hijackthis icon indicating copy to clipboard operation
hijackthis copied to clipboard

Published 20 hours ago verified publisher icon dragokas

Someone tried to get into some computer bank. Serious virus from chrome

Open kangarooo opened this issue 8 months ago • 1 comments

CollectionLog-2025.03.18-22.07.zip

DO NOT OPEN THEESE LINKS WIHTOUT SECURITY https://voolklen2.shop/click?key=8718d1fa25cd9e7b0a90&ad_id=120216104489010144&adset_id=120216104473650144&campaign_id=120216104473640144&ad_name=Kr%C4%81jumu+likvid%C4%81cija+%E2%80%93+2&adset_name=06.03.2025&campaign_name=LV+-+Makita&keyw=%7Bkeyw%7D&utm_medium=paid&utm_source=fb&utm_id=120216104473640144&utm_content=120216104489010144&utm_term=120216104473650144&utm_campaign=120216104473640144&fbclid=IwY2xjawI3gdlleHRuA2FlbQIxMAABHTDDHhi6NE6KDx8iIPO4sGm_afzVXftvBI30Z4-oFjDZ7j7XZHw-lX7tsg_aem_V4wb1Wr_cWUN7QmHyyXPJA

From there buying opens this 2nd link https://lv.leaderpanelop.space/

Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.10

Platform: x64 Windows 11 (Home), 10.0.26100.3476 (ReleaseId: 2009, 24H2), Service Pack: 0 Time: 18.03.2025 - 21:57 (UTC+02:00) Language: OS: English (0x809). Display: Latvian (0x426). Non-Unicode: English (0x809) Elevated: Yes Ran by: Andris (group: Administrators) on LAPTOP-N5RHQITI, FirstRun: yes

Chrome: 134.0.6998.89 Internet Explorer: 11.0.26100.1882 Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal

Running processes: Number | Path 1 C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe 6 C:\Program Files (x86)\Microsoft\EdgeWebView\Application\134.0.3124.72\msedgewebview2.exe 1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe 1 C:\Program Files\HP\HP Media Network\HPMediaNetwork.exe 1 C:\Program Files\HPCommRecovery\HPCommRecovery.exe 1 C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe 1 C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe 1 C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2509.4.0_x64__cv1g1gvanyjgm\WhatsApp.exe 1 C:\Program Files\WindowsApps\AD2F1837.BOAudioControl_1.40.284.0_x64__v10z8vjag6ke6\BOAudioControl.exe 1 C:\Program Files\WindowsApps\AD2F1837.HPEnhance_1.4.4.0_x64__v10z8vjag6ke6\Win32\HPEnhancedLighting.Bg.exe 1 C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_3.1.26.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityBackground.exe 1 C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_3.1.26.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe 1 C:\Program Files\WindowsApps\AD2F1837.myHP_42.52507.561.0_x64__v10z8vjag6ke6\HP.myHP.exe 1 C:\Program Files\WindowsApps\AD2F1837.myHP_42.52507.561.0_x64__v10z8vjag6ke6\win32\DesktopExtension.exe 1 C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe 1 C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSSrcExt.exe 1 C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\cncmd.exe 1 C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe 1 C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.1.282.0_x64__8wekyb3d8bbwe\MicrosoftStartFeedProvider\MicrosoftStartFeedProvider.exe 1 C:\Program Files\WindowsApps\Microsoft.WidgetsPlatformRuntime_1.6.2.0_x64__8wekyb3d8bbwe\WidgetService\WidgetService.exe 1 C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.5100.30.0_x64__cw5n1h2txyewy\WidgetBoard.exe 1 C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.25021.28.0_x64__cw5n1h2txyewy\CrossDeviceService.exe 1 C:\Program Files\WindowsApps\MSTeams_25044.2208.3471.2155_x64__8wekyb3d8bbwe\ms-teams.exe 1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MpDefenderCoreService.exe 1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MsMpEng.exe 1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\NisSrv.exe 4 C:\Users\Andris\Downloads\AnyDesk.exe 1 C:\Users\Andris\Downloads\EmsisoftEmergencyKitPortable_2024.4.0.12347_online.paf.exe 1 C:\Users\Andris\Downloads\HijackThisPortable\App\HijackThis\HijackThis.exe 1 C:\Users\Andris\Downloads\HijackThisPortable\HijackThisPortable.exe 1 C:\Windows\explorer.exe 1 C:\Windows\RtkBtManServ.exe 1 C:\Windows\System32\AggregatorHost.exe 1 C:\Windows\System32\amdfendrsr.exe 1 C:\Windows\System32\ApplicationFrameHost.exe 1 C:\Windows\System32\audiodg.exe 1 C:\Windows\System32\backgroundTaskHost.exe 1 C:\Windows\System32\cmd.exe 3 C:\Windows\System32\conhost.exe 2 C:\Windows\System32\csrss.exe 1 C:\Windows\System32\ctfmon.exe 2 C:\Windows\System32\dasHost.exe 2 C:\Windows\System32\dllhost.exe 1 C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe 1 C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\AppHelperCap.exe 1 C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\BridgeCommunication.exe 1 C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\DiagsCap.exe 1 C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\NetworkCap.exe 1 C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\SysInfoCap.exe 3 C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_1c0a31316508effa\RtkAudUService64.exe 1 C:\Windows\System32\DriverStore\FileRepository\u0387389.inf_amd64_995be970e30b8c79\B385477\atieclxx.exe 1 C:\Windows\System32\DriverStore\FileRepository\u0387389.inf_amd64_995be970e30b8c79\B385477\atiesrxx.exe 1 C:\Windows\System32\dwm.exe 2 C:\Windows\System32\fontdrvhost.exe 1 C:\Windows\System32\LsaIso.exe 1 C:\Windows\System32\lsass.exe 10 C:\Windows\System32\RuntimeBroker.exe 5 C:\Windows\System32\SearchFilterHost.exe 1 C:\Windows\System32\SearchIndexer.exe 1 C:\Windows\System32\SearchProtocolHost.exe 1 C:\Windows\System32\SECOCL64.exe 1 C:\Windows\System32\SECOMN64.exe 1 C:\Windows\System32\SecurityHealthService.exe 1 C:\Windows\System32\SecurityHealthSystray.exe 1 C:\Windows\System32\services.exe 1 C:\Windows\System32\ShellHost.exe 1 C:\Windows\System32\sihost.exe 1 C:\Windows\System32\SynTPEnh.exe 1 C:\Windows\System32\SynTPEnhService.exe 1 C:\Windows\System32\smartscreen.exe 1 C:\Windows\System32\smss.exe 1 C:\Windows\System32\spoolsv.exe 83 C:\Windows\System32\svchost.exe 2 C:\Windows\System32\taskhostw.exe 2 C:\Windows\System32\wbem\unsecapp.exe 1 C:\Windows\System32\wbem\WmiPrvSE.exe 1 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 1 C:\Windows\System32\wininit.exe 1 C:\Windows\System32\winlogon.exe 1 C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe 1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe 1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe 1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe 1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes{1236C5F6-78C1-4247-AB3A-B8F4DFE7A66D}: [SuggestionsURL] = http://asp.assoc-amazon.co.uk/suggestions?q={searchTerms}&t=hp-uk1-vsb-21 - Amazon (UK) Search Suggestions R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes{1236C5F6-78C1-4247-AB3A-B8F4DFE7A66D}: [SuggestionsURL_JSON] = http://completion.amazon.co.uk/search/complete?method=completion&q={searchTerms}&search-alias=aps&client=amzn-search-suggestions/9fe582406fb5106f343a84083d78795713c12d68&mkt=3 - Amazon (UK) Search Suggestions R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes{1236C5F6-78C1-4247-AB3A-B8F4DFE7A66D}: [URL] = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5FcPortugueseode=qs&index=aps&field-keywords={searchTerms} - Amazon (UK) Search Suggestions R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes{1236C5F6-78C1-4247-AB3A-B8F4DFE7A66D}: [SuggestionsURL] = http://asp.assoc-amazon.co.uk/suggestions?q={searchTerms}&t=hp-uk1-vsb-21 - Amazon (UK) Search Suggestions R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes{1236C5F6-78C1-4247-AB3A-B8F4DFE7A66D}: [SuggestionsURL_JSON] = http://completion.amazon.co.uk/search/complete?method=completion&q={searchTerms}&search-alias=aps&client=amzn-search-suggestions/9fe582406fb5106f343a84083d78795713c12d68&mkt=3 - Amazon (UK) Search Suggestions R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes{1236C5F6-78C1-4247-AB3A-B8F4DFE7A66D}: [URL] = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5FcPortugueseode=qs&index=aps&field-keywords={searchTerms} - Amazon (UK) Search Suggestions O2 - HKLM..\BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll O2-32 - HKLM..\BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O4 - HKCU..\Run: [HPSEU_Host_Launcher] = C:\System.sav\util\HPSEU\HpseuHostLauncher.exe O4 - HKU\S-1-5-19..\Run: [HPSEU_Host_Launcher] = C:\System.sav\util\HPSEU\HpseuHostLauncher.exe (User 'Local service') O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (Microsoft) (User 'Local service') O4 - HKU\S-1-5-19..\RunOnce: [OMENCC_InstallationBooster] = C:\system.sav\util\OMENCC_InstallationBooster.exe (User 'Local service') O4 - HKU\S-1-5-19..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Local service') O4 - HKU\S-1-5-20..\Run: [HPSEU_Host_Launcher] = C:\System.sav\util\HPSEU\HpseuHostLauncher.exe (User 'Network service') O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (Microsoft) (User 'Network service') O4 - HKU\S-1-5-20..\RunOnce: [OMENCC_InstallationBooster] = C:\system.sav\util\OMENCC_InstallationBooster.exe (User 'Network service') O4 - HKU\S-1-5-20..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Network service') O8 - Context menu item: HKCU..\Internet Explorer\MenuExt\Se&nd to OneNote: (default) = C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll (file missing) O9 - Button: HKLM..{25510184-5A38-4A99-B273-DCA8EEF6CD08}: Palaiž HP tīkla pārbaudi, kas palīdz jums atrisināt savienojamības problēmas - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Tools menu item: HKLM..{25510184-5A38-4A99-B273-DCA8EEF6CD08}: HP tīkla pārbaude - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9-32 - Button: HKLM..{25510184-5A38-4A99-B273-DCA8EEF6CD08}: Palaiž HP tīkla pārbaudi, kas palīdz jums atrisināt savienojamības problēmas - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9-32 - Tools menu item: HKLM..{25510184-5A38-4A99-B273-DCA8EEF6CD08}: HP tīkla pārbaude - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nlansp_c.dll O17 - DHCP DNS 1: 192.168.1.254 O21 - HKLM..\ShellIconOverlayIdentifiers\ OneDrive1: (no name) - {BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file) O21 - HKLM..\ShellIconOverlayIdentifiers\ OneDrive2: (no name) - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file) O21 - HKLM..\ShellIconOverlayIdentifiers\ OneDrive3: (no name) - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file) O21 - HKLM..\ShellIconOverlayIdentifiers\ OneDrive4: (no name) - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file) O21 - HKLM..\ShellIconOverlayIdentifiers\ OneDrive5: (no name) - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file) O21 - HKLM..\ShellIconOverlayIdentifiers\ OneDrive6: (no name) - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - (no file) O21 - HKLM..\ShellIconOverlayIdentifiers\ OneDrive7: (no name) - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} - (no file) O21-32 - HKLM..\ShellIconOverlayIdentifiers\ OneDrive1: (no name) - {BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file) O21-32 - HKLM..\ShellIconOverlayIdentifiers\ OneDrive2: (no name) - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file) O21-32 - HKLM..\ShellIconOverlayIdentifiers\ OneDrive3: (no name) - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file) O21-32 - HKLM..\ShellIconOverlayIdentifiers\ OneDrive4: (no name) - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file) O21-32 - HKLM..\ShellIconOverlayIdentifiers\ OneDrive5: (no name) - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file) O21-32 - HKLM..\ShellIconOverlayIdentifiers\ OneDrive6: (no name) - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - (no file) O21-32 - HKLM..\ShellIconOverlayIdentifiers\ OneDrive7: (no name) - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} - (no file) O22 - Task: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (Microsoft) (user missing) O22 - Task: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (Microsoft) (user missing) O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HP\HP Support Assistant (empty) O22 - Task: (disabled) \Microsoft\Windows\Flighting\FeatureConfig\BootstrapUsageDataReporting - {D759C938-B375-41CB-A2A2-E6D866A767F4} - C:\Windows\System32\fcon.dll (Microsoft) O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft) O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft) O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\MdmDiagnosticsCleanup - C:\WINDOWS\system32\MdmDiagnosticsTool.exe /clean (Microsoft) O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft) O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft) O22 - Task: (disabled) \Microsoft\Windows\Printing\PrintJobCleanupTask - {8ABCE260-32B6-476C-AE13-B34D0C91292D} - C:\Windows\System32\PrinterCleanupTask.dll (Microsoft) O22 - Task: (disabled) \Microsoft\Windows\Servicing\OOBEFodSetup - C:\WINDOWS\system32\OOBEFodSetup.exe (Microsoft) O22 - Task: (disabled) \Microsoft\Windows\SharedPC\Account Cleanup - {7750564D-D61C-4557-8A9D-7DF56BDCFF96} - C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll (Microsoft) O22 - Task: (disabled) \Microsoft\Windows\Shell\ThemeAssetTask_SyncFODState - {3BC5DD7D-EA3B-428C-B9B6-0723DB6A1057} - C:\Windows\System32\Windows.UI.Immersive.dll (Microsoft) O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft) O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft) O22 - Task: (disabled) \Microsoft\Windows\WaaSMedic\DeferredWork - {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32},DeferralWork - C:\WINDOWS\System32\WaaSMedicSvc.dll (Microsoft) O22 - Task: (disabled) OneDrive Standalone Update Task-S-1-5-21-2918753133-462414586-3482633037-500 - C:\Users\Andris\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing) O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload mininterval:2880 (Microsoft) O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload (Microsoft) O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (Microsoft) O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (Microsoft) O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (Microsoft) O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\WINDOWS\system32\sc.exe start InventorySvc O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser Exp - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun express (Microsoft) O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft) O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\SdbinstMergeDbTask - C:\WINDOWS\system32\sdbinst.exe -mm (Microsoft) O22 - Task: (telemetry) \Microsoft\Windows\Sustainability\SustainabilityTelemetry - {6EE41D75-D091-4FB7-9AD5-018760DD25D4} - C:\WINDOWS\system32\EcoScoreTask.dll (Microsoft) O22 - Task: \GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem135.0.7023.0{F5B79405-0FCE-4C4B-A1F5-5EB82E671760} - C:\Program Files (x86)\Google\GoogleUpdater\135.0.7023.0\updater.exe --wake --system O22 - Task: \Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice - C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe /show O22 - Task: \Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe /send O22 - Task: \Hewlett-Packard\HP Support Assistant\HPPrinterLowInk - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPPrinterLowInk\HPPrinterLowInk.exe /show O22 - Task: \HP\Consent Manager Launcher - C:\WINDOWS\system32\sc.exe start hptouchpointanalyticsservice O22 - Task: \HP\HP Print Scan Doctor\Printer Health Monitor - C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe O22 - Task: \HP\HP Print Scan Doctor\Printer Health Monitor Logon - C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe O22 - Task: \McAfeeTsk\OOBEUpgrader - C:\Program Files\McAfee\MSC\OOBE_Upgrader.exe /Run (file missing) O22 - Task: \Microsoft\Office\Office Performance Monitor - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe (Microsoft) O22 - Task: \Microsoft\Windows\AppListBackup\BackupNonMaintenance - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\WINDOWS\system32\AppListBackupLauncher.dll (Microsoft) O22 - Task: \Microsoft\Windows\AppxDeploymentClient\UCPD velocity - C:\WINDOWS\system32\UCPDMgr.exe (Microsoft) O22 - Task: \Microsoft\Windows\CloudRestore\Backup - {722D0F89-B69C-4700-AE8C-4A44350E4876},$(Arg0) - C:\Windows\System32\CloudRestoreLauncher.dll (Microsoft) O22 - Task: \Microsoft\Windows\CloudRestore\Restore - {b4bcfa6f-948d-46b8-bf27-e8b1117e23b3} - C:\WINDOWS\system32\CloudRestoreLauncher.dll (Microsoft) O22 - Task: \Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask - {82AA0895-198A-4C1B-B2D1-C16894218AFB} - C:\WINDOWS\System32\unifiedconsent.dll (Microsoft) O22 - Task: \Microsoft\Windows\Defrag\ScheduledDefrag - C:\WINDOWS\system32\defrag.exe \?\Volume{4e43a038-3042-4f25-8f3f-48aa4b1597bb}\ \?\Volume{00538cac-0000-0000-0000-100000000000}\ -e -h -o -$ (Microsoft) O22 - Task: \Microsoft\Windows\Diagnosis\UnexpectedCodepath - C:\WINDOWS\system32\UCConfigTask.exe (Microsoft) O22 - Task: \Microsoft\Windows\Flighting\FeatureConfig\ReconcileConfigs - {15F5ECE1-4550-4A92-8E26-984FD1DA54FA} - C:\WINDOWS\System32\fcon.dll (Microsoft) O22 - Task: \Microsoft\Windows\Flighting\FeatureConfig\UsageDataReceiver - {D4C0420F-76BD-4F66-A91F-918A93ABEBEB} - C:\Windows\System32\fcon.dll (Microsoft) O22 - Task: \Microsoft\Windows\Input\InputSettingsRestoreDataAvailable - {378EAB97-EFD6-4ED5-9AD9-E64A6AA1E6FA},InputSettingsRestoreDataAvailable - C:\Windows\System32\InputCloudStore.dll (Microsoft) O22 - Task: \Microsoft\Windows\Input\RemoteMouseSyncDataAvailable - {378EAB97-EFD6-4ED5-9AD9-E64A6AA1E6FA},RemoteMouseSyncDataAvailable - C:\Windows\System32\InputCloudStore.dll (Microsoft) O22 - Task: \Microsoft\Windows\Input\RemotePenSyncDataAvailable - {378EAB97-EFD6-4ED5-9AD9-E64A6AA1E6FA},RemotePenSyncDataAvailable - C:\Windows\System32\InputCloudStore.dll (Microsoft) O22 - Task: \Microsoft\Windows\Input\RemoteTouchpadSyncDataAvailable - {378EAB97-EFD6-4ED5-9AD9-E64A6AA1E6FA},RemoteTouchpadSyncDataAvailable - C:\Windows\System32\InputCloudStore.dll (Microsoft) O22 - Task: \Microsoft\Windows\Input\syncpensettings - {3ECEE215-83F5-4123-A592-74F1FE4C3D59},SYNC_PEN_SETTINGS - C:\Windows\System32\SettingsHandlers_Pen.dll (Microsoft) O22 - Task: \Microsoft\Windows\InstallService\RestoreDevice - {7F019157-05C8-473F-8664-2BA04A090DC8} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft) O22 - Task: \Microsoft\Windows\Location\Notifications - C:\WINDOWS\System32\LocationNotificationWindows.exe (file missing) O22 - Task: \Microsoft\Windows\Network Connectivity Status Indicator\NcsiIdentifyUserProxies - {706B965A-8308-4CD4-9900-87C2D79C121B} - C:\Windows\System32\netprofm.dll (Microsoft) O22 - Task: \Microsoft\Windows\PerformanceTrace\RequestTrace - {9EFEB182-2EE3-4AF9-AFFA-521410D110D1} - C:\WINDOWS\system32\PerformanceTraceHandler.dll (Microsoft) O22 - Task: \Microsoft\Windows\ReFsDedupSvc\Initialization - {DCFF735B-64F7-45F3-B39C-6C66BBE2120F} - C:\WINDOWS\System32\ReFsDedupSvc.exe (Microsoft) O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ClientTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client" O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ServerTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server" O22 - Task: \Microsoft\Windows\Sustainability\PowerGridForecastTask - {251E5B1F-E370-4E12-B5BD-B7AD2A8EE810} - C:\WINDOWS\system32\PowerGridForecastTask.dll (Microsoft) O22 - Task: \Microsoft\Windows\TPM\Tpm-PreAttestationHealthCheck - {5014B7C8-934E-4262-9816-887FA745A6C4},TpmPreAttestationHealthCheck - C:\WINDOWS\system32\TpmTasks.dll (Microsoft) O22 - Task: \Microsoft\Windows\UpdateOrchestrator\StartOobeAppsScan_LicenseAccepted - C:\WINDOWS\system32\usoclient.exe StartOobeAppsScan (Microsoft) O22 - Task: \Microsoft\Windows\UpdateOrchestrator\UIEOrchestrator - C:\WINDOWS\system32\UIEOrchestrator.exe /SendHeartbeat (Microsoft) O22 - Task: \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\WINDOWS\system32\MusNotification.exe (file missing) O22 - Task: \Microsoft\Windows\UpdateOrchestrator\UUS Failover Task - C:\WINDOWS\System32\MLEngineStub.exe HandleUusFailoverEvaluationSignalFromWnf (Microsoft) O22 - Task: \Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache - {07369A67-07A6-4608-ABEA-379491CB7C46} - C:\Windows\System32\UpdatePolicy.dll (Microsoft) O22 - Task: \Microsoft\Windows\WlanSvc\MoProfileManagement - {085EDA12-CF4A-4944-8222-8ADCADE137CB} - C:\Windows\System32\WlanMediaManager.dll (Microsoft) O22 - Task: HPAudioSwitch - C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe O22 - Task: OneDrive Standalone Update Task-S-1-5-21-1626370244-3049773745-3697934811-500 - C:\Users\Andris\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing) O22 - Task: OneDrive Standalone Update Task-S-1-5-21-2744673216-1355764511-2994683655-500 - C:\Users\Andris\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing) O22 - Task: OneDrive Standalone Update Task-S-1-5-21-925950663-1210159012-3718937124-500 - C:\Users\Andris\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing) O22 - Task: RtkAudUService64_BG - C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_1c0a31316508effa\RtkAudUService64.exe -background O23 - Service R2: "Realtek Bluetooth Device Manager Service" ;RtkServ - (RtkBtManServ) - C:\WINDOWS\RtkBtManServ.exe O23 - Service R2: AMD Crash Defender Service - C:\WINDOWS\System32\amdfendrsr.exe O23 - Service R2: AMD External Events Utility - C:\WINDOWS\System32\DriverStore\FileRepository\u0387389.inf_amd64_995be970e30b8c79\B385477\atiesrxx.exe O23 - Service R2: HP App Helper HSA Service - (HPAppHelperCap) - C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\AppHelperCap.exe O23 - Service R2: HP Comm Recovery - (HP Comm Recover) - C:\Program Files\HPCommRecovery\HPCommRecovery.exe O23 - Service R2: HP Diagnostics HSA Service - (HPDiagsCap) - C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\DiagsCap.exe O23 - Service R2: HP Insights Analytics - (HpTouchpointAnalyticsService) - C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe O23 - Service R2: HP Network HSA Service - (HPNetworkCap) - C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\NetworkCap.exe O23 - Service R2: HP Print Scan Doctor Service - (HPPrintScanDoctorService) - C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe O23 - Service R2: HP System Info HSA Service - (HPSysInfoCap) - C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\SysInfoCap.exe O23 - Service R2: Microsoft Defender Core Service - (MDCoreSvc) - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MpDefenderCoreService.exe O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_1c0a31316508effa\RtkAudUService64.exe O23 - Service R2: SynTPEnhService - C:\WINDOWS\System32\SynTPEnhService.exe O23 - Service R2: Sound Research SECOMN Service - (SECOMNService) - C:\WINDOWS\System32\SECOMN64.exe O23 - Service S2: Google updater internal service (GoogleUpdaterInternalService135.0.7023.0) - (GoogleUpdaterInternalService135.0.7023.0) - C:\Program Files (x86)\Google\GoogleUpdater\135.0.7023.0\updater.exe --system --windows-service --service=update-internal O23 - Service S2: Google updater service (GoogleUpdaterService135.0.7023.0) - (GoogleUpdaterService135.0.7023.0) - C:\Program Files (x86)\Google\GoogleUpdater\135.0.7023.0\updater.exe --system --windows-service --service=update O23 - Service S2: Pakalpojums Google atjauninājums (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\134.0.6998.89\elevation_service.exe O23 - Service S3: Pakalpojums Google atjauninājums (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc

-- End of file - Time spent: 20,3 sec. - 55398 bytes, CRC32: FFFFFFFF. Sign: 聭竄

kangarooo avatar Mar 18 '25 20:03 kangarooo

Hi, You don't have to insert logs right in your message. Please attach it only. (HiJackThis log is included in CollectionLog pack, so no need to do it again).

I didn't see any obvious sings of infection so far. Lets get more logs: Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
  • Please attach the logs back here.

Sandor-Helper avatar Mar 19 '25 06:03 Sandor-Helper

Closed. Reason: no answer for 10 days. If you still need our help, please, execute the last steps, requested by a helper. Also, download again AutoLogger, prepare new CollectionLog, and write what problems remained.

dragokas avatar Aug 21 '25 13:08 dragokas