R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [239544 2022-08-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) ACDSee Photo Studio Ultimate 2022 (HKLM\\{AA1FA917-93AD-42D5-B171-D7237AC47CBE}) (Version: 15.1.0.2910 - ACD Systems International Inc.) Audacity 3.1.3 (HKLM\\Audacity_is1) (Version: 3.1.3 - Audacity Team) FirewallRules: [{C6676C52-746C-44AC-990F-65214880D8BE}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe => No File S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934368 2022-03-03] (Epic Games Inc. -> Epic Games, Inc.) Description: Local Hostname InWin809.local already in use; will try InWin809-2.local instead (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{203ebb61-a8f5-49d4-9bc1-32351b715ebe}: [DhcpNameServer] 192.168.0.1 ==================== Memory info =========================== Peace (HKLM\\Peace) (Version: 1.6.1.2 - P.E. Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, the file/folder will be moved.) Thanks so much for reading; hopefully, you've discovered how to find and play Discord's secret snake game! FirewallRules: [{9A674005-76ED-49FE-B5D9-BD89D27E7EAA}] => (Allow) D:\Steam\SteamApps\common\Aim Lab\AimLab_tb.exe () [File not signed] FirewallRules: [{2089FA96-87E2-4759-A593-A31D1EE2D411}] => (Allow) D:\Steam\SteamApps\common\Yakuza 0\media\Yakuza0.exe () [File not signed] AAAA FE80:0000:0000:0000:F9B9:BB8B:08E0:F925 2022-08-22 04:13 - 2022-07-08 17:37 - 001847296 _____ (Corsair Memory, Inc.) C:\windows\system32\CorsairGamingAudioPO64.dll Resetting , OK! Error: (09/20/2022 03:10:47 AM) (Source: Bonjour Service) (EventID: 100) (User: ) 2022-09-15 21:59 - 2022-09-15 21:59 - 000001070 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2022.lnk So, lets see how this works with respect to the game. (Code 22) HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION Directly in front of the snake - the entire straight line is "safe" - This rule has been removed in a later update and no longer applies. FirewallRules: [{BF7B5D38-83F1-406F-A470-CEEDC8D793B2}] => (Allow) D:\Steam\SteamApps\common\FPSAimTrainer\FPSAimTrainer.exe (Int3 Software AB -> Int3 Software AB) HKLM\\Policies\Explorer: [HideSCAMeetNow] 1 HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Windows10Upgrade.exe => removed successfully 2022-08-27 00:56 - 2022-08-08 00:16 - 000000000 ____D C:\Program Files\Blackmagic Design Fault offset: 0x000000000001d7d1 CORSAIR iCUE 4 Software (HKLM\\{B1071BDE-E9F2-4F8C-8A0F-0FB8BA5835CD}) (Version: 4.27.168 - Corsair) R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.7393.4000.105\Data\Definitions\IPSDefs\20220920.081\IDSvia64.sys [1515512 2022-05-13] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{4AE96DAB-A7FC-4F77-8B61-5404C0996C4A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) CustomCLSID: HKU\S-1-5-21-479614032-2295716511-2174497491-1002_Classes\CLSID\{89b2b650-c4dd-d68b-46e7-3176f1973c8b}\localserver32 -> C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe (Voicemod Sociedad Limitada -> Voicemod) Follow the instructions. S3 BthA2dp; C:\windows\System32\drivers\BthA2dp.sys [507904 2021-10-08] (Microsoft Corporation) [File not signed] ==================== Registry (Whitelisted) =================== 2022-09-18 23:28 - 2022-08-02 16:26 - 000882856 _____ C:\windows\system32\wpbbin.exe AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder 2022.lnk:E84E23EE24 [3442] Task: {1575C392-0E35-416C-84D8-1184D8BF09C6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8338896 2022-04-05] (Microsoft Corporation -> Microsoft Corporation) 2022-09-13 06:35 - 2022-08-18 23:47 - 000002079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk AlternateDataStreams: C:\windows\system32\9EarsSurroundSound.dll:0763E8C13F [3442] FirewallRules: [{B70FFF9C-53F2-4125-9886-8F860E39974D}] => (Block) D:\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) Credits: Skins by Black . HKU\S-1-5-21-479614032-2295716511-2174497491-1002\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION Startup: C:\Users\Tyson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2022-06-11] IFEO\remsh.exe: [Debugger] / Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation) Discord. 2022-09-13 06:35 - 2022-01-10 22:19 - 000004562 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task FirewallRules: [{CCB4F444-343C-4463-AD44-201D04996086}] => (Allow) D:\Steam\SteamApps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed] Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.7393.4000.105\Bin64\symamsi.dll that did not meet the Microsoft signing level requirements. When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections. R3 nvvad_WaveExtensible; C:\windows\system32\drivers\nvvad64v.sys [48552 2022-05-05] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation) R1 SYMNETS; C:\windows\System32\Drivers\SEP\0E031CE1\0FA0.105\x64\symnets.sys [480192 2022-02-25] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) FirewallRules: [UDP Query User{ABD0FEC5-FD03-416C-8BE7-242C0CB68220}D:\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe => No File I've read online that those specific things have to do with OneDrive but I uninstalled it. Hello, I don't know if it's to late to sign up for these but if figured I mine as well try. ==================== Security Center ======================== 2022-09-18 10:29 - 2022-05-25 01:10 - 000002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Tyson\AppData\Local\MEGAsync\ShellExtX64.dll [2022-06-11] (Mega Limited -> ) 2022-09-12 09:31 - 2022-05-13 18:02 - 000000000 ____D C:\Users\Tyson\AppData\Roaming\Adobe Epic Online Services (HKLM-x32\\{758842D2-1538-4008-A8E3-66F65A061C52}) (Version: 2.0.33.0 - Epic Games, Inc.) ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Tyson\AppData\Local\MEGAsync\ShellExtX64.dll [2022-06-11] (Mega Limited -> ) Disk: 1 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: 2435D796) Processes closed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk => ":7661CCE9BF" ADS removed successfully Origin (HKLM-x32\\Origin) (Version: 10.5.113.50894 - Electronic Arts, Inc.) 2022-09-18 23:35 - 2022-01-03 19:51 - 000848788 _____ C:\windows\system32\PerfStringBackup.INI (services.exe ->) (Code Sector -> ) C:\Program Files\TeraCopy\TeraCopyService.exe Scores only last a few hours, and you can keep spinning to try to get on top! 19,995 Members. The file will not be moved unless listed separately.) FirewallRules: [TCP - Installer for ACDSee Commander Ultimate 2022] => (Allow) C:\Program Files\ACD Systems\ACDSee Ultimate\15.0\ACDSeeCommanderUltimate15.exe => No File 2022-08-28 02:33 - 2022-08-28 02:33 - 000000000 ____D C:\Users\Tyson\.insomniac FirewallRules: [{0EA0C205-D85D-45CB-8FB2-2EC49B7EB8BF}] => (Block) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.) 2022-09-15 21:56 - 2022-05-24 21:21 - 000000000 ___RD C:\Users\Tyson\Creative Cloud Files (C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe ->) (Oculus VR, LLC -> Facebook Technologies, LLC) C:\Program Files\Oculus\Support\oculus-runtime\OVRRedir.exe HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SihClient.exe => removed successfully HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service" 2022-09-13 06:56 - 2021-06-05 22:10 - 000000000 ____D C:\windows\system32\Dism This is a fun little bot that lets you play the classic game of snake inside of Discord! WinRAR -> C:\Program Files\WinRAR [2022-06-13] (0) S0 SymELAM; C:\windows\System32\Drivers\SEP\0E031CE1\0FA0.105\x64\SymELAM.sys [25576 2022-02-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom) FF Extension: (Privacy Badger) - C:\Users\Tyson\AppData\Roaming\Mozilla\Firefox\Profiles\xnc3cpuf.default-release\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2022-05-13] FirewallRules: [TCP Query User{FFCC5226-1F60-4EE6-AAA8-261FB17C0A09}C:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) CHR Extension: (Chrome Remote Desktop) - C:\Users\Tyson\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2022-05-13] C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully "HKU\S-1-5-21-479614032-2295716511-2174497491-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAMeetNow" => removed successfully R2 SepScanService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.7393.4000.105\bin64\ccSvcHst.exe [191912 2022-02-25] (Symantec Corporation -> Broadcom) Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-09-08] (Adobe Inc. -> Adobe Systems Inc.) (explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\dotnet\ <==== ATTENTION S3 iaLPSS2_GPIO2_TGL; C:\windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_cb8dd04b85ac9a58\iaLPSS2_GPIO2_TGL.sys [128680 2020-12-23] (Intel Corporation -> Intel Corporation) GroupPolicy\User: Restriction ? (If an entry is included in the fixlist, it will be removed from the registry. 2022-09-13 06:56 - 2021-06-05 22:10 - 000000000 ____D C:\windows\system32\appraiser Error: (09/18/2022 11:21:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )