Windows 10 issue – malware and iPhone – Webkit? – Virus, Trojan, Spyware, and Malware Removal Help – BleepingComputer


Hi, 

 

I have been suffering for weeks please can someone help?

 

This is my Addition report from Faraday:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2021
Ran by PC1 (16-02-2021 18:33:54)
Running from C:UsersPC1Desktop
Windows 10 Pro Version 2004 19041.610 (X64) (2021-02-16 17:00:52)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1821989033-1901068094-3775813825-500 – Administrator – Disabled)
DefaultAccount (S-1-5-21-1821989033-1901068094-3775813825-503 – Limited – Disabled)
Guest (S-1-5-21-1821989033-1901068094-3775813825-501 – Limited – Disabled)
PC1 (S-1-5-21-1821989033-1901068094-3775813825-1001 – Administrator – Enabled) => C:UsersPC1
WDAGUtilityAccount (S-1-5-21-1821989033-1901068094-3775813825-504 – Limited – Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AntiLogger Free version 1.8.2.320 (HKLM-x32…{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.320 – Zemana Ltd.)
Realtek High Definition Audio Driver (HKLM-x32…{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8233 – Realtek Semiconductor Corp.)

Packages:
=========
Cortana -> C:Program FilesWindowsAppsMicrosoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2021-02-16] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsmicrosoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsmicrosoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-16] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:Program FilesWindowsAppsMicrosoft.MicrosoftSolitaireCollection_4.4.10022.0_x64__8wekyb3d8bbwe [2021-02-16] (Microsoft Studios) [MS Ad]
MSN Weather -> C:Program FilesWindowsAppsMicrosoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2021-02-16] (Microsoft Corporation) [MS Ad]
Skype -> C:Program FilesWindowsAppsMicrosoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c [2021-02-16] (Skype)
Your Phone -> C:Program FilesWindowsAppsMicrosoft.YourPhone_1.19091.313.0_x64__8wekyb3d8bbwe [2021-02-16] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKUS-1-5-21-1821989033-1901068094-3775813825-1001_ClassesCLSID{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}InprocServer32 -> C:UsersPC1AppDataLocalMicrosoftOneDrive19.043.0304.0013_1amd64FileSyncShell64.dll => No File
CustomCLSID: HKUS-1-5-21-1821989033-1901068094-3775813825-1001_ClassesCLSID{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}InprocServer32 -> C:UsersPC1AppDataLocalMicrosoftOneDrive19.043.0304.0013_1amd64FileSyncShell64.dll => No File
CustomCLSID: HKUS-1-5-21-1821989033-1901068094-3775813825-1001_ClassesCLSID{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}InprocServer32 -> C:UsersPC1AppDataLocalMicrosoftOneDrive19.043.0304.0013_1amd64FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:WindowsSystem32DriverStoreFileRepositoryigdlh64.inf_amd64_cb777423701ee84cigfxDTCM.dll [2020-03-20] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

READ  NYC MTA’s contactless fare system completes rollout, will phase out MetroCard in 2023 - TechCrunch

==================== Internet Explorer (Whitelisted) ==========

HKUS-1-5-21-1821989033-1901068094-3775813825-1001SoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKUS-1-5-21-1821989033-1901068094-3775813825-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKUS-1-5-21-1821989033-1901068094-3775813825-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKUS-1-5-21-1821989033-1901068094-3775813825-1001 -> {CA25219F-A408-45A6-90EB-36705D5B82EE} URL =

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-02-16 16:39 – 2021-02-16 16:38 – 000000824 _____ C:Windowssystem32driversetchosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKUS-1-5-21-1821989033-1901068094-3775813825-1001Control PanelDesktop\Wallpaper -> C:WindowswebwallpaperWindowsimg0.jpg
DNS Servers: 194.168.4.100 – 194.168.8.100
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:117.37 GB) (Free:101.33 GB) (86%)

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (02/16/2021 05:17:35 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=3

Error: (02/16/2021 05:17:34 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE7
Sku Id=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c

Error: (02/16/2021 05:17:34 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0x80072EE7

Error: (02/16/2021 05:05:55 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (02/16/2021 05:05:54 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE7
Sku Id=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c

Error: (02/16/2021 05:05:54 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0x80072EE7

Error: (02/16/2021 05:02:55 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.

Error: (02/16/2021 05:02:15 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x800704CF
Command-line arguments:
RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEvent

System errors:
=============
Error: (02/16/2021 06:31:22 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (02/16/2021 06:31:22 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (02/16/2021 06:31:14 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (02/16/2021 06:31:14 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (02/16/2021 06:31:12 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

READ  Covid-19 Live Updates: Masks Are 'Most Important, Powerful Public Health Tool,' Top Official Says - The New York Times

Error: (02/16/2021 06:31:12 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (02/16/2021 06:30:52 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (02/16/2021 06:30:52 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Windows Defender:
================
Date: 2021-02-16 18:11:52
Description:
Controlled Folder Access blocked C:UsersPC1Desktopmbarmbar.exe from making changes to memory.
Detection time: 2021-02-16T18:11:52.746Z
Path: DeviceHarddiskVolume3
Process Name: C:UsersPC1Desktopmbarmbar.exe
Security intelligence Version: 1.331.1137.0
Engine Version: 1.1.17800.5
Product Version: 4.18.2101.9

