Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Activator.exe popups and stolen crypto funds from MetaMask

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Activator.exe popups and stolen crypto funds from MetaMask

Unread postby grafx77 » March 14th, 2022, 12:53 am

I recently have been getting a random popup asking me if I'd like to run "Activator.exe". There is a click details button which supposedly gives me the address of where the activator.exe is located, however it is not there. The address is Users/MyUserID/Appdata/Local/Microsoft/Windows/Netcache/Activator.exe. The Netcache folder is not located inside the Windows directory. I have the "Hidden Items" checked under windows explorer, so I don't think it is hidden. This all occured once I downloaded and tried to install a piece of software that automates certain Discord functions.

What makes this even worse is, my Metamask wallet, which stores my crypto (ETH) was hacked. My ETH was sent to another wallet address. I believe this has to do with the potential infection.

I will also post a screenshot of the popup when it appears, as it is random, so I won't be able to send it yet with this initial post.

Here are my logs from FRST:



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2022
Ran by grafx (13-03-2022 21:38:24)
Running from C:\Users\grafx\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1526 (X64) (2020-10-21 05:47:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-939787786-1032757048-2379198474-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-939787786-1032757048-2379198474-503 - Limited - Disabled)
grafx (S-1-5-21-939787786-1032757048-2379198474-1001 - Administrator - Enabled) => C:\Users\grafx
Guest (S-1-5-21-939787786-1032757048-2379198474-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-939787786-1032757048-2379198474-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (HKLM-x32\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.20 - Adobe Systems)
Adobe Dreamweaver 2020 (HKLM-x32\...\DRWV_20_0) (Version: 20.0 - Adobe Systems Incorporated)
Adobe Illustrator 2020 (HKLM-x32\...\ILST_24_0_1) (Version: 24.0.1 - Adobe Systems Incorporated)
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_1) (Version: 21.0.1 - Adobe Systems Incorporated)
AutoHotkey 1.1.33.10 (HKLM\...\AutoHotkey) (Version: 1.1.33.10 - Lexikos)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1206.2 - AVAST Software) Hidden
Camtasia 2019 (HKLM\...\{19A62A1C-7918-487A-85FC-7FAEBCBC12C6}) (Version: 19.0.9.17643 - TechSmith Corporation) Hidden
Camtasia 2019 (HKLM-x32\...\{de99fe51-5615-4a7b-beea-6d59fe981c23}) (Version: 19.0.9.17643 - TechSmith Corporation)
ClipX (HKLM-x32\...\ClipX) (Version: - )
Creality Slicer (HKLM-x32\...\{2A4DA5E3-ECD2-4127-B9E0-6BFBDE407FD2}) (Version: 1.2.3 - Creality3D)
CuteFTP 8 Professional (HKLM-x32\...\{91F34319-08DE-457a-99C0-0BCDFAC145B9}) (Version: 8.3.4 - GlobalSCAPE)
DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 5.7.0.1284 - Disc Soft Ltd)
DeskPins (remove only) (HKLM-x32\...\DeskPins) (Version: - )
Dragon 14 (HKLM-x32\...\{FEAB6184-0560-4EBF-A26B-C3F2B11FE9E1}) (Version: 14.00.000 - Nuance Communications Inc.)
EverAccountable (HKLM-x32\...\{344B067D-4154-404D-88EC-28D11A9D3B92}_is1) (Version: 7.5.52 - Ever Accountable)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 99.0.4844.51 - Google LLC)
Meshmixer (HKLM\...\Meshmixer_x64) (Version: 3.5 - Autodesk, Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 99.0.1150.39 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.14931.20132 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-939787786-1032757048-2379198474-1001\...\OneDriveSetup.exe) (Version: 22.033.0213.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{5016990D-7F61-4A20-9451-A915D6616DD9}) (Version: 3.66.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30133 (HKLM-x32\...\{295d1583-fdb9-414b-a4c8-da539362a26b}) (Version: 14.29.30133.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30133 (HKLM-x32\...\{38b2c744-ad08-4d5b-91a2-3fb6f739ff3e}) (Version: 14.29.30133.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 98.0 (x64 en-US)) (Version: 98.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 72.0.2 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NordVPN (HKLM-x32\...\{61912B8D-78D2-4C3A-B566-F72B189F9E30}) (Version: 6.28.13 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.28.13) (Version: 6.28.13 - NordVPN)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NVIDIA Graphics Driver 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14931.20010 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14931.20094 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Opera Stable 84.0.4316.31 (HKU\S-1-5-21-939787786-1032757048-2379198474-1001\...\Opera 84.0.4316.31) (Version: 84.0.4316.31 - Opera Software)
Plex Media Server (HKLM-x32\...\{D24D924C-CD4D-4C4B-A349-EAA1FE2C235C}) (Version: 1.25.3409 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{dda82782-10db-473d-8e46-b530d4d5061d}) (Version: 1.25.3.5409 - Plex, Inc.)
Pulover's Macro Creator version 5.4.1 (HKLM\...\{223FFB42-2D49-4AF6-9EF2-82B7D0CAF8B4}_is1) (Version: 5.4.1 - Cloversoft Serviços de Informática Ltda)
Python 3.10.1 (64-bit) (HKU\S-1-5-21-939787786-1032757048-2379198474-1001\...\{af822d5e-759c-4e77-9696-3cc835cd54a9}) (Version: 3.10.1150.0 - Python Software Foundation)
Python 3.10.1 Core Interpreter (64-bit) (HKLM\...\{862831D8-A2FD-4ED5-B9B9-C8C3ECA1CAE8}) (Version: 3.10.1150.0 - Python Software Foundation) Hidden
Python 3.10.1 Development Libraries (64-bit) (HKLM\...\{A17FBEFC-ABDD-4E5E-AAA5-CC503ACF648F}) (Version: 3.10.1150.0 - Python Software Foundation) Hidden
Python 3.10.1 Documentation (64-bit) (HKLM\...\{DD75DEC5-89C0-4E54-88A2-83DCCA026F3A}) (Version: 3.10.1150.0 - Python Software Foundation) Hidden
Python 3.10.1 Executables (64-bit) (HKLM\...\{4F07CBC9-1051-41FC-978D-EECA76E4D547}) (Version: 3.10.1150.0 - Python Software Foundation) Hidden
Python 3.10.1 pip Bootstrap (64-bit) (HKLM\...\{167746E3-B9B3-4964-803A-F893F1FC56C9}) (Version: 3.10.1150.0 - Python Software Foundation) Hidden
Python 3.10.1 Standard Library (64-bit) (HKLM\...\{98A2C72D-7929-414D-995B-4E47D8307C93}) (Version: 3.10.1150.0 - Python Software Foundation) Hidden
Python 3.10.1 Tcl/Tk Support (64-bit) (HKLM\...\{5A807757-F64E-46D3-ABD1-B4907BB75B72}) (Version: 3.10.1150.0 - Python Software Foundation) Hidden
Python 3.10.1 Test Suite (64-bit) (HKLM\...\{0393EBB7-8F16-42DC-9B63-F1552F481B92}) (Version: 3.10.1150.0 - Python Software Foundation) Hidden
Python 3.10.1 Utility Scripts (64-bit) (HKLM\...\{FD9B0798-B88D-4148-9159-6206EACD7C47}) (Version: 3.10.1150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{7DE12550-BE09-44DD-BDB4-0EC26BA89DAF}) (Version: 3.10.7644.0 - Python Software Foundation)
SideQuest 0.10.27 (HKU\S-1-5-21-939787786-1032757048-2379198474-1001\...\4924ec51-3e48-5cb7-b145-2119467094c7) (Version: 0.10.27 - Shane Harris)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stopping Plex (HKLM-x32\...\{B1E7A6EB-1E9F-4571-AC05-2089E5297B9C}) (Version: 1.25.3409 - Plex, Inc.) Hidden
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.27.3 - TeamViewer)
TreeSize Free V4.4.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.4.2 - JAM Software)
Ultimaker Cura 4.10.0 (HKLM-x32\...\Ultimaker Cura 4.10.0) (Version: 4.10.0 - Ultimaker B.V.)
Virtual Desktop Streamer (HKLM\...\{D4151DFF-F580-4C4D-B029-C38288E15A8E}) (Version: 1.17.1 - Virtual Desktop, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WebTorrent (HKU\S-1-5-21-939787786-1032757048-2379198474-1001\...\WebTorrent) (Version: 0.24.0 - WebTorrent, LLC)
WinHTTrack Website Copier 3.49-2 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.49.2 - HTTrack)
WinRAR 5.80 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH)
Xyliase version 1.0 (HKLM-x32\...\{0AC80AF3-3604-453F-B414-91E787EA292D}_is1) (Version: 1.0 - Xyliase)

Packages:
=========
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt [2021-12-04] (INTEL CORP) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-02-01] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-02-01] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.2180.0_x64__8wekyb3d8bbwe [2022-02-27] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-01-17] (NVIDIA Corp.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-939787786-1032757048-2379198474-1001_Classes\CLSID\{80172dde-4e20-4df0-81a2-0a48553e80bb}\localserver32 -> C:\Users\grafx\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (A-Volute SAS -> A-Volute)
CustomCLSID: HKU\S-1-5-21-939787786-1032757048-2379198474-1001_Classes\CLSID\{930e604a-cc01-4d06-8d7a-5a07914f3afb}\localserver32 -> C:\Program Files\TechSmith\Camtasia 2019\CamtasiaStudio.exe (TechSmith Corporation -> TechSmith Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll -> No File
ContextMenuHandlers1-x32: [CuteFTP 8 Professional] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\CuteShell.dll [2010-05-19] (GlobalSCAPE, Inc.) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2-x32: [CuteFTP 8 Professional] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\CuteShell.dll [2010-05-19] (GlobalSCAPE, Inc.) [File not signed]
ContextMenuHandlers2: [DaemonShellExtDriveUltra] -> {F0E53CA3-02F8-40AE-9470-309F0309036F} => C:\Program Files\DAEMON Tools Ultra\dtshl64.dll [2020-01-30] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageUltra] -> {B5EBA666-2B94-4C7A-9CAA-A4539F329646} => C:\Program Files\DAEMON Tools Ultra\dtshl64.dll [2020-01-30] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4-x32: [CuteFTP 8 Professional] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\CuteShell.dll [2010-05-19] (GlobalSCAPE, Inc.) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\nvshext.dll [2020-10-07] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.pspgru] => C:\Windows\SysWOW64\pspgru.acm [401920 2010-03-22] (Philips Austria GmbH - Speech Processing) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============


