Infected With Elusive Malware Writing To Registry


Everytime I restart my computer/login for the first time I get a UAC popup asking if I want to all this app to make changes to my device. The app is a generic white box with another blue box within it and then to the right of that its says Open File -Security Warning. When I click on show more details is says Verified Publisher: Microsoft Windows and then below that it say CLSID:{0968E258-16C7-4DBA-AA86-462DD61E31A3}.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2021

Ran by shayh (administrator) on SHAYPC (MicroElectronics G355) (15-12-2021 00:53:08)

Running from C:UsersshayhDesktop

Loaded Profiles: shayh

Platform: Microsoft Windows 11 Pro Version 21H2 22000.376 (X64) Language: English (United States)

Default browser: Chrome

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Adobe Inc. -> Adobe Inc.) C:Program Files (x86)Common FilesAdobeAdobe Desktop CommonElevationManagerAdobeUpdateService.exe

(ASRock Incorporation -> ) C:Program Files (x86)ASRock UtilityAPP ShopAsrAPPShop.exe

(Google LLC -> Google LLC) C:Program FilesGoogleChromeApplicationchrome.exe <14>

(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe

(Intel® Rapid Storage Technology -> Intel Corporation) C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe

(Intel® Rapid Storage Technology -> Intel Corporation) C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorIcon.exe

(Mark of the Unicorn, Inc -> MOTU) C:Program Files (x86)MOTUCoreUACMOTUMSeries.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32rundll32.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32wlanext.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2110.6-0MsMpEng.exe

(Microsoft Windows…

Source…