Date: 2021-02-16 17:59:38
Description:
C:UsersPC1AppDataLocalTempis-C8O4V.tmpAntiLogger Free.exe has been blocked from modifying %localappdata%Temp by Controlled Folder Access.
Detection time: 2021-02-16T17:59:38.218Z
Path: %localappdata%Temp
Process Name: C:UsersPC1AppDataLocalTempis-C8O4V.tmpAntiLogger Free.exe
Security intelligence Version: 1.331.1137.0
Engine Version: 1.1.17800.5
Product Version: 4.18.2101.9

Date: 2021-02-16 17:59:38
Description:
C:UsersPC1AppDataLocalTempis-C8O4V.tmpAntiLogger Free.exe has been blocked from modifying %localappdata%MicrosoftWindowsCaches by Controlled Folder Access.
Detection time: 2021-02-16T17:59:38.218Z
Path: %localappdata%MicrosoftWindowsCaches
Process Name: C:UsersPC1AppDataLocalTempis-C8O4V.tmpAntiLogger Free.exe
Security intelligence Version: 1.331.1137.0
Engine Version: 1.1.17800.5
Product Version: 4.18.2101.9

Date: 2021-02-16 17:59:36
Description:
C:UsersPC1AppDataLocalTempis-C8O4V.tmpAntiLogger Free.exe has been blocked from modifying %localappdata%MicrosoftWindowsCaches by Controlled Folder Access.
Detection time: 2021-02-16T17:59:36.536Z
Path: %localappdata%MicrosoftWindowsCaches
Process Name: C:UsersPC1AppDataLocalTempis-C8O4V.tmpAntiLogger Free.exe
Security intelligence Version: 1.331.1137.0
Engine Version: 1.1.17800.5
Product Version: 4.18.2101.9

Date: 2021-02-16 17:59:33
Description:
C:UsersPC1AppDataLocalTempis-C8O4V.tmpAntiLogger Free.exe has been blocked from modifying %localappdata%Temp by Controlled Folder Access.
Detection time: 2021-02-16T17:59:33.475Z
Path: %localappdata%Temp
Process Name: C:UsersPC1AppDataLocalTempis-C8O4V.tmpAntiLogger Free.exe
Security intelligence Version: 1.331.1137.0
Engine Version: 1.1.17800.5
Product Version: 4.18.2101.9

Date: 2021-02-16 17:59:33
Description:
C:UsersPC1AppDataLocalTempis-C8O4V.tmpAntiLogger Free.exe has been blocked from modifying %localappdata%MicrosoftWindowsCaches by Controlled Folder Access.
Detection time: 2021-02-16T17:59:33.473Z
Path: %localappdata%MicrosoftWindowsCaches
Process Name: C:UsersPC1AppDataLocalTempis-C8O4V.tmpAntiLogger Free.exe
Security intelligence Version: 1.331.1137.0
Engine Version: 1.1.17800.5
Product Version: 4.18.2101.9

Date: 2021-02-16 17:59:31
Description:
C:UsersPC1AppDataLocalTempis-C8O4V.tmpAntiLogger Free.exe has been blocked from modifying %localappdata%MicrosoftWindowsCaches by Controlled Folder Access.
Detection time: 2021-02-16T17:59:31.210Z
Path: %localappdata%MicrosoftWindowsCaches
Process Name: C:UsersPC1AppDataLocalTempis-C8O4V.tmpAntiLogger Free.exe
Security intelligence Version: 1.331.1137.0
Engine Version: 1.1.17800.5
Product Version: 4.18.2101.9

Date: 2021-02-16 17:31:07
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 0.0.0.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2021-02-16 17:26:07
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

READ  Apple Fights To Protect Public From Their Dangerous iPhone - Forbes

Date: 2021-02-16 17:26:07
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2021-02-16 17:26:07
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2021-02-16 17:26:07
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2021-02-16 17:26:07
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2021-02-16 17:26:07
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===============
Date: 2021-02-16 18:33:16
Description:
Code Integrity determined that a process (DeviceHarddiskVolume3WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweMicrosoftEdge.exe) attempted to load DeviceHarddiskVolume3Program Files (x86)KeyCryptSDKKeyCrypt64(1).dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

BIOS: Dell Inc. 1.13.0 02/10/2020
Motherboard: Dell Inc. 07TYC2
Processor: Intel® Core™ i5-6200U CPU @ 2.30GHz
Percentage of memory in use: 72%
Total physical RAM: 8029.31 MB
Available physical RAM: 2197.1 MB
Total Virtual: 9949.31 MB
Available Virtual: 3347.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:117.37 GB) (Free:101.33 GB) NTFS

\?Volume{5c9e4b6a-87fa-4cf3-9239-80d58c43f965} (Windows RE tools) (Fixed) (Total:1.75 GB) (Free:1.28 GB) NTFS
\?Volume{00887fb8-c96c-441b-af5f-1bc3b9e7e31f} (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 84D7B1D7)

Partition: GPT.

==================== End of Addition.txt =======================

 





READ SOURCE

LEAVE A REPLY

Please enter your comment!
Please enter your name here