Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My computer is infected [Closed]

Started by Alzedroh , Jul 11 2020 08:48 AM

  • This topic is locked This topic is locked

#1
Alzedroh
Posted 11 July 2020 - 08:48 AM

Alzedroh

    New Member

  • Member
  • Pip
  • 1 posts

Hi there, i used this computer for work 1 and a half years ago but still can not get full control. No contact with previous employer,I worked on contract.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2020 01
Ran by radomird (ATTENTION: The user is not administrator) on WC-5CG8245KS2 (HP HP EliteBook x360 1030 G2) (12-07-2020 00:30:51)
Running from C:\Users\radomird\Desktop
Loaded Profiles: radomird
Platform: Windows 10 Pro Version 1909 18363.592 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Alps\GlidePoint\ApMsgFwd.exe
(ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Alps\GlidePoint\ApntEx.exe
(ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Alps\GlidePoint\Apoint.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Alps\GlidePoint\hidfind.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Endpoint Security\epconsole.exe
(Conexant Systems LLC -> Conexant Systems, Inc) C:\Program Files\CONEXANT\Flow\Flow.exe
(Conexant Systems LLC -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SmartAudio3.exe
(Conexant Systems, Inc) [File not signed] C:\Program Files\CONEXANT\SA3\HP-NB-AIO\CnxtNotify.exe
(Google LLC -> Google LLC) C:\Users\radomird\AppData\Local\Google\Chrome\Application\chrome.exe <28>
(HP Inc. -> HP) C:\Program Files (x86)\HP\HP Collaboration Keyboard\CollaborationKeysController.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64_kbl_kit127397.inf_amd64_e1da8ee9e92ccadb\igfxEM.exe
(LiveQoS Incorporated -> LiveQoS Incorporated) C:\Program Files\HP\HP Velocity\systray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIEE.EXE
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
Failed to access process -> armsvc.exe
Failed to access process -> bdredline.exe
Failed to access process -> conhost.exe
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> CxAudioSvc.exe
Failed to access process -> CxUtilSvc.exe
Failed to access process -> dasHost.exe
Failed to access process -> dasHost.exe
Failed to access process -> dwm.exe
Failed to access process -> epintegrationservice.exe
Failed to access process -> epprotectedservice.exe
Failed to access process -> epsecurityservice.exe
Failed to access process -> epupdateservice.exe
Failed to access process -> esif_uf.exe
Failed to access process -> EvtEng.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> HidMonitorSvc.exe
Failed to access process -> HPCommRecovery.exe
Failed to access process -> hpMAMSrv.exe
Failed to access process -> hpqwmiex.exe
Failed to access process -> ibtsiva.exe
Failed to access process -> igfxCUIService.exe
Failed to access process -> IntelCpHDCPSvc.exe
Failed to access process -> IntelCpHeciSvc.exe
Failed to access process -> ISD_Tablet.exe
Failed to access process -> jhi_service.exe
Failed to access process -> LMS.exe
Failed to access process -> lsass.exe
Failed to access process -> OfficeClickToRun.exe
Failed to access process -> PresentationFontCache.exe
Failed to access process -> RegSrvc.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> SecurityHealthService.exe
Failed to access process -> services.exe
Failed to access process -> SgrmBroker.exe
Failed to access process -> smss.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> TeamViewer_Service.exe
Failed to access process -> UIUSrv.exe
Failed to access process -> unsecapp.exe
Failed to access process -> WacomHost.exe
Failed to access process -> wininit.exe
Failed to access process -> winlogon.exe
Failed to access process -> wlanext.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> WTabletServiceISD.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> ZeroConfigService.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1203856 2017-10-24] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
HKLM\...\Policies\Explorer: [DontSetAutoplayCheckbox] 1
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-4065904220-1948428617-1027685433-12960\...\Run: [Google Update] => C:\Users\radomird\AppData\Local\Google\Update\1.3.35.452\GoogleUpdateCore.exe [217544 2020-03-21] (Google LLC -> Google LLC)
HKU\S-1-5-21-4065904220-1948428617-1027685433-12960\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIEE.EXE [283232 2014-12-04] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4065904220-1948428617-1027685433-12960\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIEE.EXE [283232 2014-12-04] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4065904220-1948428617-1027685433-12960\...\Run: [Opera Browser Assistant] => C:\Users\radomird\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3105304 2020-07-08] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-4065904220-1948428617-1027685433-12960\...\Policies\system: [HideLogonScripts] 1
HKU\S-1-5-21-4065904220-1948428617-1027685433-12960\...\Policies\system: [HideLegacyLogonScripts] 1
HKU\S-1-5-21-4065904220-1948428617-1027685433-12960\...\Policies\system: [Wallpaper] none.jpg
HKU\S-1-5-21-4065904220-1948428617-1027685433-12960\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-21-4065904220-1948428617-1027685433-12960\...\Policies\Explorer: [ForceActiveDesktopOn] 1
HKU\S-1-5-21-4065904220-1948428617-1027685433-12960\Software\Policies\...\system: [ExcludeProfileDirs] My Documents\My Music; My Music; Cookies; Downloads; AppData\Roaming\Apple Computer; AppData\Roaming\Mozilla; AppData\Roaming\Opera; AppData\Roaming\Microsoft; AppData\Roaming\DivX; AppData\Roaming\Sp (the data entry has 802 more characters).
HKU\S-1-5-21-4065904220-1948428617-1027685433-12960\Software\Policies\...\system: [GroupPolicyMinTransferRate] 0
HKU\S-1-5-21-4065904220-1948428617-1027685433-12960\...\MountPoints2: {a0538a79-5a8b-11ea-89d8-d549af811345} - "E:\windows\AutoRun.exe" 
HKLM\...\Windows x64\Print Processors\ApjPrint: C:\Windows\System32\spool\prtprocs\x64\ApjPrint.dll [369152 2017-06-12] (NT-ware Systemprogrammierung GmbH) [File not signed]
HKLM\Software\...\Authentication\Credential Providers: [{733d146c-3c7f-4afc-8381-83348bf326bb}] -> C:\WINDOWS\system32\HPCredentialProvider.dll [2017-12-06] (HP Inc. -> HP)
Lsa: [Notification Packages] HPPwdFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Velocity.lnk [2018-06-16]
ShortcutTarget: HP Velocity.lnk -> C:\Program Files\HP\HP Velocity\systray.exe (LiveQoS Incorporated -> LiveQoS Incorporated)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{36924505-e571-4cb3-b99e-73f4d17ab777}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{47845f01-a8fa-4c32-b300-7f9fdde68245}: [NameServer] 10.4.27.70,10.5.133.45
Tcpip\..\Interfaces\{ecccb0b9-33f0-47a8-88da-80fe7c245b1a}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-4065904220-1948428617-1027685433-12960\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/onlineroutefinder/ttab02/index.html?n=C08D00C&p2=^CPX^xdm158^TTAB02^au&ptb=160FE3C1-E674-4E53-B434-9E9FAA2B7A81&si=mapsdirections-2-s&coid=06a49ddf2da44359a0d3316a7d6729a8
HKU\S-1-5-21-4065904220-1948428617-1027685433-12960\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-10-24] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-10-17] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-10-24] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-10-24] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File
IE Session Restore: HKU\S-1-5-21-4065904220-1948428617-1027685433-12960 -> is enabled.
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-17] (Microsoft Corporation -> Microsoft Corporation)
 
Edge: 
======
DownloadDir: C:\Users\radomird\Desktop\Web_Download
 
FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-10-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-10-17] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-04] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Profile 2
CHR Profile: C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-05-13]
CHR Profile: C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 2 [2020-07-12]
CHR DownloadDir: E:\
CHR Notifications: Profile 2 -> hxxps://badoo.com; hxxps://drive.google.com; hxxps://hardingsburger.com.au; hxxps://m.locanto.com.au; hxxps://openloadmovies.bz; hxxps://promosurvey3.info; hxxps://streampoint.live; hxxps://tinder.com; hxxps://www.locanto.com.au; hxxps://www.wish.com; hxxps://www.wisrcredit.com.au
CHR Extension: (Slides) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-06-14]
CHR Extension: (Just Black) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2019-06-15]
CHR Extension: (Docs) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2019-06-14]
CHR Extension: (Google Drive) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-06-14]
CHR Extension: (IBM Security Rapport) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2019-12-05]
CHR Extension: (YouTube) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-06-14]
CHR Extension: (Sheets) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-06-14]
CHR Extension: (Google Docs Offline) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-31]
CHR Extension: (Ask Web Search) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jbldcomffojmkkjbblhcebeicbncmjpf [2020-07-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-17]
CHR Extension: (Gmail) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-14]
CHR Extension: (Chrome Media Router) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-28]
CHR Profile: C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 3 [2020-07-04]
CHR Extension: (Slides) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-06-03]
CHR Extension: (Docs) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2020-06-03]
CHR Extension: (Google Drive) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-06-03]
CHR Extension: (YouTube) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-06-03]
CHR Extension: (YouTube Music) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cinhimbnkkaeohfgghhklpknlkffjgod [2020-06-04]
CHR Extension: (Sheets) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-06-03]
CHR Extension: (Google Docs Offline) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-06-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-06-03]
CHR Extension: (Gmail) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-06-03]
CHR Extension: (Chrome Media Router) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-03]
CHR Profile: C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 4 [2020-06-17]
CHR Extension: (Slides) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-06-04]
CHR Extension: (Docs) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2020-06-04]
CHR Extension: (Google Drive) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-06-04]
CHR Extension: (IBM Security Rapport) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2020-06-04]
CHR Extension: (YouTube) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-06-04]
CHR Extension: (Sheets) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-06-04]
CHR Extension: (Google Docs Offline) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-06-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-06-04]
CHR Extension: (Gmail) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-06-04]
CHR Extension: (Chrome Media Router) - C:\Users\radomird\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-04]
CHR Profile: C:\Users\radomird\AppData\Local\Google\Chrome\User Data\System Profile [2020-06-29]
CHR HKU\S-1-5-21-4065904220-1948428617-1027685433-12960\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof]
 
Opera: 
=======
OPR DownloadDir: C:\Users\radomird\Desktop
OPR Notifications: hxxps://m.locanto.com.au; hxxps://www.locanto.com.au
OPR Extension: (Chrome Media Router) - C:\Users\radomird\AppData\Roaming\Opera Software\Opera Stable\Extensions\pphjpkjjljnllpnebififokmoejkeahp [2020-07-04]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ApHidMonitorService; C:\Program Files\Alps\GlidePoint\HidMonitorSvc.exe [178776 2017-08-23] (ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9677088 2018-09-29] (Microsoft Corporation -> Microsoft Corporation)
R2 CxAudioSvc; C:\WINDOWS\CxSvc\CxAudioSvc.exe [41552 2017-12-21] (Conexant Systems LLC -> Conexant Systems, Inc)
R2 CxUtilSvc; C:\WINDOWS\CxSvc\CxUtilSvc.exe [149104 2017-11-15] (Conexant Systems LLC -> Conexant Systems, Inc.)
R2 EPIntegrationService; C:\Program Files\Bitdefender\Bitdefender Endpoint Security\EPIntegrationService.exe [208312 2020-06-12] (Bitdefender SRL -> Bitdefender)
R2 EPProtectedService; C:\Program Files\Bitdefender\Bitdefender Endpoint Security\EPProtectedService.exe [208312 2020-06-12] (Bitdefender SRL -> Bitdefender)
R2 EPRedline; C:\Program Files\Bitdefender\Bitdefender Endpoint Security\bdredline.exe [2389576 2020-06-12] (Bitdefender SRL -> Bitdefender)
R2 EPSecurityService; C:\Program Files\Bitdefender\Bitdefender Endpoint Security\EPSecurityService.exe [208312 2020-06-12] (Bitdefender SRL -> Bitdefender)
R2 EPUpdateService; C:\Program Files\Bitdefender\Bitdefender Endpoint Security\EPUpdateService.exe [208312 2020-06-12] (Bitdefender SRL -> Bitdefender)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-08] (HP Inc.) [File not signed]
R2 HPMAMSrv; C:\Program Files (x86)\HP\HP MAC Address Manager\hpMAMSrv.exe [537408 2017-01-18] (HP Inc. -> HP)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1128992 2017-12-06] (HP Inc. -> HP)
S3 HPWorkWise; C:\Program Files (x86)\HP\HP WorkWise\HPWorkWiseService.exe [704336 2017-12-06] (HP Inc. -> HP)
R3 lmhosts; C:\WINDOWS\System32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 lmhosts; C:\WINDOWS\SysWOW64\svchost.exe [45448 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268928 2017-12-20] (Intel® Wireless Connectivity Solutions -> )
R2 NlaSvc; C:\WINDOWS\System32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NlaSvc; C:\WINDOWS\SysWOW64\svchost.exe [45448 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 nsi; C:\WINDOWS\system32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 nsi; C:\WINDOWS\SysWOW64\svchost.exe [45448 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-12-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12754432 2019-12-17] (TeamViewer GmbH -> TeamViewer Germany GmbH)
S3 ThunderboltService; c:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2263784 2017-10-20] (Intel® Client Connectivity Division SW -> Intel Corporation)
R2 UIUService; C:\WINDOWS\SysWOW64\UIUSrv.exe [116344 2019-12-27] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
R2 WTabletServiceISD; C:\Program Files\Tablet\ISD\WTabletServiceISD.exe [1696368 2018-06-24] (Wacom Technology Corporation -> Wacom Technology, Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758720 2017-12-20] (Intel® Wireless Connectivity Solutions -> Intel® Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ApHidfiltrService; C:\WINDOWS\system32\DRIVERS\ApHidFiltr.sys [278528 2017-08-23] (ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S0 BDElam; C:\WINDOWS\System32\drivers\bdelam.sys [22960 2019-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
R3 CnxtHdAudService; C:\WINDOWS\system32\drivers\CHDRT64ISST.sys [2081240 2017-12-26] (Conexant Systems LLC -> Conexant Systems Inc.)
R3 cxwmbclass; C:\WINDOWS\System32\drivers\cxwmbclass.sys [130048 2019-12-28] (Microsoft Windows -> Microsoft Corporation)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [188600 2020-06-12] (Bitdefender SRL -> BitDefender LLC)
R3 IntcAudioBus; C:\WINDOWS\System32\drivers\IntcAudioBus.sys [242264 2017-11-22] (Intel® Smart Sound Technology -> Intel® Corporation)
R1 IPeakLWF; C:\WINDOWS\system32\DRIVERS\ipeaklwf.sys [525144 2017-06-15] (LiveQoS Incorporated -> LiveQoS Incorporated)
S3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2019-03-19] (Microsoft Windows -> MediaTek Inc.)
S3 nhi; C:\WINDOWS\System32\drivers\tbt100x.sys [137288 2017-10-24] (Intel® Client Connectivity Division SW -> Intel Corporation)
S3 pmxdrv; C:\windows\system32\drivers\pmxdrv.sys [31152 2018-10-16] (PAIPTAC  Driver -> )
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv64.sys [737192 2017-11-28] (Sunplus Innovation Technology Inc. -> Sunplus Innovation Technology Inc.)
R2 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [638352 2020-06-12] (Bitdefender SRL -> Bitdefender)
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [42000 2017-07-04] (Intel® Software -> Intel Corporation)
R3 WacHidRouterISD; C:\WINDOWS\system32\DRIVERS\wachidrouter_isd.sys [152680 2018-06-24] (Wacom Technology Corporation -> Wacom Technology, Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2019-08-06] (HP Inc. -> HP)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-07-12 00:30 - 2020-07-12 00:31 - 000028985 ____C C:\Users\radomird\Desktop\FRST.txt
2020-07-12 00:20 - 2020-07-12 00:21 - 005054744 _____ (AO Kaspersky Lab) C:\Users\radomird\Desktop\tdsskiller.exe
2020-07-12 00:13 - 2020-07-12 00:31 - 000000000 ____D C:\FRST
2020-07-12 00:12 - 2020-07-12 00:12 - 002292736 _____ (Farbar) C:\Users\radomird\Desktop\FRST64 (1).exe
2020-07-12 00:08 - 2020-07-12 00:08 - 002292736 _____ (Farbar) C:\Users\radomird\Desktop\FRST64.exe
2020-07-11 06:06 - 2020-07-11 06:06 - 000000000 ____D C:\WINDOWS\system32\tmp00002bd9
2020-07-08 00:17 - 2020-07-08 00:17 - 000000000 ____D C:\WINDOWS\system32\tmp000064d3
2020-07-05 21:04 - 2020-07-05 21:05 - 000000000 ___DC C:\Users\radomird\Desktop\5G
2020-07-05 20:58 - 2020-07-05 21:08 - 000000000 ___DC C:\Users\radomird\Desktop\Other
2020-07-05 20:54 - 2020-07-05 20:57 - 000000000 ___DC C:\Users\radomird\Desktop\Spirital
2020-07-05 20:47 - 2020-07-10 01:32 - 000000000 ___DC C:\Users\radomird\Desktop\MM
2020-07-04 01:52 - 2020-07-04 01:52 - 000000000 ____D C:\WINDOWS\system32\tmp000001d5
2020-06-28 02:01 - 2020-06-28 02:15 - 000000000 ___DC C:\Users\radomird\Documents\MixPad BeatMaker Compositions
2020-06-25 02:45 - 2020-06-25 02:45 - 000000000 ____D C:\WINDOWS\Minidump
2020-06-12 17:51 - 2020-07-12 00:27 - 000000000 ____D C:\ProgramData\GenPatch
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-07-11 23:49 - 2019-03-19 14:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-07-11 23:25 - 2019-12-27 19:58 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-07-11 18:02 - 2019-03-19 14:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-07-11 18:02 - 2019-03-19 14:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-07-11 10:03 - 2019-12-27 20:16 - 000935192 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-07-11 10:03 - 2019-03-19 14:50 - 000000000 ____D C:\WINDOWS\INF
2020-07-11 09:58 - 2018-10-16 09:32 - 000000000 __SHD C:\Users\radomird\IntelGraphicsProfiles
2020-07-11 09:57 - 2018-10-16 08:52 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-07-11 09:56 - 2020-01-15 14:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Endpoint Security
2020-07-11 09:56 - 2019-12-27 20:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-07-10 00:00 - 2019-01-11 13:54 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-07-06 15:58 - 2018-10-16 09:42 - 000000000 ___DC C:\Users\radomird\AppData\Local\Packages
2020-07-04 02:24 - 2019-12-27 20:07 - 000000000 ____D C:\Users\radomird
2020-07-04 02:01 - 2020-02-16 04:03 - 000002450 ____C C:\Users\radomird\Desktop\NCH Suite.lnk
2020-07-04 01:57 - 2018-11-25 12:39 - 000000000 ___HD C:\Users\radomird\AppData\Local\D3DSCache
2020-06-29 13:20 - 2019-10-30 13:12 - 000001429 ____C C:\Users\radomird\Desktop\Opera Browser.lnk
2020-06-29 04:17 - 2019-10-30 13:12 - 000001419 ____C C:\Users\radomird\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2020-06-28 15:14 - 2019-12-27 20:07 - 000002383 ____C C:\Users\radomird\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-06-26 06:33 - 2020-02-07 22:52 - 000000000 ____D C:\Users\radomird\Downloads\opera autoupdate
2020-06-25 07:27 - 2018-12-09 12:35 - 000002524 ____C C:\Users\radomird\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-25 02:45 - 2018-11-09 00:58 - 1682375942 _____ C:\WINDOWS\MEMORY.DMP
2020-06-22 04:50 - 2019-01-11 13:48 - 000000000 ___HD C:\Users\radomird\AppData\Local\Adobe
2020-06-12 18:10 - 2019-03-19 14:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-06-12 17:47 - 2020-01-15 14:31 - 000638352 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2020-06-12 17:47 - 2020-01-15 14:31 - 000188600 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2020-06-12 17:47 - 2020-01-15 14:31 - 000010176 _____ C:\WINDOWS\system32\Drivers\gzflt.cat
 
==================== Files in the root of some directories ========
 
2020-01-21 05:39 - 2020-01-21 05:39 - 000000017 _____ () C:\Users\radomird\AppData\Local\resmon.resmoncfg
 
==================== FLock ==============================
 
2019-03-19 14:52 C:\PerfLogs
2019-12-27 19:59 C:\Recovery
2020-02-03 15:50 C:\WINDOWS\system32\config
2019-03-19 14:52 C:\WINDOWS\system32\Configuration
2019-03-19 14:52 C:\WINDOWS\system32\DriverState
2019-03-19 14:52 C:\WINDOWS\system32\FxsTmp
2019-03-19 14:53 C:\WINDOWS\system32\ias
2019-12-28 14:58 C:\WINDOWS\system32\MsDtc
2019-03-19 14:52 C:\WINDOWS\system32\networklist
2020-07-11 23:25 C:\WINDOWS\system32\SleepStudy
2020-07-12 00:10 C:\WINDOWS\system32\sru
2020-07-10 00:00 C:\WINDOWS\system32\Tasks
2019-12-28 14:58 C:\WINDOWS\system32\Tasks_Migrated
2020-03-05 13:21 C:\WINDOWS\system32\WDI
2020-07-11 18:02 C:\Program Files\WindowsApps
2019-12-27 20:16 C:\WINDOWS\diagerr.xml
2019-12-27 20:16 C:\WINDOWS\diagwrn.xml
2019-12-27 20:04 C:\WINDOWS\iis.log
2019-11-17 19:24 C:\WINDOWS\InfusedApps
2020-03-23 14:14 C:\WINDOWS\LiveKernelReports
2020-06-25 02:45 C:\WINDOWS\MEMORY.DMP
2020-06-25 02:45 C:\WINDOWS\Minidump
2019-12-28 14:58 C:\WINDOWS\ModemLogs
2020-07-12 00:13 C:\WINDOWS\Prefetch
2020-02-24 07:05 C:\WINDOWS\ServiceState
2020-07-11 23:49 C:\WINDOWS\Temp
2019-03-19 14:52 C:\WINDOWS\SysWOW64\config
2019-03-19 14:52 C:\WINDOWS\SysWOW64\Configuration
2019-03-19 14:52 C:\WINDOWS\SysWOW64\FxsTmp
2019-03-19 14:52 C:\WINDOWS\SysWOW64\Msdtc
2019-03-19 14:52 C:\WINDOWS\SysWOW64\networklist
2019-03-19 14:52 C:\WINDOWS\SysWOW64\sru
2019-03-19 14:52 C:\WINDOWS\SysWOW64\Tasks
2019-03-19 14:52 C:\WINDOWS\system32\Drivers\DriverData
2019-12-27 20:10 C:\Users\localadmin
2019-12-27 20:10 C:\Users\matt.redfern
2020-02-21 08:31 C:\ProgramData\Packages
2019-03-19 16:23 C:\ProgramData\WindowsHolographicDevices
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
 
ATTENTION: ==> Could not access BCD. The user is not administrator -> The boot configuration data store could not be opened.
Access is denied.
 
==================== End of FRST.txt ========================
Feedback would be greatly appreciated 

  • 0

Advertisements

#2
JSntgRvr
Posted 11 July 2020 - 07:43 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Please Click here!, and follow the recommendations in the guide. All tools should be ran as an Administrator, else the results wont help.

Someone will be along to tell you what steps to take after you post the contents of the scan results.


  • 0

#3
JSntgRvr
Posted 24 July 2020 - 08:08 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP