[SOLVED] Windows Defender can't change some of your settings. Error code (0x8007045b)

Status
Not open for further replies.
Great! The screenshot shows that now you have activated your system with a Retail license.

Let's now see fresh FRST logs and clean the system.
 
Thank you. I'll need some time to review the logs, and be back as soon as I am ready.

In the meantime...

Please, adhere to the guidelines below, and have them in mind during the cleaning procedure.

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
Hi, Mikuro.

Let's begin.

First, please move the FRST tool directly on to the Desktop.

After that...


1. Uninstall programs

Java

There are very few reasons these days to continue having Java installed on your computer. However, if you do elect to keep Java, it needs to be updated to the latest version which you can find here: Java SE Runtime Environment 8 - Downloads. For now, just uninstall the old version of Java you have installed: Java 8 Update 161 (64-bit)

Tweaking.com - Windows Repair
The tool seems to create issues sometimes, like messing up the registry, Windows Defender or system's files. Although I used it many times before, with good results, I would recommend you to uninstall it now.


2. P2P programs

You have uTorrent Web installed in your computer. This is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again. But it is your computer and of course your decision.
  • If you decide to keep it, DON'T use it during the cleaning procedure.
  • If you decide to uninstall it, uninstall it now.

3. Fresh FRST logs

Please run FRST tool and let me check fresh logs, FRST and Addition.


In your next reply please post:
  1. If you successfully uninstalled Java and Tweaking.com
  2. What did you do with P2P program
  3. Fresh logs, Addition and FRST
 
1. I successfully uninstalled both Java and Tweaking.com
2. I haven't utilized the uTorrent Web, I saw that it was installed last April 4, maybe it was installed after I reinstalled Windows? (I uninstalled it also)
3. Here are the logs
 

Attachments

Great. I'll need a couple of hours to review your logs.
 
Instructions:


1. Chrome extensions

Remove the following extensions from ALL your Chrome profiles:

Torrent Scanner
Safe Torrent Scanner


2. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
AV: ESET NOD32 Antivirus 8.0 (Enabled - Out of date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Out of date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
AVG Update Helper (HKLM-x32\...\{EDB7AEE7-E932-4836-AE50-D3B0B7766CB5}) (Version: 1.8.1650.5 - AVG Technologies) Hidden
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [25562]
AlternateDataStreams: C:\ProgramData\nyuhbnxq.dbn:145DF464BB [25562]
AlternateDataStreams: C:\ProgramData\Reprise:jhqduwvxlctbqqijsf`usjbm`bfjhiqhqjm [0]
AlternateDataStreams: C:\ProgramData\sokqucqi.nri:CFEA2D0235 [25562]
AlternateDataStreams: C:\ProgramData\WnHqYU0nH4:D39ABDACE2 [25562]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro 2020.lnk:E07F759D69 [25562]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FACEIT AC.lnk:550995E265 [25562]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firmware updater for DualSenseâ„¢ wireless controller.lnk:984BC2B727 [25562]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GenoPro.lnk:1141CB85E9 [25562]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk:8096E45125 [25562]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk:C5D586BE93 [25562]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk:B4E9412B98 [25562]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [25562]
AlternateDataStreams: C:\Users\Public\AppData:CSM [484]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [472]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-3547755248-1387451383-3285540090-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3547755248-1387451383-3285540090-1001\...\StartupApproved\Run: => "utweb"
FirewallRules: [{BCE7EA8E-BF82-4E65-9E3C-DAA780A5B417}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.77\msedgewebview2.exe => No File
FirewallRules: [{1CA75743-38B4-42C1-A955-0D9A7E1A414F}] => (Allow) C:\Program Files (x86)\EaseUS\Fixo\Fixo.exe => No File
FirewallRules: [{5A2579FD-6464-4A25-9EC3-569D7CA76127}] => (Allow) D:\Superposition Benchmark\bin\superposition.exe => No File
FirewallRules: [{6B7A98D9-20B3-4909-A637-91707171A8B0}] => (Allow) D:\Superposition Benchmark\bin\superposition.exe => No File
FirewallRules: [{F22B9470-FD02-4E5C-8668-E98136DCB984}] => (Allow) D:\Superposition Benchmark\bin\launcher.exe => No File
FirewallRules: [{AA0B0E2B-0317-4A60-9485-E6F7C624271D}] => (Allow) D:\Superposition Benchmark\bin\launcher.exe => No File
FirewallRules: [{B92A5D55-9058-44DD-8167-95D7FB9D6907}] => (Block) D:\Random downloads\overwolf\0.236.2.2\OverwolfBrowser.exe => No File
FirewallRules: [{88EEA7EA-5D4E-40A9-A8C2-8CF2AD5C9D69}] => (Block) D:\Random downloads\overwolf\0.236.2.2\OverwolfBrowser.exe => No File
FirewallRules: [{D2061658-4205-4BA3-B45E-5EA77139789E}] => (Allow) D:\Random downloads\overwolf\0.236.2.2\OverwolfBrowser.exe => No File
FirewallRules: [{092F863E-945E-4909-AACE-20B87F538C47}] => (Allow) D:\Random downloads\overwolf\0.236.2.2\OverwolfBrowser.exe => No File
FirewallRules: [{6A5E83CD-3DEB-4CDB-9F0A-A221EE9F642D}] => (Block) D:\epic games\fortinitee\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [{49FCDCD8-82A5-484B-A877-866C53F74B63}] => (Block) D:\epic games\fortinitee\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [UDP Query User{F72E0A71-40FC-4488-9F40-9240076DA75E}D:\epic games\fortinitee\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\epic games\fortinitee\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{3918F741-B120-46F9-93F0-93137AA3FBE8}D:\epic games\fortinitee\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\epic games\fortinitee\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [{EF0749BA-A600-476D-B226-C9097F4E5DB3}] => (Block) C:\users\jacen\appdata\local\vortxengine\app-2.2.32\signal-x64\signalrgb.exe => No File
FirewallRules: [{31AC8001-6F93-4DED-9CE1-E696776D7ACC}] => (Block) C:\users\jacen\appdata\local\vortxengine\app-2.2.32\signal-x64\signalrgb.exe => No File
FirewallRules: [UDP Query User{8001CA06-9B08-4AE9-8ABE-9CB35F21B4DD}C:\users\jacen\appdata\local\vortxengine\app-2.2.32\signal-x64\signalrgb.exe] => (Allow) C:\users\jacen\appdata\local\vortxengine\app-2.2.32\signal-x64\signalrgb.exe => No File
FirewallRules: [TCP Query User{4DCD0D35-E4F4-4916-91C7-A1052291139E}C:\users\jacen\appdata\local\vortxengine\app-2.2.32\signal-x64\signalrgb.exe] => (Allow) C:\users\jacen\appdata\local\vortxengine\app-2.2.32\signal-x64\signalrgb.exe => No File
FirewallRules: [{157ADA07-8742-4EE5-BF98-E1BDD433D3AC}] => (Block) C:\users\jacen\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [{F1CE4D8A-CFCB-455D-A00C-729E3F5FEA7B}] => (Block) C:\users\jacen\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [UDP Query User{B64D874B-A6BB-4AEB-9418-0943C517CD87}C:\users\jacen\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\jacen\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [TCP Query User{B6A409E2-958D-46C2-BD4F-D7DF766F63E0}C:\users\jacen\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\jacen\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [{1F9982F7-1937-42EB-AFA6-0062E1CBDF50}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{3D38436D-6C1D-4A8F-9EB7-8B40F59520A1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{28EAB2C7-8864-4563-B467-11F4553B759F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{787B4C3B-2957-4E94-AD1C-AAD3B97405F4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{C339CA52-AC49-4FB5-A56B-0601C7877A95}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe => No File
FirewallRules: [{CEBEA4D8-9705-4630-A526-5EF144F9BAC4}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{5E7D08D8-4B22-4046-B162-54659F27357F}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{D225CB3A-2161-4E60-8CC8-95D88B236555}] => (Allow) C:\Users\Jacen\Steam\steam.exe => No File
FirewallRules: [{655C1283-AC0D-4A2B-8081-2E5E20D36195}] => (Allow) C:\Users\Jacen\Steam\steam.exe => No File
FirewallRules: [{AFE9FD83-E49C-4BB8-8745-AEB30C689524}] => (Allow) C:\Users\Jacen\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{C85EC1F2-A871-4F56-9831-1AD2F8759E29}] => (Allow) C:\Users\Jacen\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{4A07F13F-2E6E-4C2F-892D-85CB6F164D99}] => (Allow) E:\SteamLibrary\steamapps\common\Super Hexagon\superhexagon.exe => No File
FirewallRules: [{9F12734D-978A-4726-A948-D63C2555F341}] => (Allow) E:\SteamLibrary\steamapps\common\Super Hexagon\superhexagon.exe => No File
FirewallRules: [{FE7EE270-132C-475D-9486-C9BB6B2AAE60}] => (Allow) E:\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe => No File
FirewallRules: [{B1FA987A-BBB9-44B2-B56A-C85D7A8303E7}] => (Allow) E:\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe => No File
FirewallRules: [TCP Query User{D7A16691-D139-4CD9-9521-69B260B609D1}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe => No File
FirewallRules: [UDP Query User{0FD00DA5-9510-47D3-B171-63A9B2EF04D2}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe => No File
FirewallRules: [{C4C4710C-E8BB-4B92-8BCE-89BCE39633F7}] => (Allow) F:\Desktop  Data\SteamLibrary\steamapps\common\ForzaHorizon5\ForzaHorizon5.exe => No File
FirewallRules: [{9CB9F478-7D64-4CB7-A7D7-81AF07EFB311}] => (Allow) F:\Desktop  Data\SteamLibrary\steamapps\common\ForzaHorizon5\ForzaHorizon5.exe => No File
FirewallRules: [{C7B72B43-0BA2-4FC7-9A19-5576F7BDEF9C}] => (Allow) F:\Desktop  Data\SteamLibrary\steamapps\common\Crab Game\Crab Game.exe => No File
FirewallRules: [{B672126D-C748-41C2-90F7-28229C75C1B4}] => (Allow) F:\Desktop  Data\SteamLibrary\steamapps\common\Crab Game\Crab Game.exe => No File
FirewallRules: [{54ADE69A-D32D-492E-AC56-2211BF34A965}] => (Allow) F:\Desktop  Data\SteamLibrary\steamapps\common\Among Us\Among Us.exe => No File
FirewallRules: [{0C820FFE-E937-4226-9181-9240E8533057}] => (Allow) F:\Desktop  Data\SteamLibrary\steamapps\common\Among Us\Among Us.exe => No File
FirewallRules: [{C7562C34-A7EC-4F36-9A8C-76BD81649E71}] => (Allow) E:\SteamLibrary\steamapps\common\wallpaper_engine\bin\ui32.exe => No File
FirewallRules: [{A6827B01-27BB-4710-9BFE-EFC4976F5EAB}] => (Allow) E:\SteamLibrary\steamapps\common\wallpaper_engine\bin\ui32.exe => No File
FirewallRules: [{1C8392C9-E3DE-47F5-8CBC-7CD46046CFCF}] => (Allow) C:\Users\Jacen\AppData\Roaming\uTorrent Web\utweb.exe => No File
FirewallRules: [{8AFEAFAD-66C6-4974-A5C4-0E170B624DA6}] => (Allow) C:\Users\Jacen\AppData\Roaming\uTorrent Web\utweb.exe => No File
FirewallRules: [TCP Query User{383F83A6-38F9-492D-A905-050680CCE9C8}C:\users\jacen\appdata\local\softdeluxe\free download manager\fdm.exe] => (Allow) C:\users\jacen\appdata\local\softdeluxe\free download manager\fdm.exe => No File
FirewallRules: [UDP Query User{F3A82CBA-46B5-4AA0-8F22-2CBA81195FD8}C:\users\jacen\appdata\local\softdeluxe\free download manager\fdm.exe] => (Allow) C:\users\jacen\appdata\local\softdeluxe\free download manager\fdm.exe => No File
FirewallRules: [{EED83371-FA8D-4E41-8AF1-824FE4EB1BEA}] => (Allow) C:\Users\Jacen\AppData\Local\Programs\Opera\82.0.4227.23\opera.exe => No File
FirewallRules: [TCP Query User{AAE88961-82AB-4753-ACCE-69C94956560E}C:\users\jacen\appdata\local\softdeluxe\free download manager\fdm.exe] => (Allow) C:\users\jacen\appdata\local\softdeluxe\free download manager\fdm.exe => No File
FirewallRules: [UDP Query User{C993A702-D042-4551-910B-31DF18901599}C:\users\jacen\appdata\local\softdeluxe\free download manager\fdm.exe] => (Allow) C:\users\jacen\appdata\local\softdeluxe\free download manager\fdm.exe => No File
FirewallRules: [{EF3987CB-220E-4771-98DA-FDABAE2E3D41}] => (Allow) F:\Desktop  Data\SteamLibrary\steamapps\common\Devour\DEVOUR.exe => No File
FirewallRules: [{9699BF6C-E85E-4633-9ABD-F20292DF4144}] => (Allow) F:\Desktop  Data\SteamLibrary\steamapps\common\Devour\DEVOUR.exe => No File
FirewallRules: [{A201416B-6D24-46CA-B0EB-A391F9ED74F6}] => (Allow) E:\SteamLibrary\steamapps\common\Pacify\Pacify.exe => No File
FirewallRules: [{ACD2E75E-1F7E-45E6-A8D4-328396430ACE}] => (Allow) E:\SteamLibrary\steamapps\common\Pacify\Pacify.exe => No File
FirewallRules: [TCP Query User{9EB7AD7E-7B7B-4C1F-8FE8-FEE9B40D3972}C:\users\jacen\appdata\local\discord\app-1.0.9004\discord.exe] => (Allow) C:\users\jacen\appdata\local\discord\app-1.0.9004\discord.exe => No File
FirewallRules: [UDP Query User{7AABC6C7-1CF6-4FD2-8D24-39EBBBF41DB4}C:\users\jacen\appdata\local\discord\app-1.0.9004\discord.exe] => (Allow) C:\users\jacen\appdata\local\discord\app-1.0.9004\discord.exe => No File
FirewallRules: [{11F6062E-9EB3-4B00-B7C1-A85236AF469A}] => (Allow) C:\Riot Games\VALORANT\live\VALORANT.exe => No File
FirewallRules: [{48A01F73-E5EE-4482-AF91-0C6EEE76E8EC}] => (Allow) C:\Riot Games\VALORANT\live\VALORANT.exe => No File
FirewallRules: [{C33AE095-56CD-40AB-844D-E1FB5C95B204}] => (Allow) C:\Riot Games\VALORANT\live\VALORANT.exe => No File
FirewallRules: [{55D6125F-370A-4608-8D74-A1840563C535}] => (Allow) C:\Riot Games\VALORANT\live\VALORANT.exe => No File
FirewallRules: [TCP Query User{517D047D-C398-4782-AA99-2FB5D2F09591}F:\desktop  data\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) F:\desktop  data\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [UDP Query User{22A7B028-F99D-4E3C-BCFE-78B2DB4EF336}F:\desktop  data\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) F:\desktop  data\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [{262070E0-5999-431D-966F-374C927376D6}] => (Allow) F:\Desktop  Data\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe => No File
FirewallRules: [{A080C348-4E16-4A62-9BC5-BBB727F695E9}] => (Allow) F:\Desktop  Data\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe => No File
FirewallRules: [{006C5642-25F3-40C9-8D2A-1D807A73D5F3}] => (Allow) F:\Desktop  Data\SteamLibrary\steamapps\common\Poppy Playtime\PlaytimeLauncher\PlaytimeLauncher.exe => No File
FirewallRules: [{E240518B-96B4-46D5-B2BE-CC6ED69EC55D}] => (Allow) F:\Desktop  Data\SteamLibrary\steamapps\common\Poppy Playtime\PlaytimeLauncher\PlaytimeLauncher.exe => No File
FirewallRules: [{3DE5359E-BD97-4173-8635-03654E5E80C8}] => (Allow) F:\Desktop  Data\SteamLibrary\steamapps\common\Fall Guys\FallGuys_client.exe => No File
FirewallRules: [{63658D77-5800-4410-A347-61DBA4143A22}] => (Allow) F:\Desktop  Data\SteamLibrary\steamapps\common\Fall Guys\FallGuys_client.exe => No File
FirewallRules: [{AF6C32C2-4A96-49CF-8304-43DBD0E71B9E}] => (Allow) F:\Desktop  Data\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{31B698E3-493B-40A1-AC95-43841500F9F9}] => (Allow) F:\Desktop  Data\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [TCP Query User{73A79979-EF38-43E6-912F-E232017423A4}F:\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) F:\epic games\launcher\engine\binaries\win64\epicwebhelper.exe => No File
FirewallRules: [UDP Query User{44B23023-E1C1-4FC1-8912-8E61BE4881EB}F:\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) F:\epic games\launcher\engine\binaries\win64\epicwebhelper.exe => No File
FirewallRules: [{A95DC86E-F038-4EA4-9310-4A3B22781896}] => (Allow) F:\Desktop  Data\SteamLibrary\steamapps\common\Fall Guys\FallGuys_client_game.exe => No File
FirewallRules: [{F78EE9BB-909E-4B6F-AAC5-33DFD7F41DCD}] => (Allow) F:\Desktop  Data\SteamLibrary\steamapps\common\Fall Guys\FallGuys_client_game.exe => No File
FirewallRules: [{83D44C03-067E-4B51-AECA-88A0868A89B6}] => (Allow) E:\SteamLibrary\steamapps\common\wallpaper_engine\bin\diagnostics32.exe => No File
FirewallRules: [{DE8A629D-DFFD-46A3-883B-E2184407E4DA}] => (Allow) E:\SteamLibrary\steamapps\common\wallpaper_engine\bin\diagnostics32.exe => No File
FirewallRules: [{6687F109-5DEF-4C31-B446-12FB224EC301}] => (Allow) E:\SteamLibrary\steamapps\common\wallpaper_engine\bin\diagnostics32.exe => No File
FirewallRules: [{16EB2976-842A-450A-B8E4-E411CB801D0A}] => (Allow) E:\SteamLibrary\steamapps\common\wallpaper_engine\bin\diagnostics32.exe => No File
FirewallRules: [{808007CC-5A48-41B2-A530-835C3540DD41}] => (Allow) E:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe => No File
FirewallRules: [{829649F1-AE59-44A3-B927-EEC52143A9B2}] => (Allow) E:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe => No File
FirewallRules: [{E2B41EA6-3A38-4F94-A5FC-2E2B85A0F42D}] => (Allow) F:\Desktop  Data\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe => No File
FirewallRules: [{CFBBEC95-33D3-4D74-9170-93CC58214DB8}] => (Allow) F:\Desktop  Data\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe => No File
FirewallRules: [{9E1BF34B-EA56-48CD-B460-3E671FD8D99D}] => (Allow) C:\Users\Jacen\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{4D323F11-6923-43E1-A10C-CE091178C0CD}] => (Allow) C:\Users\Jacen\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [TCP Query User{798AC9C1-245B-48BB-9913-E17DCDFE5730}D:\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe => No File
FirewallRules: [UDP Query User{BF6D178C-5E93-49E8-AF5A-B63051E21A8C}D:\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe => No File
FirewallRules: [{1DEFD320-F293-45F8-8FFB-09B08A00906F}] => (Block) D:\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe => No File
FirewallRules: [{C6A54534-05E8-4EAA-8A12-B98D59C5DC92}] => (Block) D:\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe => No File
FirewallRules: [TCP Query User{6374E979-6D0F-45FB-86E6-73E118937497}C:\users\jacen\appdata\local\discord\app-1.0.9006\discord.exe] => (Allow) C:\users\jacen\appdata\local\discord\app-1.0.9006\discord.exe => No File
FirewallRules: [UDP Query User{8DE3F987-DAD1-43B2-9B89-E338FFFC0FCC}C:\users\jacen\appdata\local\discord\app-1.0.9006\discord.exe] => (Allow) C:\users\jacen\appdata\local\discord\app-1.0.9006\discord.exe => No File
FirewallRules: [{A01B3CB1-15FC-46F2-9E3E-00DBEBE000DD}] => (Block) C:\users\jacen\appdata\local\discord\app-1.0.9006\discord.exe => No File
FirewallRules: [{5DEA1EAA-2A81-45D5-A38B-7172C666719C}] => (Block) C:\users\jacen\appdata\local\discord\app-1.0.9006\discord.exe => No File
FirewallRules: [{43882604-CCE1-4EBF-95BC-0E36A84510D9}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe => No File
FirewallRules: [TCP Query User{74AC3954-6D44-4073-8BF7-A52BA39B957B}D:\games\high on life\oregon\binaries\win64\oregon-win64-shipping.exe] => (Allow) D:\games\high on life\oregon\binaries\win64\oregon-win64-shipping.exe => No File
FirewallRules: [UDP Query User{C79D5D99-19DA-48F0-81B6-578087E52395}D:\games\high on life\oregon\binaries\win64\oregon-win64-shipping.exe] => (Allow) D:\games\high on life\oregon\binaries\win64\oregon-win64-shipping.exe => No File
FirewallRules: [{46965E83-8752-41BA-916B-606FF38ECC66}] => (Block) D:\games\high on life\oregon\binaries\win64\oregon-win64-shipping.exe => No File
FirewallRules: [{FACAD9C1-B508-4E87-94E5-D343E529BEB1}] => (Block) D:\games\high on life\oregon\binaries\win64\oregon-win64-shipping.exe => No File
FirewallRules: [{CB6A23F2-93FD-4F40-9369-DBE812BECCB5}] => (Allow) C:\Users\Jacen\AppData\Local\Programs\Opera\95.0.4635.25\opera.exe => No File
FirewallRules: [{3F645BAB-E0FC-4383-8655-21AC4BC2F282}] => (Allow) D:\Games\Apex\EasyAntiCheat_launcher.exe => No File
FirewallRules: [{2E0DC6A6-A1AE-4747-B9E8-9CAB92B09D80}] => (Allow) D:\Games\Apex\EasyAntiCheat_launcher.exe => No File
FirewallRules: [{D03073F4-7644-49B9-9D67-B9781FBF580B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{28000B34-7BF2-474D-9D5D-A15578AE25B1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{F2F668F5-7DD7-4809-8282-B637488776F7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{0648CB0F-B5CC-4C12-A3F0-3581F5704FF3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{B2860D58-2015-49D3-8683-993CD30B91C8}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_21253.510.996.1465_x64__8wekyb3d8bbwe\msteams.exe => No File
FirewallRules: [{17EFE77D-9BB4-4BE7-A785-BE5AADA9B675}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_21253.510.996.1465_x64__8wekyb3d8bbwe\msteams.exe => No File
FirewallRules: [{E21A923B-04BC-4EF8-A7B5-998A1AC480DA}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\94.0.992.50\msedgewebview2.exe => No File
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-3547755248-1387451383-3285540090-1001\...\Run: [uTorrent] => C:\Users\Jacen\AppData\Roaming\uTorrent\updates\3.5.5_45966.exe [2133032 2021-04-19] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-3547755248-1387451383-3285540090-1001\...\Run: [utweb] => "C:\Users\Jacen\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED (No File)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (No File)
Task: {6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => %systemroot%\system32\MusNotification.exe  ReadyToReboot (No File)
Task: {E933B40A-6147-4AA1-96E5-EB81809C183C} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe  /RunOnAC RebootDialog (No File)
Task: {C9BAC75D-FEB4-46E7-A8C7-C36115F25120} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe  /RunOnBattery RebootDialog (No File)
Task: {31D8A5EA-DA1E-4BD6-878F-E28814F8BAB4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display => %systemroot%\system32\MusNotification.exe  Display (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {439D85C4-367B-4022-9358-BD7278609EC3} - System32\Tasks\S-1-5-21-3547755248-1387451383-3285540090-1001\DataSenseLiveTileTask => %SystemRoot%\System32\DataUsageLiveTileTask.exe  (No File)
Task: {30DD0AD9-67F9-4F76-8833-41B25AA2769A} - System32\Tasks\startaman => C:\Program  -> Files (x86)/aman/Aman.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [lkemddiljapcmhicklfpcbpfffahfbja] - C:\Users\Jacen\AppData\Local\Google\Chrome\User Data\Default\extensions\WebNavigation.crx <not found>
S3 Browser; %SystemRoot%\System32\browser.dll [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
2024-04-04 04:33 - 2024-04-04 04:33 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-MIKURO-Windows-10-Pro-(64-bit).dat
2024-04-04 04:29 - 2024-04-04 04:31 - 000390609 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2024-04-04 04:29 - 2024-04-04 04:29 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2024-03-18 18:20 - 2024-03-18 18:43 - 000000000 ____D C:\ProgramData\AVG
2024-03-18 18:20 - 2024-03-18 18:20 - 000314296 _____ (Gen Digital Inc.) C:\WINDOWS\system32\avgBoot.exe
2024-03-18 18:16 - 2024-03-18 18:16 - 000004738 ____C C:\Users\Jacen\Desktop\Rkill.txt
2024-03-18 18:16 - 2024-03-18 18:16 - 000000000 ___DC C:\Users\Jacen\Desktop\rkill
2024-03-18 18:13 - 2024-03-18 18:14 - 000000000 ____D C:\AdwCleaner
2024-03-18 18:14 - 2018-12-25 14:41 - 000000000 ____D C:\ProgramData\Lavasoft
2024-03-18 18:14 - 2018-12-25 14:41 - 000000000 ____D C:\Program Files (x86)\Lavasoft
FCheck: C:\WINDOWS\SysWOW64\lastpass_1337.exe [2021-06-24] <==== ATTENTION (zero byte File/Folder)
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EDB7AEE7-E932-4836-AE50-D3B0B7766CB5}
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.


3. Eset Online scan

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.



In your next reply please post:
  1. If you successfully uninstalled the Chrome extensions
  2. The fixlog.txt
  3. The eset.txt
 
Hello, I followed through your steps:
1. I uninstalled the mentioned Chrome extensions on all google accounts
2. The fixlog.txt is attached below
3. The eset.txt
07/04/2024 3:17:54 AM
Scanned files: 971790
Detected files: 2
Cleaned files: 2
Total scan time 01:08:41
Scan status: Finished
 

Attachments

Sorry, I need to see the complete eset.txt content. Please, follow my instructions above.
 
Let's retrieve the log from the path where it is located.

Go to C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste the text file's content in your next reply.
 
Let's retrieve the log from the path where it is located.

Go to C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste the text file's content in your next reply.
I am sorry, I cannot find the EsetOnlineScanner anywhere on the Program Files
I also opened its file location and did not found any log
 
This is from Eset's site:

How can I view the ESET Online Scanner log file?
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start → Run dialog box from the Start Menu on the desktop.

And this one also:

How can I view the log file from ESET Online Scanner?
The ESET Online Scanner saves a log file after it completes a scan. This log file can be reviewed or sent to ESET for further analysis. To save the log file, click Save scan log and select the save location. You can also click View scan details to see the information. To view the log after ESET Online Scanner has been closed, Show hidden files and folders must be enabled in File Explorer. New logs are appended to the existing log files when multiple scans are run. The path to the log file is the following: C:\Users\username\AppData\Local\Temp\log.txt

Try the second one. Replace username with your username (Jacen).
 
Nop...

This is not what I would like to see, and I don't have another easy suggestion for you right now. I'll be back to you tomorrow.
 
Thanks for your assistance so far. Do you want me to do another scan and check the logs?
 
Another scan would not show any threats, since they were sent to quarantine. I want to see what those treats are.
  • Right-click the .exe file you downloaded previously to launch Online Scanner and select Run as administrator.
  • Click Quarantine.
  • Take a photo/screenshot of what you see.
 
Here is what it showed.
The first one is like a hack tool for a game.
The second one is related to uTorrent.
 

Attachments

  • IMG_20240407_041829.jpg
    IMG_20240407_041829.jpg
    144 KB · Views: 5
Please expand the second column, so I can see the whole result.
 
Im sorry it took long, i have to upload it on a gdrive since the website is not working properly on phone.
 

Attachments

  • 2nd File.jpg
    2nd File.jpg
    176.1 KB · Views: 4
  • First Quarantined File.jpg
    First Quarantined File.jpg
    150.3 KB · Views: 4
Status
Not open for further replies.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top