
Mozilla Firefox 89.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 89.0.2 (x64 en-US)) (Version: 89.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 89.0.2 - Mozilla)
NoVirusThanks Hidden Process Finder v1.1 (HKLM\...\NoVirusThanks Hidden Process Finder_is1) (Version: 1.1.0.0 - NoVirusThanks Company Srl)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 390.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 390.77 - NVIDIA Corporation)
NVIDIA Graphics Driver 390.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 390.77 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Opera Stable 76.0.4017.177 (HKU\S-1-5-21-135735136-4288442710-2493696898-1000\...\Opera 76.0.4017.177) (Version: 76.0.4017.177 - Opera Software)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8382 - Realtek Semiconductor Corp.)
Risen 2 Dark Waters (HKLM-x32\...\Risen 2 Dark Waters_is1) (Version:  - )
Thief of Thieves Season One (HKLM-x32\...\Thief of Thieves Season One_is1) (Version:  - )
Trojan Remover (HKLM-x32\...\Trojan Remover_is1) (Version:  - Simply Super Software)
Ultimate Marvel vs. Capcom 3 (HKLM-x32\...\Ultimate Marvel vs. Capcom 3_is1) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.14 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.8  - Winamp SA)
WinRAR 6.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.01.0 - win.rar GmbH)
Wondershare Video Editor(Build 4.6.0) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6723984 2010-01-22] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-01-22] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\MalwareFox AntiMalware\ZAMShellExt64.dll [2021-06-02] (Zemana Ltd. -> )
ContextMenuHandlers1: [Trojan Remover] -> {52B87208-9CCF-42C9-B88E-069281105805} => C:\Program Files (x86)\Trojan Remover\Trshlex64.dll [2018-10-25] (Simply Super Software -> Simply Super Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal) [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal) [File not signed]
ContextMenuHandlers2: [Trojan Remover] -> {52B87208-9CCF-42C9-B88E-069281105805} => C:\Program Files (x86)\Trojan Remover\Trshlex64.dll [2018-10-25] (Simply Super Software -> Simply Super Software)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-01-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\MalwareFox AntiMalware\ZAMShellExt64.dll [2021-06-02] (Zemana Ltd. -> )
ContextMenuHandlers6: [Trojan Remover] -> {52B87208-9CCF-42C9-B88E-069281105805} => C:\Program Files (x86)\Trojan Remover\Trshlex64.dll [2018-10-25] (Simply Super Software -> Simply Super Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal) [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal) [File not signed]
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2021-06-02 04:52 - 2014-05-20 03:19 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2021-06-02 04:52 - 2014-07-09 22:01 - 001459712 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2021-06-29 23:19 - 2018-01-24 01:42 - 000877440 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2021-06-29 23:19 - 2018-01-24 01:42 - 000343912 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
2021-06-02 04:35 - 2021-04-07 17:39 - 000571544 _____ (win.rar GmbH -> Alexander Roshal) [File not signed] C:\Program Files\WinRAR\rarext.dll
2021-06-02 04:52 - 2014-07-09 22:03 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [141]
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Version 8) (Whitelisted) ==========
 
HKU\S-1-5-21-135735136-4288442710-2493696898-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://www.msn.com/en-xl/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_291\bin\ssv.dll [2021-06-02] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_291\bin\jp2ssv.dll [2021-06-02] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 05:34 - 2009-06-11 00:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-135735136-4288442710-2493696898-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\v\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 193.231.252.1 - 213.154.124.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{92DB8FB5-D2A8-4987-A372-E9C9219AD348}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{BB7593C3-2ED4-4E56-90DA-AA513D0B6D03}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{278ED19B-6D6C-45AC-B2BF-C9CF18D11643}] => (Allow) C:\Users\v\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) [File not signed]
FirewallRules: [{0925B7CB-9624-489F-8CFE-5B017690F075}] => (Allow) C:\Users\v\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) [File not signed]
FirewallRules: [{44F03367-ECDE-4062-9B52-70683CF1350D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{234BF280-E73E-4F41-A23A-44D181C01EB1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A710DD82-3077-4BA5-8183-5009336B7321}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled (Total:34.08 GB) (Free:0.57 GB) (2%)
 
==================== Faulty Device Manager Devices ============
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (07/06/2021 01:42:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.
 
Error: (07/06/2021 01:42:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.
 
Error: (07/06/2021 01:42:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.
 
Error: (07/06/2021 01:42:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.
 
Error: (07/06/2021 01:42:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.
 
Error: (07/06/2021 01:42:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.
 
Error: (07/06/2021 01:42:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.
 
Error: (07/06/2021 01:42:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.
 
 
System errors:
=============
Error: (07/06/2021 01:41:27 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (07/06/2021 01:41:26 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (07/06/2021 01:41:26 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (07/06/2021 01:41:02 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (07/06/2021 01:41:02 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (07/06/2021 01:41:02 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (07/06/2021 01:09:11 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (07/06/2021 01:09:11 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. V1.9 01/10/2013
Motherboard: MSI H61M-P20 (G3) (MS-7788)
Processor: Intel® Celeron® CPU G1620 @ 2.70GHz
Percentage of memory in use: 75%
Total physical RAM: 8157.95 MB
Available physical RAM: 1999.05 MB
Total Virtual: 16314.05 MB
Available Virtual: 9312.03 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:34.08 GB) (Free:0.57 GB) NTFS
Drive s: (New Volume) (Fixed) (Total:198.7 GB) (Free:4.68 GB) NTFS
 
\\?\Volume{e666d49a-c04f-11eb-984c-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: BB43FBDB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=34.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=198.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================
 
 
 
 
 
 
 
what else tool to scan now ?

 

 


BC AdBot (Login to Remove)

 

#2 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 61,964 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:58 AM

Posted 07 July 2021 - 08:34 AM

Greetings SadhuSaddhi and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
  • It is important to not run any tools or take any steps other than those I will provide for you.
  • Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
  • Please copy and paste all logs into your post unless otherwise requested.
  • When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
  • If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Thank you for your patience thus far.

Please allow me some time to review your reports.
Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#3 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 61,964 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:58 AM

Posted 07 July 2021 - 01:35 PM

There is no evidence of malicious software on your computer so no "deeper" scan is necessary. However, I would caution you regarding torrent downloads.

Regarding your router, if you are concerned about it being compromised you should do a factory reset of the device.
Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#4 SadhuSaddhi

SadhuSaddhi
  • Topic Starter

  • Avatar image
  • Members
  • 25 posts
  • OFFLINE
    •  
  • Local time:05:58 PM

Posted 07 July 2021 - 03:17 PM

There is no evidence of malicious software on your computer so no "deeper" scan is necessary. However, I would caution you regarding torrent downloads.

Regarding your router, if you are concerned about it being compromised you should do a factory reset of the device.

 

 

I did, still they connect somehow to my info, I insist can we check something else at pc ? thanks


#5 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 61,964 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:58 AM

Posted 07 July 2021 - 07:02 PM

What evidence do you have that someone is connecting to your information other than your concern about passwords?
Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#6 SadhuSaddhi

SadhuSaddhi
  • Topic Starter

  • Avatar image
  • Members
  • 25 posts
  • OFFLINE
    •  
  • Local time:05:58 PM

Posted 08 July 2021 - 04:59 AM

Lots. 
 
This if it may not be the router it surely is the phone. Do you know any area of the site where the phone can be tested like this, or any way to test the phone for hijack / stingray ? 
 
I suspect  stingray 100%
 
as snowden states here **link removed*** , question is how to test for  this things on a phone ?

Edited by Oh My!, 08 July 2021 - 08:16 AM.

#7 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 61,964 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:58 AM

Posted 08 July 2021 - 08:22 AM

You can visit our Tablets & Mobile Devices Forum although I am not sure how much they can help. Depending on your phone, there are Apps available to assist in detection.
Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#8 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 61,964 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:58 AM

Posted 09 July 2021 - 09:39 AM

Are we all set?
Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#9 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 61,964 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:58 AM

Posted 12 July 2021 - 09:40 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come
Back to Virus, Trojan, Spyware, and Malware Removal Help


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer Forums
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·