==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-939787786-1032757048-2379198474-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking14\Program\x64\dgnriaie_x64.dll [2015-08-22] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking14\Program\dgnriaie.dll [2015-08-22] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-03-18 17:28 - 2021-03-18 17:33 - 000000030 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKCU\Environment\\Path -> %USERPROFILE%\AppData\Local\Microsoft\WindowsApps
HKU\S-1-5-21-939787786-1032757048-2379198474-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\grafx\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\red wallpaper planet.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKU\S-1-5-21-939787786-1032757048-2379198474-1001\...\StartupApproved\Run: => "DAEMON Tools Ultra Automount"
HKU\S-1-5-21-939787786-1032757048-2379198474-1001\...\StartupApproved\Run: => "ISUSPM"
HKU\S-1-5-21-939787786-1032757048-2379198474-1001\...\StartupApproved\Run: => "Plex Media Server"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{4E147D60-F80B-4DC6-B501-9F6AFC8C5A7A}C:\users\grafx\appdata\local\programs\opera\71.0.3770.228\opera.exe] => (Allow) C:\users\grafx\appdata\local\programs\opera\71.0.3770.228\opera.exe => No File
FirewallRules: [TCP Query User{CA1CCF19-1BDB-459F-9E64-F9A34C00BDA1}C:\users\grafx\appdata\local\programs\opera\71.0.3770.228\opera.exe] => (Allow) C:\users\grafx\appdata\local\programs\opera\71.0.3770.228\opera.exe => No File
FirewallRules: [UDP Query User{C7778972-BA81-4984-8A73-52C3E89A07EE}C:\users\grafx\appdata\local\webtorrent\app-0.24.0\webtorrent.exe] => (Allow) C:\users\grafx\appdata\local\webtorrent\app-0.24.0\webtorrent.exe (WEBTORRENT, LLC -> WebTorrent)
FirewallRules: [TCP Query User{53512EA4-1894-47BE-A431-60A4B770D0F0}C:\users\grafx\appdata\local\webtorrent\app-0.24.0\webtorrent.exe] => (Allow) C:\users\grafx\appdata\local\webtorrent\app-0.24.0\webtorrent.exe (WEBTORRENT, LLC -> WebTorrent)
FirewallRules: [{DA95D99A-E861-47DA-99DB-11E583CB2F58}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{BB1E4688-7486-4184-97AD-EC9B7617E505}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{A7655146-4182-482E-9BB0-3DD01D61894E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{C303E573-2D45-4092-813D-A41EF02121FD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [UDP Query User{4B2C0F71-BCDB-42C2-A046-AE23385C2746}C:\users\grafx\appdata\local\programs\opera\69.0.3686.66\opera.exe] => (Allow) C:\users\grafx\appdata\local\programs\opera\69.0.3686.66\opera.exe => No File
FirewallRules: [TCP Query User{976826D3-3FEE-496D-A282-CF88F037171C}C:\users\grafx\appdata\local\programs\opera\69.0.3686.66\opera.exe] => (Allow) C:\users\grafx\appdata\local\programs\opera\69.0.3686.66\opera.exe => No File
FirewallRules: [UDP Query User{73B305DE-4E7F-46B7-9BCD-8960DA1B3B2F}C:\users\grafx\desktop\games\karnage chronicles\karnage chronicles\karnagevr\binaries\win64\karnagevr-win64-shipping.exe.unpacked.exe] => (Allow) C:\users\grafx\desktop\games\karnage chronicles\karnage chronicles\karnagevr\binaries\win64\karnagevr-win64-shipping.exe.unpacked.exe => No File
FirewallRules: [TCP Query User{09EE8772-85F0-441D-9801-42AC661F57D4}C:\users\grafx\desktop\games\karnage chronicles\karnage chronicles\karnagevr\binaries\win64\karnagevr-win64-shipping.exe.unpacked.exe] => (Allow) C:\users\grafx\desktop\games\karnage chronicles\karnage chronicles\karnagevr\binaries\win64\karnagevr-win64-shipping.exe.unpacked.exe => No File
FirewallRules: [{AA826A7D-6C98-4CA4-ABA7-58B77DAD15D6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{7E9434A3-C929-4A29-905F-C665977E8514}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{59F52B9B-B726-450B-88D8-6C43E98EBD43}] => (Allow) LPort=51001
FirewallRules: [{CCF4E4AC-2D1D-4740-B02F-E6E3A19386DC}] => (Allow) C:\Program Files\Oculus\Software\Software\vrchat-vrchat\VRChat_Data\StreamingAssets\Tools\DriverInfo.exe => No File
FirewallRules: [{D0CD0F23-4704-49C3-9668-21B6256C9CBC}] => (Allow) C:\Program Files\Oculus\Software\Software\vrchat-vrchat\VRChat_Data\StreamingAssets\Tools\DriverInfo.exe => No File
FirewallRules: [{36A8DCFE-33EF-4E29-8904-3CCC09D3797A}] => (Allow) C:\Program Files\Oculus\Software\Software\vrchat-vrchat\VRChat_Data\StreamingAssets\Tools\youtube-dl.exe => No File
FirewallRules: [{49574AE5-AA44-4B1C-B5AE-9CB0CC528D6D}] => (Allow) C:\Program Files\Oculus\Software\Software\vrchat-vrchat\VRChat_Data\StreamingAssets\Tools\youtube-dl.exe => No File
FirewallRules: [{10F837FF-1819-4464-8503-51BB826AABB7}] => (Allow) C:\Program Files\Oculus\Software\Software\vrchat-vrchat\VRChat.exe => No File
FirewallRules: [{7D4D684A-09C8-4BA6-BC31-10B073EE3039}] => (Allow) C:\Program Files\Oculus\Software\Software\vrchat-vrchat\VRChat.exe => No File
FirewallRules: [{B517ACDF-233B-4166-A5CF-CECE4303FEB1}] => (Allow) C:\Program Files\Oculus\Software\Software\vrchat-vrchat\UnityCrashHandler64.exe => No File
FirewallRules: [{25DDC0A8-8422-4846-A266-23FFABCAFDCE}] => (Allow) C:\Program Files\Oculus\Software\Software\vrchat-vrchat\UnityCrashHandler64.exe => No File
FirewallRules: [{B64A6AF4-477B-467C-861A-82F783187B26}] => (Allow) C:\Program Files\Oculus\Software\Software\vrchat-vrchat\install.exe => No File
FirewallRules: [{24709239-F789-4D48-B522-A1EBA9CDE840}] => (Allow) C:\Program Files\Oculus\Software\Software\vrchat-vrchat\install.exe => No File
FirewallRules: [{47331E05-0FDA-46C7-A954-1B4E51B659C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe (Valve -> )
FirewallRules: [{66786D4B-7182-4430-AFED-FAE4CBF72C13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe (Valve -> )
FirewallRules: [{3C68128F-4626-44CD-95FF-BEB382DF7AF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtours.exe (Valve -> )
FirewallRules: [{7E42F4D6-924D-4349-A7ED-ACEE33D52C77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtours.exe (Valve -> )
FirewallRules: [{01534542-87D3-4AA4-A7B9-9B7A0C3C605B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe (Valve -> Valve Corporation)
FirewallRules: [{5BCDB738-DF0A-419E-85B4-6DFC6DD5C29B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe (Valve -> Valve Corporation)
FirewallRules: [{18070441-EE03-4D9F-9D17-8E4AC9553342}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{E5D77BAD-1FEA-4D8A-AAA0-DE2B78536295}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{10CDF972-661F-4731-9715-BE35CBBEE7B9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{C5116B62-A75F-4549-89FC-E6EE3032CFAA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [UDP Query User{D3CEE53F-A188-41EF-A7BC-370878DEBC79}C:\programdata\grafx\webtorrent\app-0.21.0\webtorrent.exe] => (Allow) C:\programdata\grafx\webtorrent\app-0.21.0\webtorrent.exe (WebTorrent LLC -> WebTorrent)
FirewallRules: [TCP Query User{D04AA1B8-68D4-4DCE-8B06-2F5F7A507BBD}C:\programdata\grafx\webtorrent\app-0.21.0\webtorrent.exe] => (Allow) C:\programdata\grafx\webtorrent\app-0.21.0\webtorrent.exe (WebTorrent LLC -> WebTorrent)
FirewallRules: [UDP Query User{20568667-850E-4E62-B3FD-B79BED4B4D52}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{E2508FFF-316B-4077-9B81-1898A70AB79F}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{F30C8C10-3685-4BA5-B35E-C47120B2346F}] => (Allow) LPort=8320
FirewallRules: [UDP Query User{8BACEF5E-223B-49FB-B9C4-605BBE37D0D5}C:\program files\adobe\adobe dreamweaver 2020\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver 2020\node\node.exe (Adobe Inc. -> Node.js)
FirewallRules: [TCP Query User{B310E376-DAF4-4293-8481-3F9C3D67AF97}C:\program files\adobe\adobe dreamweaver 2020\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver 2020\node\node.exe (Adobe Inc. -> Node.js)
FirewallRules: [UDP Query User{4D48441F-6868-4E37-810F-18176F0A1BE5}C:\users\grafx\appdata\local\webtorrent\app-0.21.0\webtorrent.exe] => (Allow) C:\users\grafx\appdata\local\webtorrent\app-0.21.0\webtorrent.exe (WebTorrent LLC -> WebTorrent)
FirewallRules: [TCP Query User{F1A77D1B-87DD-4E18-A627-42DF8DC0DCDD}C:\users\grafx\appdata\local\webtorrent\app-0.21.0\webtorrent.exe] => (Allow) C:\users\grafx\appdata\local\webtorrent\app-0.21.0\webtorrent.exe (WebTorrent LLC -> WebTorrent)
FirewallRules: [{B44054C1-FA9C-4300-B013-0535C7E89FDB}] => (Allow) C:\Program Files\DAEMON Tools Ultra\DiscSoftBusServiceUltra.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{46CF0DC5-F4DC-4059-8EED-5F96BE1BC9F7}] => (Allow) C:\Program Files\DAEMON Tools Ultra\DiscSoftBusServiceUltra.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{D151C990-1D89-4D67-A578-D5F78C7F1032}] => (Allow) C:\Users\grafx\Desktop\Microsoft Toolkit.exe => No File
FirewallRules: [{A10AA7E0-DEE9-4E7F-B437-45CB170B30DF}] => (Allow) C:\Users\grafx\Desktop\Microsoft Toolkit.exe => No File
FirewallRules: [{CB02686B-5874-4895-A169-AA2644328177}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4057F0FF-863B-4B24-A723-8E5F450A3777}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0024014C-4991-4E66-B6DC-F803FE5B070F}] => (Allow) C:\Program Files\Virtual Desktop Streamer\VirtualDesktop.Streamer.exe (Virtual Desktop, Inc. -> Virtual Desktop, Inc.)
FirewallRules: [TCP Query User{69F5E808-E1B3-41C9-97C6-6AB03CA4F838}C:\users\grafx\appdata\local\programs\opera\73.0.3856.284\opera.exe] => (Block) C:\users\grafx\appdata\local\programs\opera\73.0.3856.284\opera.exe => No File
FirewallRules: [UDP Query User{9CB772DA-EBEF-451C-AB08-07C63E889666}C:\users\grafx\appdata\local\programs\opera\73.0.3856.284\opera.exe] => (Block) C:\users\grafx\appdata\local\programs\opera\73.0.3856.284\opera.exe => No File
FirewallRules: [TCP Query User{4E332B45-C286-4BA5-B20E-6B2372E7D829}C:\program files\ultimaker cura 4.8.0\cura.exe] => (Allow) C:\program files\ultimaker cura 4.8.0\cura.exe => No File
FirewallRules: [UDP Query User{6E21EFC4-0EE5-40F4-97D5-8F4C40FDD43D}C:\program files\ultimaker cura 4.8.0\cura.exe] => (Allow) C:\program files\ultimaker cura 4.8.0\cura.exe => No File
FirewallRules: [TCP Query User{F5AC3CBA-85E4-4EDA-95EF-67B122A93C2D}C:\program files\raise3d\ideamaker\ideamaker.exe] => (Allow) C:\program files\raise3d\ideamaker\ideamaker.exe => No File
FirewallRules: [UDP Query User{8ACFFBE7-EE29-452D-AE1E-905384F0C433}C:\program files\raise3d\ideamaker\ideamaker.exe] => (Allow) C:\program files\raise3d\ideamaker\ideamaker.exe => No File
FirewallRules: [{E9A6B09B-9202-4C54-86D7-4A49DA473AD5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C102221A-392B-4F83-A264-B38523D04374}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{BB5269F1-9EBC-4E31-9E37-8C9464BA0BFD}C:\users\grafx\appdata\local\programs\opera\77.0.4054.172\opera.exe] => (Allow) C:\users\grafx\appdata\local\programs\opera\77.0.4054.172\opera.exe => No File
FirewallRules: [UDP Query User{76BD73FD-BE6C-49F3-85DD-4EF1C0B8A34A}C:\users\grafx\appdata\local\programs\opera\77.0.4054.172\opera.exe] => (Allow) C:\users\grafx\appdata\local\programs\opera\77.0.4054.172\opera.exe => No File
FirewallRules: [TCP Query User{A87922C3-31E0-44A4-A240-4E9DFD4EFBCC}C:\users\grafx\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Allow) C:\users\grafx\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [UDP Query User{276DE86A-F053-4E72-B300-5B19B98C6D7B}C:\users\grafx\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Allow) C:\users\grafx\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [TCP Query User{5B881C44-5BA7-482C-B054-2C345A8E445F}C:\program files\ultimaker cura 4.10.0\cura.exe] => (Allow) C:\program files\ultimaker cura 4.10.0\cura.exe (Ultimaker B.V.) [File not signed]
FirewallRules: [UDP Query User{8882047D-9829-45A1-9209-41D936BCBD15}C:\program files\ultimaker cura 4.10.0\cura.exe] => (Allow) C:\program files\ultimaker cura 4.10.0\cura.exe (Ultimaker B.V.) [File not signed]
FirewallRules: [TCP Query User{EAD8B309-3739-4BFF-9F9F-A5FB4BE9037C}C:\users\grafx\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\grafx\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [UDP Query User{D41E9435-0D96-4561-B6C7-390774CD6176}C:\users\grafx\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\grafx\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [TCP Query User{B8A4E1AC-4041-46F2-AF8E-9265F1CCEA51}C:\program files\daedalus mainnet\daedalus mainnet.exe] => (Allow) C:\program files\daedalus mainnet\daedalus mainnet.exe => No File
FirewallRules: [UDP Query User{2F4E35ED-82B1-44B1-9055-13F6724BC007}C:\program files\daedalus mainnet\daedalus mainnet.exe] => (Allow) C:\program files\daedalus mainnet\daedalus mainnet.exe => No File
FirewallRules: [TCP Query User{85DF83FB-2F54-493E-A4A8-B700D3D7F25D}C:\users\grafx\desktop\opensea_bidding_bot\opensea_bot.exe] => (Allow) C:\users\grafx\desktop\opensea_bidding_bot\opensea_bot.exe => No File
FirewallRules: [UDP Query User{F052DB23-7091-4DDF-9EDE-30C8AC6491D3}C:\users\grafx\desktop\opensea_bidding_bot\opensea_bot.exe] => (Allow) C:\users\grafx\desktop\opensea_bidding_bot\opensea_bot.exe => No File
FirewallRules: [TCP Query User{D4D2C9D0-CAA9-40F3-816C-40C088D2A993}C:\users\grafx\desktop\opensea_bot2\opensea_bot.exe] => (Allow) C:\users\grafx\desktop\opensea_bot2\opensea_bot.exe => No File
FirewallRules: [UDP Query User{0A450FAD-BFFD-497F-8B68-91E3E22AD464}C:\users\grafx\desktop\opensea_bot2\opensea_bot.exe] => (Allow) C:\users\grafx\desktop\opensea_bot2\opensea_bot.exe => No File
FirewallRules: [TCP Query User{ED50A37A-84F1-48CA-BBC0-C86108076E13}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{3EE919EE-4FF8-4F74-8FF9-842F7D68E442}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{05B469CB-72BA-43FD-851F-07B04A914826}C:\users\grafx\desktop\offer bot\opensea_bot.exe] => (Allow) C:\users\grafx\desktop\offer bot\opensea_bot.exe => No File
FirewallRules: [UDP Query User{D439C2CE-8889-417B-9AB3-261D8F64F55B}C:\users\grafx\desktop\offer bot\opensea_bot.exe] => (Allow) C:\users\grafx\desktop\offer bot\opensea_bot.exe => No File
FirewallRules: [TCP Query User{9FDF72EC-F34F-49E1-B7D1-54BC715DEA88}C:\users\grafx\desktop\output\opensea_bot.exe] => (Allow) C:\users\grafx\desktop\output\opensea_bot.exe => No File
FirewallRules: [UDP Query User{36E06567-9453-4D3C-BE8D-5F975644378D}C:\users\grafx\desktop\output\opensea_bot.exe] => (Allow) C:\users\grafx\desktop\output\opensea_bot.exe => No File
FirewallRules: [TCP Query User{81CFE5E6-62AD-4513-B567-A679C0CE08CB}C:\users\grafx\desktop\output\opensea_sniper.exe] => (Allow) C:\users\grafx\desktop\output\opensea_sniper.exe => No File
FirewallRules: [UDP Query User{8F3269A4-4D35-4559-AF74-E000FBA1ED8C}C:\users\grafx\desktop\output\opensea_sniper.exe] => (Allow) C:\users\grafx\desktop\output\opensea_sniper.exe => No File
FirewallRules: [TCP Query User{DC1E4D20-4C26-45FC-8FA5-148D081A169E}C:\users\grafx\desktop\offer sniper bot\opensea_bot.exe] => (Allow) C:\users\grafx\desktop\offer sniper bot\opensea_bot.exe () [File not signed]
FirewallRules: [UDP Query User{FC48F35E-1BA4-4ECD-BBC0-2BEC2E2CF0E1}C:\users\grafx\desktop\offer sniper bot\opensea_bot.exe] => (Allow) C:\users\grafx\desktop\offer sniper bot\opensea_bot.exe () [File not signed]
FirewallRules: [TCP Query User{5F3F4A25-FFFC-4FC4-AB32-633F49DE9A80}C:\users\grafx\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\grafx\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{47962C83-413A-416F-8750-EE07C1B23C8B}C:\users\grafx\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\grafx\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{B910CF44-272E-442E-B56E-E0FE5684D6AE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{462863A5-F802-438A-9B16-ADF8B6AC074C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{05FC315C-A693-435C-85EC-04D77924D9E0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4A784546-788B-4D96-877F-1C24EC14A390}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{EBBEC1A3-7001-47BE-8234-26A7268DD331}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc. -> )
FirewallRules: [{0ABFF5D5-ECBD-463C-8073-6888D79E4664}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{7AAC1C1C-9173-4CC3-8E91-B9C75ED477D2}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc. -> )
FirewallRules: [{3BA11435-665C-46B5-B425-A430447CA6A5}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Game Transcoder\Plex Game Transcoder.exe (Plex, Inc. -> )
FirewallRules: [{22C0D0F3-AEB7-44ED-A825-7FF597A26A0C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{ED4DAE32-D308-4389-B2F2-831242EAE6BD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{512022B1-195B-4109-8426-0E4D40BF5C55}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AA759D68-59FF-44D4-8434-3C84E2D91277}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D9374DA3-FADE-48F1-8E4A-B00CBEE48B38}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{6439C561-C0B1-4958-9D8B-BC9F31E33EC6}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe => No File
FirewallRules: [UDP Query User{734AC946-1754-46C9-9502-D9BBEA479734}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe => No File
FirewallRules: [{204F8E94-3A02-4773-BCF5-E65A84437793}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{C0BB7394-6A55-4082-AFCB-A5D064F43600}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{C2EA6278-5BA7-4C84-98E7-648D63E6A658}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{BC2AE6B1-9C22-412A-9F94-D2DFC771077D}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{EC0C8054-3C3F-4BF7-81AB-86FA2D2453EA}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{7CDAE8B5-321D-4570-A5A0-75423F9AAAF2}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [TCP Query User{C58E210B-66C3-4878-94B3-071039867B95}C:\users\grafx\appdata\local\programs\python\python310\python.exe] => (Allow) C:\users\grafx\appdata\local\programs\python\python310\python.exe (Python Software Foundation -> Python Software Foundation)
FirewallRules: [UDP Query User{6FCDBB81-D92E-471E-A5E2-BEB361732BF2}C:\users\grafx\appdata\local\programs\python\python310\python.exe] => (Allow) C:\users\grafx\appdata\local\programs\python\python310\python.exe (Python Software Foundation -> Python Software Foundation)
FirewallRules: [{EA7CEB97-9AD5-446E-BE0C-18E82B7C8AB5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{6C10AED3-0009-46DE-9CFD-B4424D13F545}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{BEF5F17E-4689-470B-B539-C09807837F60}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{AA3FEDBD-B91E-4632-AEB2-39B8D244BF27}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

==================== Restore Points =========================

12-03-2022 13:58:45 Windows Modules Installer
13-03-2022 20:18:42 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices ============

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: ========================

Application errors:
==================
Error: (03/13/2022 08:18:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast SecureLine VPN since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (03/13/2022 08:18:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Driver Updater since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (03/13/2022 08:18:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Cleanup since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (03/13/2022 08:18:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Tools since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (03/13/2022 08:18:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (03/13/2022 08:18:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service aswbIDSAgent since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (03/13/2022 08:18:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Firewall Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (03/13/2022 08:18:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.

System Error:
The system cannot find the file specified.
.


System errors:
=============
Error: (03/13/2022 08:18:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (03/11/2022 06:09:18 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro38CrusaderBoot service terminated with the following service-specific error:
The operation completed successfully.

Error: (03/11/2022 06:08:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Audiosrv service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (03/11/2022 06:08:54 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The Audiosrv service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (03/11/2022 06:08:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SysMain service terminated with the following error:
The authentication service is unknown.

Error: (03/11/2022 06:07:58 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.

Error: (03/11/2022 06:07:58 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.

Error: (03/11/2022 06:07:58 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.


Windows Defender:
================
Date: 2022-03-13 19:40:57
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-03-12 19:25:19
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-03-12 19:06:13
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-03-11 15:34:37
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-03-10 14:21:31
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2022-03-12 18:15:41
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2022-03-12 13:24:41
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2022-03-12 11:09:49
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 2.80 08/07/2019
Motherboard: Micro-Star International Co., Ltd. B360 GAMING PLUS (MS-7B22)
Processor: Intel(R) Core(TM) i7-8700K CPU @ 3.70GHz
Percentage of memory in use: 46%
Total physical RAM: 16318.35 MB
Available physical RAM: 8716.86 MB
Total Virtual: 35839.3 MB
Available Virtual: 24972.51 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.31 GB) (Free:79.63 GB) NTFS

\\?\Volume{b0cd26dc-4748-4c47-8886-1c8f8dda1810}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS
\\?\Volume{ea965f89-d82f-4bbf-b8b2-80c7c1e75a4b}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
grafx77
Active Member
 
Posts: 4
Joined: March 14th, 2022, 12:42 am
Advertisement
Register to Remove

Re: Activator.exe popups and stolen crypto funds from MetaMa

Unread postby grafx77 » March 14th, 2022, 4:22 pm

Here is a picture of the Activator.exe popup I was explaining about in my original message.
You do not have the required permissions to view the files attached to this post.
grafx77
Active Member
 
Posts: 4
Joined: March 14th, 2022, 12:42 am

Re: Activator.exe popups and stolen crypto funds from MetaMa

Unread postby mAL_rEm018 » March 14th, 2022, 5:10 pm

Hello grafx77,

I will be helping you with your malware related issues. I am not currently at home, so it will take me a few hours before I can get back to you.

mAL
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Activator.exe popups and stolen crypto funds from MetaMa

Unread postby grafx77 » March 14th, 2022, 6:29 pm

ok no problem. Thank you!
grafx77
Active Member
 
Posts: 4
Joined: March 14th, 2022, 12:42 am

Re: Activator.exe popups and stolen crypto funds from MetaMa

Unread postby mAL_rEm018 » March 15th, 2022, 11:07 pm

Hi grafx77,

My apologies for the delay.

Please answer the following question..

  • Is this computer used for any type of business purposes?


CKScanner

  • Please download CKScanner from Here
  • Save it to your Desktop.
  • Right-Click on CKScanner.exe and select Run as Administrator.
  • Select Search For Files
  • When the scan in finished, click on Save List To File.
  • Open CKFiles.txt on your desktop and post the contents in your next reply.
    Only run CKScanner.exe once.



-----------------------------------------
In your next reply, I would like to see..
  • Answer to my question.
  • CKFiles.txt
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Activator.exe popups and stolen crypto funds from MetaMa

Unread postby grafx77 » March 15th, 2022, 11:55 pm

The computer is used for personal use, not business.

The link doesn't do anything when I click it.
grafx77
Active Member
 
Posts: 4
Joined: March 14th, 2022, 12:42 am

Re: Activator.exe popups and stolen crypto funds from MetaMa

Unread postby mAL_rEm018 » March 16th, 2022, 12:05 am

Are you using Microsoft Edge, Chrome or Firefox when you click on the link?
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Activator.exe popups and stolen crypto funds from MetaMa

Unread postby mAL_rEm018 » March 26th, 2022, 5:25 pm

Due to a lack of response, this topic is now closed

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a
fresh FRST log, and wait for a new helper.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 287 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware