Viruses / Hacker ??

**Malnutrition** · 07-20-2022, 12:45 AM

ZHP diag is a different tool than ZHP cleaner.

This tool will display a log similar to FRST but a bit more detailed.

**Malnutrition** · 07-20-2022, 12:47 AM

ZHP Diag Scan
Click here to download.
Save to your desktop.
Right Click Run as Admin.
Click the Options button.
Click on Check All
Then click close.
Click the Scanner button.
When complete please push the report button.
A notepad will open… attach the report in your next reply.

Please post this log and we can go from there.

**Malnutrition** · 07-21-2022, 07:22 AM

Ok, I’ll work with what information I have, I’ll take look at these logs when I get off work today.

**Malnutrition** · 07-24-2022, 11:31 PM

I apologize for the delay.

uninstall the following programs with GeekUninstaller.

Item in red optional. if you use it then leave it.

AVG Update Helper (HKLM-x32...{EDB7AEE7-E932-4836-AE50-D3B0B7766CB5}) (Version: 1.8.1188.1 - AVG Technologies) Hidden
Combo Cleaner (HKLM...{8C9F8853-52F7-46F3-BC78-98001D3FF40C}) (Version: 1.0.58.0 - RCS LT) Hidden
Combo Cleaner (HKLM-x32...\InstallShield_{8C9F8853-52F7-46F3-BC78-98001D3FF40C}) (Version: 1.0.58.0 - RCS LT)
Bonjour (HKLM...{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
[COLOR=rgb(184, 49, 47)]Microsoft OneDrive (HKU\S-1-5-21-1613466211-3433340891-3206170746-1001...\OneDriveSetup.exe) (Version: 22.131.0619.0001 - Microsoft Corporation)
Norton 360 (HKLM-x32...\NGC) (Version: 22.22.6.10 - NortonLifeLock Inc)

Start Hijack this as Admin, check the following, then click the fix,
Reboot your machine.

Code:

O4 - HKCU\..\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_6F4DC4E10286D821F4B760C09BBF0282] = C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5
O4 - HKLM\..\StartupApproved\Run32: [Intel Driver & Support Assistant] = C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (2022/05/22)
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Local service')
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Network service')
O5 - HKCU\Control Panel\don't load: [RTSnMg64.cpl] (file missing)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: (telemetry) NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe
O22 - Task: (telemetry) NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe
O22 - Task: (telemetry) NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe
O22 - Task: (telemetry) NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerSkipUAC - getth - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: DuetUpdater - C:\Program Files\Kairos\Duet Display\DuetUpdater.exe /silent
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: OneDC_Updater - C:\Users\getth\Documents\temp\OneDC_Updater\OneDC_Updater.exe OneDragonCenter
O22 - Task: OneDrive Reporting Task-S-1-5-21-1613466211-3433340891-3206170746-1001 - C:\Users\getth\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
O23 - Service S3: CCleaner Performance Optimizer Service - (CCleanerPerformanceOptimizerService) - C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe

Download ClearLNK and save it to your desktop.

[ATTACH type=“full”]10314[/ATTACH]

Drag the Check_Browsers_LNK.log attached below onto it, a report will open, post that.

C:\Users\getth\Documents\temp\OneDC_Updater\OneDC_ Updater.exe OneDragonCenter

This is not malware, it is related to https://www.msi.com/Landing/dragon-center-download

You can stop it from connecting to the internet with the guide below, just search [COLOR=rgb(184, 49, 47)]OneDC_Updater.exe in everything search engine, follow guide.

Forums - PC Help Forum

https://pchelpforum.net/r/how-to-block-a-program-from-accessing-the-internet.93/

PCHF Forums

FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.[/COLOR][/COLOR]

**Malnutrition** · 08-01-2022, 04:17 AM

@Not John Titor please update the thread or it will be considered abandoned in 48 hours.

Viruses / Hacker ??

Comment

Comment

Comment

Comment

Comment