Infected With Elusive Malware Writing To Registry
Hey Nasdaq -
Thanks so much for your help, and apologies for the delayed response. It's odd that the logs don't show anything, because there are certainly weird things going on with my system. Below is an imgur link to some screenshots of things I felt may be odd within my registry. The first image is of my mounted devices and it may be the cause as there is a \??\volume mounted. I also do not have an F: drive. The second image is of winlogon and what seems to be a bunch of weird settings. The third is for ODBC SQL server. The fourth is an app path for WRITE.EXE which has the app path value set to WORDPAD.EXE. I thought that was weird bc there is already a WORDPAD.EXE subkey (also in all caps... (the only two subkeys that are)) with it's app path value also set to WORDPAD.EXE. The fifth image looks to be a ton of GPextentsion subkeys. The sixth and seventh images are related to terminal services and USB rules about mounting ISO's (why I think I've had this persist through fresh install via boot drive). This is my local home pc where I am the only user and there is no home network sharing or remoting in enabled so I'm not sure why there are terminal settings. If you find everything in the images to be normal I will take your word for it... but please do glance through and see if anything looks weird to you. If you still find that everything looks normal can you please point me to where I can find what CLSID:{0968E258-16C7-4DBA-AA86-462DD61E31A3} is so I can at least not have to deal with that pop-up anymore when I log in? Thanks again for your help. Below is malwarebytes scan log as requested.
https://imgur.com/a/ZE8MfHp
Malwarebyteswww.malwarebytes.com -Log Details-Scan Date: 12/15/21Scan Time: 3:29 PMLog File: 1032c392-5dee-11ec-bbdf-7085c2a3b237.json -Software Information-Version: 4.5.0.152Components Version: 1.0.1538Update Package Version: 1.0.48648License: Trial -System Information-OS: Windows 11 (Build 22000.376)CPU: x64File System: NTFSUser: ShayPC\shayh -Scan Summary-Scan Type: Threat ScanScan Initiated By: ManualResult: CompletedObjects Scanned: 281309Threats Detected: 0Threats Quarantined: 0Time Elapsed: 1 min, 40 sec -Scan Options-Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: DetectPUM: Detect -Scan Details-Process: 0(No malicious items detected) Module: 0(No malicious items detected) Registry Key: 0(No malicious items detected) Registry Value: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Data Stream: 0(No malicious items detected) Folder: 0(No malicious items detected) File: 0(No malicious items detected) Physical Sector: 0(No malicious items detected) WMI: 0(No malicious items detected)(end)