Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HI got a big virus in system viles.. need help going over computers

Started by steveairway , Mar 18 2020 06:17 PM

  • Please log in to reply

#31
RKinner
Posted 22 March 2020 - 09:28 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

No speccy log attached.

 

SFC shows a few files could not be fixed.  Doesn't look like they were anything important tho.

 

Discord appear to be turned off in msconfig:

 

MSCONFIG\startupreg: Discord => C:\Users\Mike\AppData\Local\Discord\app-0.0.305\Discord.exe
 
VPN is also off:
MSCONFIG\startupreg: NordVPN => C:\Program Files (x86)\NordVPN\NordVPN.exe
 
If you look at a file on a website it often gets downloaded.  Not a sign of a hacker but you might want to delete them if they are sensitive.
 
 
 
Go into msconfig, startup and check both entries.  OK and Reboot.
 
No need to send me any money.  Use it to buy a new hard drive for PC#1. (Just don't get another Seagate.)

  • 0

Advertisements

#32
steveairway
Posted 22 March 2020 - 10:33 PM

steveairway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts

speccy file

 

Yes i wonder how those got turned off... maybe hacker put those files into my stuff.

 

Also i dont see the teamvieer running anymore in my task manager.

When i did see that running i also found it very suspisiouc and would hit end task 

 

So u think that running the fix it list earlier.. might have gotten this guy off computer.

 

I been on discord past hour or so and so far now shutdown of my account or hacked it so.. seems good til i get windows 10 install

 

thanks

 

When u say go into misconfig.. do u mean u want me to enter that stuff into Cmd thing?

 

When i try to go into my pictures to add a picture for my avatar on discord... its locked and say sno access.. weird 

i have files all over computer with a lock on them... 

Attached Files


Edited by RKinner, 23 March 2020 - 07:41 AM.

  • 0

#33
RKinner
Posted 23 March 2020 - 07:55 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Speccy says this hard drive is better than the other one but even so it is very old and has a bunch of bad sectors.  It's also been dropped.  If it were mine I would consider changing it out too.  Might be a good time to go for a SSD since you are going to load from scratch.  (I prefer Samsung EVO drives myself.  I've had two cheap drives and they both failed the first year.)

 

This one is also running a bit hot.  I'd get a second opinion from speedfan to see if it needs the heatsink cleaned.

 

Please remember to remove the serial number from the Speccy logs.  I have fixed your latest post.

 

When I say go in to msconfig I mean:

 

search for

msconfig.exe

hit Enter.  Alternatively you can put msconfig in the Run box and hit Enter.

 

I didn't give instructions because you have so many things listed in FRST's msconfig section that I thought you knew how to get there.  Under the Startup tab look for listings for Discord and NordVPN and make sure they are checked then OK and reboot.

 

Since all three of your PCs are on the same network someone logging in to one had access to the other three especially if you used the same passwords on each.

Let's look at the PC#3 now.  FRST logs and Speccy log.


  • 0

#34
steveairway
Posted 23 March 2020 - 05:24 PM

steveairway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts

I was on disboard signing up to new discord groups

and got a message saying  U SEEM LIKE A ROBOT FROM DISBOARD.. i dont even have my vpn on

maybe thats why discord keeps booting me ...

 

maybe hacker somehow has me lookking like a robot? 

 

well WINDOWS TEN DISK just came in mail

 

 

should i load it up on this computer..   ?

 

anything i should prep or be aware of before i put windows ten on this computer?


Edited by steveairway, 23 March 2020 - 05:46 PM.

  • 0

#35
RKinner
Posted 23 March 2020 - 08:00 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

I don't know anything about Discord so no idea what robot behavior looks like to them.  Is there some sort of Discord log you can look at to see what your account has been doing like there is for Facebook?

 

I would disconnect the other two from the network.  In fact it's probably better to disconnect all three.  When you install Win 10 with the Internet connected they make you use a Microsoft account.  If you are not connected when you install you get a local account.  I would also let Windows delete all of the old partitions which should erase everything before you install.

 

Might be wise to Reset the router once you get Windows installed before you connect to the outside world.


  • 0

#36
steveairway
Posted 23 March 2020 - 08:50 PM

steveairway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts

i"M GOING TO install but i ran mbam file under VIRUS TOTAL.COM and might have found a virus

 

just saying 

 

https://gyazo.com/6c...f7efda3fe66d99c

 

prob a false positive


Edited by steveairway, 23 March 2020 - 08:52 PM.

  • 0

#37
RKinner
Posted 23 March 2020 - 10:08 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

False positive


  • 0

#38
steveairway
Posted 24 March 2020 - 02:13 AM

steveairway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts

I want to start an online poker game.. I paid like 200 bucks for Poker Mavens. . its software to let u run an online poker game/ room thru your computer with other friends or local players etc.

 

only thing i need a few ports open

 

can i do this safely?  I guess having ports open is always a risk but if i do it on old computer i don't care about much prob not too big a deal .

 

 

 

?  maybe use oldest computer and take it somewhere else and run the poker mavens full time on that  would bge good idea right? 


Edited by steveairway, 24 March 2020 - 02:14 AM.

  • 0

#39
RKinner
Posted 24 March 2020 - 07:17 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

How safe that would be depends pretty much on Poker Mavens.  Does it have any vulnerabilities?  No way to tell.  Most routers let you setup a second isolated LAN if you put the poker game on its own separate LAN it should be safe enough.


  • 0

#40
steveairway
Posted 25 March 2020 - 03:13 PM

steveairway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts

Hmm on this computer i can't get this computer to boot from startup .

 

When i put in Dvd it does not automatically start up

 

SO BOTTOM LINE IS I CAN'T SEEM TO GET THIS COMPUTER TO PUT ON WINDOWS TEN

 

When i got into bios on boot menu i dont see anything to load it up either. 

 

maybge cmd line?


  • 0

Advertisements

#41
RKinner
Posted 25 March 2020 - 03:21 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

In the BIOS look for UEFI or GPT vs MBR.  Older PCs used MBR, newer ones use UEFI/GPT and refer to MBR as Legacy in the BIOS.

Then you will have to change the boot order so that the DVD loads first.

What is the PC's make & model number?


  • 0

#42
steveairway
Posted 25 March 2020 - 03:22 PM

steveairway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Click Start->Run, type cmd and press Enter. Type ipconfig /release at the prompt window, press Enter, it will release the current IP configuration. Type ipconfig /renew at the prompt window, press Enter, wait for a while, the DHCP server will assign a new IP address for your computer.Dec 30, 2016
 
 
 
 
SO BY DOING THIS LOOKS LIKE I CAN GIVE MYSELF A NEW IP ADDRESS?   as mine is static thru my isp i think...
 
For some reason my IP location says Athens Oh I live in Dayton Oh .. its very weird.. because years ago i got into legal trouble there over a telephone argument....  
and makes me think the  police are watching me... Athens ohio is like 3 hours away..  not super close..  What u think?  
\
\

Edited by steveairway, 25 March 2020 - 03:24 PM.

  • 0

#43
steveairway
Posted 25 March 2020 - 03:22 PM

steveairway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
ITS A PROBOOK 6560 B HP

Edited by steveairway, 25 March 2020 - 03:24 PM.

  • 0

#44
RKinner
Posted 25 March 2020 - 04:00 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

If you do ipconfig /release & /renew you will be assigned an IP address by your router.  This will probably be in the range 192.168.0.x or 192.168.1.x  (where x = 1 to 254) as these are the most common defaults.  IF you want a PC with an address in one of those ranges to be reachable from the Internet you will need to set up your router to allow that via Network Address Translation.

 

If you have a static IP then that is programmed into the router but it will still assign one of the 192.168.y.x addresses.

 

Looking at a generic HP BIOS Menu:

 

https://support.hp.c...ument/c00034791

 

You will need to look under the System Configuration menu:

 

Select BOOT at the boot of the menu then

 

ENABLE CD-ROM boot

 

You may need to DISABLE Legacy Support

 

Make sure Internal CD/DVD ROM Drive

is a the top of both UEFI & Legacy boot order

Save and Exit


  • 0

#45
steveairway
Posted 27 March 2020 - 02:40 AM

steveairway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts

Ok i loaded up the newest computer i just bought for 150 bucks last week

I just loaded windows ten on this computer ... hopefully everything went ok

i hit custom scan and hit delete on hard drive partitons .. hopefully that went ok

 

Avast says i have a port open and its a vulnerability .. i enabled the paid premium version  .. Port is open it said

 

here is FRST stuff and speccy 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-03-2020
Ran by Computer2020 (administrator) on DESKTOP-UECK1KQ (LENOVO 42424WU) (27-03-2020 01:32:55)
Running from C:\Users\Computer2020\Downloads
Loaded Profiles: Computer2020 (Available Profiles: Computer2020)
Platform: Windows 10 Home Version 1809 17763.107 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Briggs Softworks -> Briggs Softworks) C:\Program Files (x86)\Briggs Softworks\Poker Mavens 6\PMServer.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Computer2020\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19081.28230.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated -> Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(TEFINCOM S.A. -> ) C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(TEFINCOM S.A. -> NordVPN) C:\Program Files (x86)\NordVPN\NordVPN.exe
(TEFINCOM S.A. -> The OpenVPN Project) C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\openvpn-nordvpn.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [277664 2020-03-26] (Avast Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-2612340677-4158134037-3102416192-1001\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [1815584 2020-02-28] (TEFINCOM S.A. -> NordVPN)
HKU\S-1-5-21-2612340677-4158134037-3102416192-1001\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Computer2020\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-2612340677-4158134037-3102416192-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Computer2020\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-2612340677-4158134037-3102416192-1001\...\RunOnce: [Uninstall 18.143.0717.0002\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Computer2020\AppData\Local\Microsoft\OneDrive\18.143.0717.0002\amd64"
HKU\S-1-5-21-2612340677-4158134037-3102416192-1001\...\RunOnce: [Uninstall 18.143.0717.0002] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Computer2020\AppData\Local\Microsoft\OneDrive\18.143.0717.0002"
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {4FA87319-9FD6-49D1-926A-CEB81A0109A1} - System32\Tasks\Lenovo Power Management Driver PnP Task => C:\Windows\System32\ibmpmsvc.exe [949632 2019-12-11] (Lenovo -> Lenovo.)
Task: {80C84998-A71E-45C9-A98D-6B66DD010A2B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3894664 2020-03-26] (Avast Software s.r.o. -> AVAST Software)
Task: {8FD7A22F-22AB-4A22-905C-0D688A83A1A6} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgrInst.exe [59576 2019-07-24] (Lenovo -> )
Task: {9795E467-C4F5-457D-88A5-264F11385BEC} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [112824 2019-07-24] (Lenovo -> Lenovo)
Task: {B34A5EDD-A401-4149-8AAB-A7F1EABEABDC} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent => {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} C:\Windows\System32\RDXTaskFactory.dll [411136 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
Task: {DDDBEA1A-E9D4-45FA-8503-F12067368865} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1660520 2020-03-26] (Avast Software s.r.o. -> Avast Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 103.86.99.99 103.86.96.96 103.86.96.100 103.86.99.100
Tcpip\..\Interfaces\{2d2c7f82-9d66-4ece-856c-af942b906664}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{eb68efb4-2ac4-412b-8a22-fc071c6e0f40}: [DhcpNameServer] 103.86.99.99 103.86.96.96 103.86.96.100 103.86.99.100
Internet Explorer:
==================
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6046624 2020-03-26] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [413472 2020-03-26] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [428560 2020-03-26] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57536 2020-03-26] (Avast Software s.r.o. -> AVAST Software)
S2 LPlatSvc; C:\Windows\System32\LPlatSvc.exe [892288 2019-12-11] (Lenovo -> Lenovo.)
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [234528 2020-02-28] (TEFINCOM S.A. -> )
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [259176 2016-10-02] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3830488 2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [110944 2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205576 2020-03-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [271120 2020-03-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [206608 2020-03-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [64272 2020-03-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [16304 2020-03-26] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42976 2020-03-26] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [175400 2020-03-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [552576 2020-03-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110560 2020-03-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84056 2020-03-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [848672 2020-03-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [458584 2020-03-26] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [235184 2020-03-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [316256 2020-03-26] (Avast Software s.r.o. -> AVAST Software)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2018-09-15] (Microsoft Windows -> Intel Corporation)
R0 PMDRVS; C:\Windows\System32\drivers\pmdrvs.sys [38160 2019-12-11] (Lenovo -> Lenovo.)
R3 SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [292864 2018-09-15] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [1485312 2018-09-15] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [740864 2018-09-15] (Microsoft Windows -> Conexant Systems, Inc.)
R3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46584 2018-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [340008 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [61992 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-03-27 02:21 - 2020-03-27 01:26 - 000000000 ____D C:\Windows\Panther
2020-03-27 01:42 - 2020-03-27 00:13 - 000003394 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2612340677-4158134037-3102416192-1001
2020-03-27 01:42 - 2020-03-27 00:13 - 000000000 ___RD C:\Users\Computer2020\OneDrive
2020-03-27 01:41 - 2020-03-27 01:41 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2020-03-27 01:40 - 2020-03-27 01:40 - 000001446 _____ C:\Users\Computer2020\Desktop\Microsoft Edge.lnk
2020-03-27 01:40 - 2020-03-26 23:47 - 000000000 ____D C:\Users\Computer2020\AppData\Local\MicrosoftEdge
2020-03-27 01:39 - 2020-03-27 01:39 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-03-27 01:39 - 2020-03-27 01:39 - 000000000 ___RD C:\Users\Computer2020\3D Objects
2020-03-27 01:39 - 2020-03-27 01:39 - 000000000 ____D C:\Users\Computer2020\AppData\Roaming\Adobe
2020-03-27 01:39 - 2020-03-27 01:39 - 000000000 ____D C:\Users\Computer2020\AppData\Local\VirtualStore
2020-03-27 01:39 - 2020-03-27 01:39 - 000000000 ____D C:\Users\Computer2020\AppData\Local\ConnectedDevicesPlatform
2020-03-27 01:39 - 2020-03-27 01:02 - 000000000 ____D C:\Users\Computer2020\AppData\Local\Packages
2020-03-27 01:39 - 2020-03-27 00:18 - 000000000 ____D C:\Users\Computer2020\AppData\Local\Publishers
2020-03-27 01:38 - 2020-03-27 01:38 - 000000020 ___SH C:\Users\Computer2020\ntuser.ini
2020-03-27 01:38 - 2020-03-27 00:13 - 000002388 _____ C:\Users\Computer2020\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-03-27 01:38 - 2020-03-26 23:47 - 000000000 ____D C:\Users\Computer2020
2020-03-27 01:34 - 2020-03-27 01:35 - 012091952 _____ C:\Users\Computer2020\Downloads\mbar-1.10.3.1001.exe.9w7xfot.partial
2020-03-27 01:34 - 2020-03-27 00:17 - 000795988 _____ C:\Windows\system32\PerfStringBackup.INI
2020-03-27 01:32 - 2020-03-27 01:34 - 000012800 _____ C:\Users\Computer2020\Downloads\FRST.txt
2020-03-27 01:32 - 2020-03-27 01:33 - 000000000 ____D C:\FRST
2020-03-27 01:32 - 2020-03-27 01:32 - 002279936 _____ (Farbar) C:\Users\Computer2020\Downloads\FRST64.exe
2020-03-27 01:32 - 2018-09-15 00:28 - 002864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2020-03-27 01:29 - 2020-03-27 01:29 - 000000000 _SHDL C:\Documents and Settings
2020-03-27 01:24 - 2020-03-27 01:24 - 000000000 ____D C:\ProgramData\USOShared
2020-03-27 01:22 - 2020-03-27 01:22 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-03-27 01:22 - 2020-03-27 00:09 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-03-27 01:21 - 2020-03-27 01:22 - 000257824 _____ C:\Windows\system32\FNTCACHE.DAT
2020-03-27 01:21 - 2020-03-27 01:22 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-03-27 01:21 - 2020-03-27 01:21 - 000000000 ____D C:\Windows\ServiceProfiles
2020-03-27 01:13 - 2020-03-27 01:23 - 000000000 ____D C:\Users\Computer2020\AppData\Roaming\Poker Mavens 6
2020-03-27 01:13 - 2020-03-27 01:22 - 000001313 _____ C:\Users\Computer2020\Desktop\Poker Mavens 6 Server.lnk
2020-03-27 01:13 - 2020-03-27 01:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Poker Mavens 6
2020-03-27 01:12 - 2020-03-27 01:12 - 000000000 ____D C:\Program Files (x86)\Briggs Softworks
2020-03-27 01:10 - 2020-03-27 01:11 - 000000000 ____D C:\Users\Computer2020\AppData\Local\NordVPN
2020-03-27 01:10 - 2020-03-27 01:10 - 000002039 _____ C:\Users\Public\Desktop\NordVPN.lnk
2020-03-27 01:10 - 2020-03-27 01:10 - 000002039 _____ C:\ProgramData\Desktop\NordVPN.lnk
2020-03-27 01:10 - 2020-03-27 01:10 - 000000000 ____D C:\ProgramData\NordVPN
2020-03-27 01:10 - 2020-03-27 01:10 - 000000000 ____D C:\ProgramData\Caphyon
2020-03-27 01:10 - 2020-03-27 01:10 - 000000000 ____D C:\Program Files (x86)\NordVPN
2020-03-27 01:09 - 2020-03-27 01:09 - 000000000 ____D C:\Program Files (x86)\NordVPN network TAP
2020-03-27 00:32 - 2020-03-27 01:18 - 000000000 ____D C:\Users\Computer2020\AppData\LocalLow\Mozilla
2020-03-27 00:32 - 2020-03-27 00:32 - 000000931 _____ C:\Users\Computer2020\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2020-03-27 00:32 - 2020-03-27 00:32 - 000000883 _____ C:\Users\Computer2020\Desktop\Start Tor Browser.lnk
2020-03-27 00:32 - 2020-03-27 00:32 - 000000000 ____D C:\Users\Computer2020\Desktop\Tor Browser
2020-03-27 00:31 - 2020-03-27 00:31 - 000772176 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase_clr0400.dll
2020-03-27 00:31 - 2020-03-27 00:31 - 000702400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase_clr0400.dll
2020-03-27 00:31 - 2020-03-27 00:31 - 000622832 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140_clr0400.dll
2020-03-27 00:31 - 2020-03-27 00:31 - 000433448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140_clr0400.dll
2020-03-27 00:31 - 2020-03-27 00:31 - 000087296 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140_clr0400.dll
2020-03-27 00:31 - 2020-03-27 00:31 - 000083768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140_clr0400.dll
2020-03-27 00:30 - 2020-03-27 00:30 - 000032816 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2020-03-27 00:30 - 2020-03-27 00:30 - 000029232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2020-03-27 00:30 - 2020-03-27 00:30 - 000017968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2020-03-27 00:30 - 2020-03-27 00:30 - 000017968 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2020-03-27 00:23 - 2020-03-27 00:23 - 000000000 ____D C:\Users\Computer2020\AppData\Roaming\NordVPN
2020-03-26 23:58 - 2020-03-27 01:05 - 000000000 ____D C:\ProgramData\Packages
2020-03-26 23:58 - 2020-03-27 00:11 - 000000000 ____D C:\Users\Computer2020\AppData\Local\CrashDumps
2020-03-26 23:58 - 2020-03-26 23:58 - 000000000 ____D C:\Windows\SysWOW64\Lenovo
2020-03-26 23:58 - 2020-03-26 23:58 - 000000000 ____D C:\Windows\system32\Tasks\Lenovo
2020-03-26 23:58 - 2020-03-26 23:58 - 000000000 ____D C:\Users\Computer2020\AppData\Local\Lenovo
2020-03-26 23:58 - 2020-03-26 23:58 - 000000000 ____D C:\Users\Computer2020\AppData\Local\Comms
2020-03-26 23:58 - 2020-03-26 23:58 - 000000000 ____D C:\ProgramData\Lenovo
2020-03-26 23:57 - 2020-03-27 00:09 - 000003700 _____ C:\Windows\system32\Tasks\Lenovo Power Management Driver PnP Task
2020-03-26 23:57 - 2020-03-26 23:57 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2020-03-26 23:57 - 2020-03-26 23:57 - 000000000 ____D C:\Program Files\Synaptics
2020-03-26 23:56 - 2020-03-26 23:56 - 000002164 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Premium Security.lnk
2020-03-26 23:56 - 2020-03-26 23:56 - 000002152 _____ C:\Users\Public\Desktop\Avast Premium Security.lnk
2020-03-26 23:56 - 2020-03-26 23:56 - 000002152 _____ C:\ProgramData\Desktop\Avast Premium Security.lnk
2020-03-26 23:56 - 2020-03-26 23:56 - 000000000 ____D C:\Users\Computer2020\AppData\Roaming\AVAST Software
2020-03-26 23:56 - 2020-03-26 23:56 - 000000000 ____D C:\Users\Computer2020\AppData\Local\CEF
2020-03-26 23:55 - 2020-03-26 23:55 - 000000000 ____D C:\Program Files (x86)\Intel
2020-03-26 23:55 - 2020-03-26 23:55 - 000000000 ____D C:\Intel
2020-03-26 23:53 - 2020-03-26 23:53 - 000458584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2020-03-26 23:53 - 2020-03-26 23:53 - 000316256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2020-03-26 23:53 - 2020-03-26 23:53 - 000235184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2020-03-26 23:53 - 2020-03-26 23:53 - 000175400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2020-03-26 23:53 - 2020-03-26 23:53 - 000110560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2020-03-26 23:53 - 2020-03-26 23:53 - 000084056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2020-03-26 23:53 - 2020-03-26 23:53 - 000042976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2020-03-26 23:53 - 2020-03-26 23:53 - 000016304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswElam.sys
2020-03-26 23:53 - 2020-03-26 23:53 - 000003990 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2020-03-26 23:53 - 2020-03-26 23:53 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2020-03-26 23:53 - 2020-03-26 23:53 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2020-03-26 23:53 - 2020-03-26 23:52 - 000848672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2020-03-26 23:53 - 2020-03-26 23:52 - 000552576 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2020-03-26 23:53 - 2020-03-26 23:52 - 000368056 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2020-03-26 23:53 - 2020-03-26 23:52 - 000271120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2020-03-26 23:53 - 2020-03-26 23:52 - 000206608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2020-03-26 23:53 - 2020-03-26 23:52 - 000205576 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2020-03-26 23:53 - 2020-03-26 23:52 - 000064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2020-03-26 23:50 - 2020-03-26 23:50 - 000000000 ____D C:\Users\Computer2020\AppData\Local\D3DSCache
2020-03-26 23:49 - 2020-03-26 23:49 - 000000000 ____D C:\Program Files\AVAST Software
2020-03-26 23:48 - 2020-03-26 23:53 - 000000000 ____D C:\ProgramData\AVAST Software
2020-03-26 23:48 - 2020-03-26 23:48 - 000000000 ____D C:\Users\Computer2020\AppData\Local\DBG
2020-03-26 23:47 - 2020-03-27 00:23 - 000000000 ____D C:\Users\Computer2020\AppData\Local\PlaceholderTileLogoFolder
2020-03-26 23:47 - 2020-03-26 23:47 - 000000000 ___HD C:\Users\Computer2020\MicrosoftEdgeBackups
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-03-27 02:21 - 2018-09-15 00:31 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2020-03-27 01:33 - 2018-09-15 00:33 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2020-03-27 01:32 - 2018-09-15 00:33 - 000000000 ____D C:\Windows\system32\spool
2020-03-27 01:32 - 2018-09-15 00:33 - 000000000 ____D C:\Windows\system32\FxsTmp
2020-03-27 01:24 - 2018-09-15 00:33 - 000000000 ____D C:\ProgramData\USOPrivate
2020-03-27 01:23 - 2018-09-15 00:33 - 000000000 ___RD C:\Windows\PrintDialog
2020-03-27 01:23 - 2018-09-15 00:33 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2020-03-27 01:23 - 2018-09-14 23:09 - 000032768 _____ C:\Windows\system32\config\ELAM
2020-03-27 01:18 - 2018-09-15 00:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-03-27 01:09 - 2018-09-15 00:31 - 000000000 ____D C:\Windows\INF
2020-03-27 01:05 - 2018-09-15 00:33 - 000000000 ___HD C:\Program Files\WindowsApps
2020-03-27 01:05 - 2018-09-15 00:33 - 000000000 ____D C:\Windows\AppReadiness
2020-03-27 00:32 - 2018-09-15 00:23 - 000000000 ____D C:\Windows\CbsTemp
2020-03-27 00:09 - 2018-09-14 23:09 - 000524288 _____ C:\Windows\system32\config\BBI
2020-03-26 23:57 - 2018-09-15 00:33 - 000000000 ____D C:\Windows\ServiceState
2020-03-26 23:55 - 2018-09-15 00:33 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2020-03-26 23:53 - 2018-09-15 00:33 - 000000000 ___HD C:\Windows\ELAMBKUP
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP