Sometimes i loose internet connection sometimes computer freezes - Virus, Trojan, Spyware, and Malware Removal Help (2023)

my computer runs very slow sometimes for example while running the scan it said not responding several times and froze a lot when i download a program it takes super long to complete there is a lot of hidden files i feel like there are registry entries that shouldn't be there I feel like my computer has been compromised. I feel like someone else may be monitoring my computer and or controlling it

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-04-2023

Ran by Unknown (administrator) on KONNECTED (Sony Corporation SVF15A16CXB) (19-04-2023 11:31:46)

Running from C:\Users\austi\OneDrive\Desktop\FRST64 (1).exe

Loaded Profiles: Unknown

Platform: Microsoft Windows 10 Home Version 22H2 19045.2846 (X64) Language: English (United States)

Default browser: Chrome

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Bitdefender Agent\ProductAgentService.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\26.0.1.243\DiscoverySrv.exe

(C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe

(C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe

(C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (S.C. BITDEFENDER S.R.L. -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\wsccommunicator.exe

(C:\Program Files\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <3>

(C:\Program Files\JetBrains\PyCharm Community Edition 2023.1\bin\pycharm64.exe ->) (JetBrains s.r.o. -> JetBrains s.r.o.) C:\Program Files\JetBrains\PyCharm Community Edition 2023.1\bin\fsnotifier.exe

(cmd.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdtrackersnmh.exe

(cmd.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdwtxcr.exe

(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <25>

(explorer.exe ->) (JetBrains s.r.o. -> JetBrains s.r.o.) C:\Program Files\JetBrains\PyCharm Community Edition 2023.1\bin\pycharm64.exe

(explorer.exe ->) (nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordVPN\NordVPN.exe

(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxHK.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mspaint.exe

(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe

(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\redline\bdredline.exe

(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe <3>

(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe

(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe

(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordUpdater\NordUpdateService.exe

(services.exe ->) (nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe

(services.exe ->) (nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954368 2015-09-22] (Synaptics Incorporated -> Synaptics Incorporated)

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe [989208 2023-04-10] (Bitdefender SRL -> Bitdefender)

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION

HKU\S-1-5-21-3501841338-1236821420-3866047128-1001\...\Run: [MicrosoftEdgeAutoLaunch_AF130ACF5B455D1270CFFE4899398D7A] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4056000 2023-03-12] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-3501841338-1236821420-3866047128-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [253816 2022-08-03] (nordvpn s.a. -> TEFINCOM S.A.)

HKU\S-1-5-21-3501841338-1236821420-3866047128-1001\...\Run: [Microsoft Edge Update] => C:\Users\austi\AppData\Local\Microsoft\EdgeUpdate\1.3.173.55\MicrosoftEdgeUpdateCore.exe [263584 2023-04-07] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-3501841338-1236821420-3866047128-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [581120 2022-09-07] (Microsoft Windows -> Microsoft Corporation)

HKLM\...\Print\Monitors\HP E511 Status Monitor: C:\Windows\system32\hpinkstsE511LM.dll [393352 2017-03-09] (Hewlett Packard -> HP Inc.)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\112.0.5615.121\Installer\chrmstp.exe [2023-04-18] (Google LLC -> Google LLC)

Startup: C:\Users\austi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2023-03-28]

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (No File)

BootExecute: autocheck autochk * autocheck iolorgdf64 C:\Users\austi\AppData\Roaming\iolo\

GroupPolicy: Restriction ? <==== ATTENTION

GroupPolicy-Firefox: Restriction <==== ATTENTION

(Video) Fix / Repair Internet Connection After Virus or Spyware or Malware Infection by Britec

Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1370A9E7-3FD1-47D4-804F-1D08D97A64F3} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3501841338-1236821420-3866047128-1001UA => C:\Users\austi\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [214928 2023-04-07] (Microsoft Corporation -> Microsoft Corporation)

Task: {58D38424-DB2C-471F-B730-8AC7E375DE04} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3501841338-1236821420-3866047128-1001Core => C:\Users\austi\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [214928 2023-04-07] (Microsoft Corporation -> Microsoft Corporation)

Task: {6B4DCF3A-D741-425D-895F-9F9E334EA56A} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\26.0.1.243\WatchDog.exe [933928 2023-04-07] (Bitdefender SRL -> Bitdefender)

Task: {869437A4-5EB6-4CB2-9F27-7D3B5A247C7F} - System32\Tasks\GoogleUpdateTaskMachineCore{A8F725F0-3F02-4E9B-8B90-50300E79A404} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2023-03-14] (Google LLC -> Google LLC)

Task: {D400CBB0-858F-450E-92D6-2667A9CA4716} - System32\Tasks\GoogleUpdateTaskMachineUA{231E03F4-F71B-4D6C-9D00-91FBBFACB511} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2023-03-14] (Google LLC -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{c4a3b36d-dcf6-4a9d-91fc-4d6c24dabf2f}: [NameServer] 1.1.1.1

Tcpip\..\Interfaces\{c4a3b36d-dcf6-4a9d-91fc-4d6c24dabf2f}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{fc01fcd5-2b9d-2fd8-78d8-cb78b313e2b2}: [NameServer] 103.86.99.99,103.86.96.96

Edge:

=======

Edge DefaultProfile: Profile 4

Edge Profile: C:\Users\austi\AppData\Local\Microsoft\Edge\User Data\Profile 4 [2023-04-13]

Edge Extension: (Malwarebytes Browser Guard) - C:\Users\austi\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\bojobppfploabceghnmlahpoonbcbacn [2023-04-13]

Edge Extension: (Bitdefender Anti-tracker) - C:\Users\austi\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\dbconhplchnbippmjabbcedokimacfjl [2023-03-27]

Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]

Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]

Edge HKLM-x32\...\Edge\Extension: [dbconhplchnbippmjabbcedokimacfjl]

Edge HKLM-x32\...\Edge\Extension: [pdhdldaneekjpoaldekpgomomeabpnek]

FireFox:

========

FF DefaultProfile: 2m53j83x.68-edition-default

FF DefaultProfile: 5x74c41d.default

FF ProfilePath: C:\Users\austi\AppData\Roaming\Waterfox\Profiles\2m53j83x.68-edition-default [2023-03-31]

FF ProfilePath: C:\Users\austi\AppData\Roaming\Waterfox\Profiles\hm0p93a2.default-release [2023-04-19]

FF ProfilePath: C:\Users\austi\AppData\Roaming\Mozilla\Firefox\Profiles\5x74c41d.default [2023-03-23]

FF ProfilePath: C:\Users\austi\AppData\Roaming\Mozilla\Firefox\Profiles\ptnvzrzz.default-release [2023-04-10]

FF Notifications: Mozilla\Firefox\Profiles\ptnvzrzz.default-release -> hxxps://www.msn.com

FF Extension: (Bitdefender Anti-tracker) - C:\Users\austi\AppData\Roaming\Mozilla\Firefox\Profiles\ptnvzrzz.default-release\Extensions\bdtbe@bitdefender.com.xpi [2023-03-29] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]

FF Extension: (TrafficLight) - C:\Users\austi\AppData\Roaming\Mozilla\Firefox\Profiles\ptnvzrzz.default-release\Extensions\trafficlight@bitdefender.com.xpi [2023-03-26]

FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi

FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2022-11-07] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/wallet/updates.json ]

FF HKLM\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi

FF Extension: (Bitdefender Anti-tracker) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi [2023-01-05] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]

FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext

FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2023-02-27] [Legacy] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi

FF HKLM-x32\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi

FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext

FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2023-03-24] <==== ATTENTION (Points to *.cfg file)

FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2023-03-24] <==== ATTENTION

Chrome:

=======

CHR DefaultProfile: Default

CHR Profile: C:\Users\austi\AppData\Local\Google\Chrome\User Data\Default [2023-04-19]

CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://www.facebook.com; hxxps://www.reddit.com; hxxps://www.youtube.com

CHR StartupUrls: Default -> "hxxps://directinteractions.freshdesk.com/support/home","hxxps://www.shiftboard.com/servola/auth.cgi?ss=525676&Go=Go&cookie_test=1","hxxps://hamwfmjfsweb.ngtsohio.com/ProSchedulerWeb/Auth/Login","hxxps://hamcce1fns1pub.ngtsohio.com/desktop/logout.jsp?locale=en_US"

CHR Session Restore: Default -> is enabled.

CHR Extension: (Dark Theme for Google Chrome) - C:\Users\austi\AppData\Local\Google\Chrome\User Data\Default\Extensions\annfbnbieaamhaimclajlajpijgkdblo [2023-03-20]

CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\austi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-03-09]

(Video) Fix / Repair Internet Connection after a malware Infection

CHR Extension: (NordVPN - VPN Proxy for Privacy and Security) - C:\Users\austi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoaledfpmneenckfbpdfhkmimnjocfa [2023-03-29]

CHR Extension: (iCloud Bookmarks) - C:\Users\austi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2023-04-07]

CHR Extension: (Bitdefender Wallet) - C:\Users\austi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2023-03-23]

CHR Extension: (Google Docs Offline) - C:\Users\austi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-03-29]

CHR Extension: (Bitdefender Anti-tracker) - C:\Users\austi\AppData\Local\Google\Chrome\User Data\Default\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2023-03-23]

CHR Extension: (Chrome Web Store Payments) - C:\Users\austi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-01-30]

CHR Extension: (iCloud Passwords) - C:\Users\austi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pejdijmoenmkgeppbflobdenhhabjlaj [2023-04-07]

CHR Profile: C:\Users\austi\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-04-19]

CHR Profile: C:\Users\austi\AppData\Local\Google\Chrome\User Data\ProfileWSOLIntuit [2023-03-27] <==== ATTENTION

CHR Notifications: ProfileWSOLIntuit -> hxxps://app.slack.com; hxxps://d-90672c00e9.awsapps.com; hxxps://intuit.lightning.force.com; hxxps://teams.microsoft.com.mcas.ms

CHR Session Restore: ProfileWSOLIntuit -> is enabled.

CHR Extension: (Whatfix for Intuit (Production)) - C:\Users\austi\AppData\Local\Google\Chrome\User Data\ProfileWSOLIntuit\Extensions\eecadmlnhempdpkmbjmnnocghkbkmelm [2023-03-27]

CHR Extension: (NordVPN - VPN Proxy for Privacy and Security) - C:\Users\austi\AppData\Local\Google\Chrome\User Data\ProfileWSOLIntuit\Extensions\fjoaledfpmneenckfbpdfhkmimnjocfa [2023-03-27]

CHR Extension: (Bitdefender Wallet) - C:\Users\austi\AppData\Local\Google\Chrome\User Data\ProfileWSOLIntuit\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2023-03-27]

CHR Extension: (OneLogin for Google Chrome) - C:\Users\austi\AppData\Local\Google\Chrome\User Data\ProfileWSOLIntuit\Extensions\ioalpmibngobedobkmbhgmadaphocjdn [2023-01-31]

CHR Extension: (Grammarly: Grammar Checker and Writing App) - C:\Users\austi\AppData\Local\Google\Chrome\User Data\ProfileWSOLIntuit\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2023-03-20]

CHR Extension: (Bitdefender Anti-tracker) - C:\Users\austi\AppData\Local\Google\Chrome\User Data\ProfileWSOLIntuit\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2023-03-27]

CHR Extension: (Chrome Web Store Payments) - C:\Users\austi\AppData\Local\Google\Chrome\User Data\ProfileWSOLIntuit\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-01-30]

CHR Profile: C:\Users\austi\AppData\Local\Google\Chrome\User Data\System Profile [2023-04-19]

CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

CHR HKLM-x32\...\Chrome\Extension: [fjoaledfpmneenckfbpdfhkmimnjocfa]

CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl]

CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [821784 2023-04-10] (Bitdefender SRL -> Bitdefender)

R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [821784 2023-04-10] (Bitdefender SRL -> Bitdefender)

R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2995752 2022-01-28] (Bitdefender SRL -> Bitdefender)

R2 bdredline_agent; C:\Program Files\Bitdefender Agent\redline\bdredline.exe [2454632 2022-02-10] (Bitdefender SRL -> Bitdefender)

R3 nordsec-threatprotection-service; C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe [310136 2021-06-11] (nordvpn s.a. -> TEFINCOM S.A.)

R2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2023-01-04] (nordvpn s.a. -> nordvpn S.A.)

R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [254328 2022-08-03] (nordvpn s.a. -> TEFINCOM S.A.)

R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [645672 2023-04-07] (Bitdefender SRL -> Bitdefender)

R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [280088 2023-04-10] (Bitdefender SRL -> Bitdefender)

R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [821784 2023-04-10] (Bitdefender SRL -> Bitdefender)

S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\NisSrv.exe [3191256 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe [133576 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)

S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)

R1 atc; C:\Windows\System32\DRIVERS\atc.sys [5397920 2023-01-20] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender S.R.L. Bucharest, ROMANIA)

R2 BdDci; C:\Windows\System32\DRIVERS\bddci.sys [798128 2022-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)

S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [22976 2020-12-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)

R0 bdprivmon; C:\Windows\System32\DRIVERS\bdprivmon.sys [33208 2022-02-01] (Microsoft Windows Hardware Compatibility Publisher -> © Bitdefender SRL)

S3 bduefiscan; C:\Windows\system32\DRIVERS\bduefiscan.sys [39840 2022-08-12] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)

R0 Gemma; C:\Windows\System32\DRIVERS\gemma.sys [1322912 2022-12-15] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender S.R.L. Bucharest, ROMANIA)

R2 Ignis; C:\Windows\System32\DRIVERS\ignis.sys [185312 2020-10-07] (Bitdefender SRL -> Bitdefender)

R3 mshield; C:\Windows\System32\DRIVERS\mshield.sys [43112 2022-08-24] (nordvpn s.a. -> Nordvpn S.A.)

R2 NDivert; C:\Program Files\NordVPN\7.7.4.0\Drivers\NDivert.sys [131472 2022-06-28] (nordvpn s.a. -> Nordvpn S.A.)

R4 NordDivert10; C:\Program Files\NordVPN\NordSec ThreatProtection\1.3.297.409\NordDivert1064.sys [101240 2022-04-19] (nordvpn s.a. -> NordVPN/Basil)

R1 nordlwf; C:\Windows\system32\DRIVERS\nordlwf.sys [44928 2023-01-17] (nordvpn s.a. -> TEFINCOM S.A.)

R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [633248 2022-12-07] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)

R0 vlflt; C:\Windows\System32\DRIVERS\vlflt.sys [481184 2022-12-08] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)

(Video) How to Remove Spyware,Trojans, Viruses and Malware from your Computer by Britec

S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49576 2023-02-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [473336 2023-02-15] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99576 2023-02-15] (Microsoft Windows -> Microsoft Corporation)

S3 wintun; C:\Windows\System32\drivers\wintun.sys [29592 2023-03-16] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)

R3 WireGuard; C:\Windows\System32\drivers\wireguard.sys [489368 2023-03-16] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)

S1 npcap; \SystemRoot\system32\DRIVERS\npcap.sys [X]

S4 npcap_wifi; \SystemRoot\system32\DRIVERS\npcap.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Additional.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-04-2023

Ran by Unknown (19-04-2023 11:49:12)

Running from C:\Users\austi\OneDrive\Desktop

Microsoft Windows 10 Home Version 22H2 19045.2846 (X64) (2023-01-30 20:01:04)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3501841338-1236821420-3866047128-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-3501841338-1236821420-3866047128-503 - Limited - Disabled)

Guest (S-1-5-21-3501841338-1236821420-3866047128-501 - Limited - Disabled)

Unknown (S-1-5-21-3501841338-1236821420-3866047128-1001 - Administrator - Enabled) => C:\Users\austi

WDAGUtilityAccount (S-1-5-21-3501841338-1236821420-3866047128-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {840E1EB8-082E-3D95-EAAA-FD11CF357A26}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Bitdefender Firewall (Enabled) {BC359F9D-4241-3CCD-C1F5-542431E63D5D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 26.0.1.243 - Bitdefender)

Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 26.0.34.145 - Bitdefender)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 112.0.5615.121 - Google LLC)

Intel® Graphics Driver Software (HKLM-x32\...\{e7e9dac9-c330-48d8-9e17-d21a19dc942c}) (Version: 3.11.1.0 - Intel) Hidden

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.5161 - Intel Corporation)

Lightworks (HKLM\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 2023.1.139984 - LWKS Software Ltd.)

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 111.0.1661.41 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-3501841338-1236821420-3866047128-1001\...\d89bab395edbfe09f2d1b4585c187736) (Version: 1.0 - Google\Chrome)

Microsoft Teams (HKU\S-1-5-21-3501841338-1236821420-3866047128-1001\...\Teams) (Version: 1.6.00.6754 - Microsoft Corporation)

Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)

Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31938 (HKLM-x32\...\{d92971ab-f030-43c8-8545-c66c818d0e05}) (Version: 14.34.31938.0 - Microsoft Corporation)

Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31332 (HKLM-x32\...\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}) (Version: 14.32.31332.0 - Microsoft Corporation)

Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31938 (HKLM\...\{7DA37AE3-D8AE-49B1-9BDC-23CA0AB9FF22}) (Version: 14.34.31938 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31938 (HKLM\...\{0AE39060-F209-4D05-ABC7-54B8F9CFA32E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31332 (HKLM-x32\...\{8972AC25-452E-4FFE-945A-EB9E28C20322}) (Version: 14.32.31332 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31332 (HKLM-x32\...\{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}) (Version: 14.32.31332 - Microsoft Corporation) Hidden

Microsoft Visual Studio Code (User) (HKU\S-1-5-21-3501841338-1236821420-3866047128-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.77.3 - Microsoft Corporation)

NordUpdater (HKLM\...\{6E35DB82-3D19-4DD6-B8CB-F082815FDE18}_is1) (Version: 1.3.0.277 - Nord Security)

NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 7.7.4.0 - Nord Security)

NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)

PyCharm Community Edition 2023.1 (HKLM-x32\...\PyCharm Community Edition 2023.1) (Version: 231.8109.197 - JetBrains s.r.o.)

Python 3.11.3 (64-bit) (HKU\S-1-5-21-3501841338-1236821420-3866047128-1001\...\{c6a7d2cb-61ea-4f5e-bc56-95faa938bacf}) (Version: 3.11.3150.0 - Python Software Foundation)

Python 3.11.3 Add to Path (64-bit) (HKLM\...\{9EB782CC-B2A5-4B67-BFEC-C91F5B755CAF}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden

Python 3.11.3 Core Interpreter (64-bit debug) (HKLM\...\{3A1C995A-499C-42F4-879B-6DD05C9B806F}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden

Python 3.11.3 Core Interpreter (64-bit symbols) (HKLM\...\{225FA4F3-2588-4E0E-898E-E7E47C68FFFA}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden

(Video) Clean ANY malware or virus off ANY Windows computer with one FREE and SIMPLE program!

Python 3.11.3 Core Interpreter (64-bit) (HKLM\...\{611F1238-29A9-495F-B1F4-CFFCC98D9421}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden

Python 3.11.3 Development Libraries (64-bit debug) (HKLM\...\{C8AF0655-998C-4A06-AA76-874046C568C5}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden

Python 3.11.3 Development Libraries (64-bit) (HKLM\...\{D307D056-AF62-4F53-810E-052AAAF0EFB2}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden

Python 3.11.3 Documentation (64-bit) (HKLM\...\{25DC2A6F-FDC2-40D0-AA9D-3BF392BDF500}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden

Python 3.11.3 Executables (64-bit debug) (HKLM\...\{6AA5E40C-B457-49E9-BDB0-2C98ECAE1AAA}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden

Python 3.11.3 Executables (64-bit symbols) (HKLM\...\{625CF3E1-082C-488E-8A09-DF2DF8A5971D}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden

Python 3.11.3 Executables (64-bit) (HKLM\...\{A2BCB6C1-272D-437F-A5BC-92431FC521B4}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden

Python 3.11.3 pip Bootstrap (64-bit) (HKLM\...\{55BEEF7A-9288-497D-B5CE-960D2F3C70A3}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden

Python 3.11.3 Standard Library (64-bit debug) (HKLM\...\{FD70A158-1416-4EB5-BE73-2783BB1E0B09}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden

Python 3.11.3 Standard Library (64-bit symbols) (HKLM\...\{5032B7B5-1E6D-4983-AD2F-4D81390E62F8}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden

Python 3.11.3 Standard Library (64-bit) (HKLM\...\{0D289858-69D1-4CB6-946E-659F028DDC27}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden

Python 3.11.3 Tcl/Tk Support (64-bit debug) (HKLM\...\{44E69042-9EF2-4C77-9EB3-BBD147901E1C}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden

Python 3.11.3 Tcl/Tk Support (64-bit symbols) (HKLM\...\{0F6F46D0-2115-412E-9FC9-6F81CA8CF26A}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden

Python 3.11.3 Tcl/Tk Support (64-bit) (HKLM\...\{C321A7FC-E479-4E2A-AA09-2698EFEA4CA3}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden

Python 3.11.3 Test Suite (64-bit debug) (HKLM\...\{96033567-EC0B-4BFE-AEE9-53E97DDCCD51}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden

Python 3.11.3 Test Suite (64-bit symbols) (HKLM\...\{691A6E7C-B574-4E75-B466-624A7E40FF0C}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden

Python 3.11.3 Test Suite (64-bit) (HKLM\...\{BA9ABB78-751C-4488-80A9-60E44290C060}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden

Python 3.11.3 Utility Scripts (64-bit) (HKLM\...\{5BF6CA5B-E057-413A-B87A-CCD47600E465}) (Version: 3.11.3150.0 - Python Software Foundation) Hidden

Python 3.9.13 (64-bit) (HKU\S-1-5-21-3501841338-1236821420-3866047128-1001\...\{f599560c-4808-4daa-85d8-15f363099f67}) (Version: 3.9.13150.0 - Python Software Foundation)

Python 3.9.13 Core Interpreter (64-bit) (HKLM\...\{D7536B55-7339-436F-A2B3-8B8C0240DF32}) (Version: 3.9.13150.0 - Python Software Foundation) Hidden

Python 3.9.13 Development Libraries (64-bit) (HKLM\...\{A621340A-3F22-40D3-9CCD-50B048EBB48E}) (Version: 3.9.13150.0 - Python Software Foundation) Hidden

Python 3.9.13 Documentation (64-bit) (HKLM\...\{1FB094A5-7604-4C0F-A1FB-EAB7ED730DE2}) (Version: 3.9.13150.0 - Python Software Foundation) Hidden

Python 3.9.13 Executables (64-bit) (HKLM\...\{D497CDAE-43AC-4397-A1C6-B66A7A8F8010}) (Version: 3.9.13150.0 - Python Software Foundation) Hidden

Python 3.9.13 pip Bootstrap (64-bit) (HKLM\...\{72964D30-1BFE-459F-B218-D267EBE0D5B2}) (Version: 3.9.13150.0 - Python Software Foundation) Hidden

Python 3.9.13 Standard Library (64-bit) (HKLM\...\{90A30DAB-6FD8-4CF8-BB8B-C0DB21C69F20}) (Version: 3.9.13150.0 - Python Software Foundation) Hidden

Python 3.9.13 Tcl/Tk Support (64-bit) (HKLM\...\{E7233E87-1712-40E0-8207-17C8D0157FCC}) (Version: 3.9.13150.0 - Python Software Foundation) Hidden

Python 3.9.13 Test Suite (64-bit) (HKLM\...\{7491B488-F171-4A97-935A-9098E7CE2A26}) (Version: 3.9.13150.0 - Python Software Foundation) Hidden

Python 3.9.13 Utility Scripts (64-bit) (HKLM\...\{618E9DD0-9212-486C-AB4A-023ACAB7CD36}) (Version: 3.9.13150.0 - Python Software Foundation) Hidden

Python Launcher (HKLM-x32\...\{C41DB702-D72D-40F4-A2B3-5BAC2DCA2DF2}) (Version: 3.11.3150.0 - Python Software Foundation)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7564 - Realtek Semiconductor Corp.)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)

VAIO Easy Connect (HKLM-x32\...\{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 8.4.4.07220 - Sony Corporation) Hidden

Packages:

=========

AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.52851.0_x64__8wekyb3d8bbwe [2023-03-14] (Microsoft Corporation)

Json Formatter Free -> C:\Program Files\WindowsApps\4846UtilitiesTools.JsonFormatterFree_1.1.9.0_x64__b17t1j31etq18 [2023-04-13] (Utilities Tools) [MS Ad]

Kate -> C:\Program Files\WindowsApps\KDEe.V.Kate_22.801.1797.0_x64__7vt06qxq7ptv8 [2023-04-13] (KDE e.V.)

Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x64__8wekyb3d8bbwe [2023-04-13] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x86__8wekyb3d8bbwe [2023-04-13] (Microsoft Corporation) [MS Ad]

Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-03-27] (Microsoft Corporation)

Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.131.0_x64__pwbj9vvecjh7j [2023-04-05] (Amazon Development Centre (London) Ltd)

WinDbg Preview -> C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2210.3001.0_x64__8wekyb3d8bbwe [2023-03-23] (Microsoft Corporation)

WindowsAppRuntime.1.1 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.1_1005.616.1651.0_x64__8wekyb3d8bbwe [2023-04-07] (Microsoft Corporation)

WindowsAppRuntime.1.1 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.1_1005.616.1651.0_x86__8wekyb3d8bbwe [2023-04-07] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3501841338-1236821420-3866047128-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\austi\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23061.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3501841338-1236821420-3866047128-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> C:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> TEFINCOM S.A.)

CustomCLSID: HKU\S-1-5-21-3501841338-1236821420-3866047128-1001_Classes\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32 -> C:\Users\austi\AppData\Local\Microsoft\EdgeUpdate\1.3.173.55\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3501841338-1236821420-3866047128-1001_Classes\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32 -> C:\Users\austi\AppData\Local\Microsoft\EdgeUpdate\1.3.173.55\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3501841338-1236821420-3866047128-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel® pGFX 2020 -> Intel Corporation)

CustomCLSID: HKU\S-1-5-21-3501841338-1236821420-3866047128-1001_Classes\CLSID\{9CCE22DC-79C6-42A2-B005-864842A35AF3}\InprocServer32 -> C:\Users\austi\AppData\Local\Microsoft\EdgeUpdate\1.3.155.77\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-3501841338-1236821420-3866047128-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\austi\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3501841338-1236821420-3866047128-1001_Classes\CLSID\{F1CBF5EB-347F-4E4C-90AC-E43339FC34EC}\InprocServer32 -> C:\Users\austi\AppData\Local\Microsoft\EdgeUpdate\1.3.173.55\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

(Video) Web page opened popup "Windows Defender Security Center" Ads.fiancetrack(2).dll Trojan Spyware. FAKE

ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2020-08-31] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================


Videos

1. How To Remove (almost) Any Virus From Your PC
(Mental Outlaw)
2. Remove Virus without any Antivirus
(HowtoInsider)
3. How to Remove ANY Virus from Windows 10 in ONE STEP in 2021
(Nico Knows Tech)
4. Fix No Internet Connection After Virus / Malware Removal by Britec
(Britec09)
5. How to remove computer virus, malware, spyware, full computer clean and maintenance 2020
(Full Speed Mac & PC)
6. How to know if your PC is hacked? Suspicious Network Activity 101
(The PC Security Channel)

References

Top Articles
Latest Posts
Article information

Author: Merrill Bechtelar CPA

Last Updated: 07/15/2023

Views: 5833

Rating: 5 / 5 (50 voted)

Reviews: 81% of readers found this page helpful

Author information

Name: Merrill Bechtelar CPA

Birthday: 1996-05-19

Address: Apt. 114 873 White Lodge, Libbyfurt, CA 93006

Phone: +5983010455207

Job: Legacy Representative

Hobby: Blacksmithing, Urban exploration, Sudoku, Slacklining, Creative writing, Community, Letterboxing

Introduction: My name is Merrill Bechtelar CPA, I am a clean, agreeable, glorious, magnificent, witty, enchanting, comfortable person who loves writing and wants to share my knowledge and understanding with you.