onemacusa[.]com drive by download – Virus, Trojan, Spyware, and Malware Removal Help

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2021
Ran by test (administrator) on JMORAN-L01 (Dell Inc. Precision 3551) (06-10-2021 20:16:05)
Running from C:UserstestDownloads
Loaded Profiles: test
Platform: Windows 10 Pro Version 21H1 19043.1237 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(“STMicroelectronics Srl” -> ) C:WindowsSystem32driversDellFFDPWmiService.exe
(Apple Inc. -> Apple Inc.) C:Program FilesBonjourmDNSResponder.exe
(Athenahealth, Inc. -> athenahealth, inc) [File not signed] C:Program Files (x86)athenahealth, IncaNetDeviceManager3.1.3.0WindowsServiceApollo.exe
(Athenahealth, Inc. -> athenahealth, inc) [File not signed] C:UserstestAppDataLocalathenahealth, Inc3.1.3.0modulesCoreModuleADM.TrayApp.exe
(Athenahealth, Inc. -> athenahealth, inc) [File not signed] C:UserstestAppDataLocalathenahealth, Inc3.1.3.0modulesCoreModuleCoreModule.exe
(Broadcom Corporation -> ) C:WindowsSystem32bcmUshUpgradeService.exe
(Broadcom Corporation -> Broadcom Corporation) C:WindowsSystem32bcmHostControlService.exe
(Broadcom Corporation -> Broadcom Corporation) C:WindowsSystem32bcmHostStorageService.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:Program Files (x86)CitrixICA Clientconcentr.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:Program Files (x86)CitrixICA ClientReceiverReceiver.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:Program Files (x86)CitrixICA ClientReceiverUpdaterService.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:Program Files (x86)CitrixICA Clientredirector.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:Program Files (x86)CitrixICA ClientSelfServicePluginSelfServicePlugin.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:Program Files (x86)CitrixICA Clientwfcrun32.exe
(ConnectWise, LLC -> ) C:Program Files (x86)ScreenConnect Client (637ec66d614d25d4)ScreenConnect.ClientService.exe
(ConnectWise, LLC -> ScreenConnect Software) C:Program Files (x86)ScreenConnect Client (637ec66d614d25d4)ScreenConnect.WindowsClient.exe <2>
(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
(Intel Corporation -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorydptf_cpu.inf_amd64_82b77f8c4618e2d0esif_uf.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorydal.inf_amd64_b5484efd38adbe8djhi_service.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorylms.inf_amd64_dc8575dca42caa2cLMS.exe
(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorycui_dch.inf_amd64_7769fb49693b5f65igfxCUIService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorycui_dch.inf_amd64_7769fb49693b5f65igfxEM.exe
(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryigcc_dch.inf_amd64_d392adf622e242f6OneApp.IGCC.WinService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryiigd_dch.inf_amd64_ac19d7e120d74fdfIntelCpHDCPSvc.exe
(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryiigd_dch.inf_amd64_ac19d7e120d74fdfIntelCpHeciSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryiastorac.inf_amd64_9c788f1d162b1224RstMwService.exe
(LogMeIn, Inc. -> LastPass) C:Program Files (x86)LastPasslastapp_x64.exe
(Microsoft Corporation -> Microsoft Corporation) C:Program Files (x86)MicrosoftEdgeApplicationmsedge.exe <32>
(Microsoft Corporation -> Microsoft Corporation) C:UserstestAppDataLocalMicrosoftOneDriveOneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:WindowsMicrosoft.NETFramework64v3.0WPFPresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:Program FilesMicrosoft Update Health Toolsuhssvc.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32wbemWMIADAP.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Alps Electric Co., Ltd.) C:WindowsSystem32DellTPadApMsgFwd.exe
(Microsoft Windows Hardware Compatibility Publisher -> Alps Electric Co., Ltd.) C:WindowsSystem32DellTPadApntEx.exe
(Microsoft Windows Hardware Compatibility Publisher -> Alps Electric Co., Ltd.) C:WindowsSystem32DellTPadApoint.exe
(Microsoft Windows Hardware Compatibility Publisher -> Alps Electric Co., Ltd.) C:WindowsSystem32DellTPadApRemote.exe
(Microsoft Windows Hardware Compatibility Publisher -> Alps Electric Co., Ltd.) C:WindowsSystem32DellTPadhidfind.exe
(Microsoft Windows Hardware Compatibility Publisher -> Alps Electric Co., Ltd.) C:WindowsSystem32DellTPadHidMonitorSvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:WindowsSystem32DriverStoreFileRepositorynvdm.inf_amd64_8f0766276bba828fDisplay.NvContainerNVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:WindowsSystem32nvwmi64.exe <2>
(Open Source Developer, Robin Krom -> Greenshot) C:Program FilesGreenshotGreenshot.exe
(Panda Security S.L. -> Panda Security International) C:Program Files (x86)Panda SecurityWaAgentWAHostWAHost.exe
(Panda Security S.L. -> Panda Security, S.L.) C:Program Files (x86)Panda SecurityWACPSANHost.exe
(Panda Security S.L. -> Panda Security, S.L.) C:Program Files (x86)Panda SecurityWACPSUAMain.exe
(Panda Security S.L. -> Panda Security, S.L.) C:Program Files (x86)Panda SecurityWACPSUAService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:WindowsSystem32DriverStoreFileRepositoryrealtekservice.inf_amd64_bc81681eb27bc1aeRtkAudUService64.exe <3>
(Sanford, L.P.) [File not signed] C:Program Files (x86)DYMODYMO Label SoftwareDYMO.DLS.Printing.Host.exe
(Sanford, L.P.) [File not signed] C:Program Files (x86)DYMODYMO Label SoftwareDymoPnpService.exe
(Smart Sound Technology -> Intel) C:WindowsSystem32cAVSIASIntelAudioService.exe
(Waves Inc -> Waves Audio Ltd.) C:WindowsSystem32DriverStoreFileRepositorywavesapo9de.inf_amd64_177ab60f8bad72ccWavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:WindowsSystem32DriverStoreFileRepositorywavesapo9de.inf_amd64_177ab60f8bad72ccWavesSysSvc64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM…Run: [Greenshot] => C:Program FilesGreenshotGreenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot)
HKLM…Run: [WavesSvc] => C:WindowsSystem32DriverStoreFileRepositorywavesapo9de.inf_amd64_177ab60f8bad72ccWavesSvc64.exe [1776744 2020-12-23] (Waves Inc -> Waves Audio Ltd.)
HKLM…Run: [RtkAudUService] => C:WindowsSystem32DriverStoreFileRepositoryrealtekservice.inf_amd64_bc81681eb27bc1aeRtkAudUService64.exe [1223224 2021-01-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM…Run: [Logitech Download Assistant] => C:WindowsSystem32LogiLDA.dll [3952096 2020-03-11] (Logitech -> Logitech, Inc.)
HKLM-x32…Run: [ConnectionCenter] => C:Program Files (x86)CitrixICA Clientconcentr.exe [2344552 2021-07-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32…Run: [Redirector] => C:Program Files (x86)CitrixICA Clientredirector.exe [798312 2021-07-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32…Run: [LastApp] => C:Program Files (x86)LastPasslastapp_x64.exe [53617344 2019-11-15] (LogMeIn, Inc. -> LastPass)
HKLM-x32…Run: [DLSWebSvc] => C:Program Files (x86)DYMODYMO Label SoftwareDYMO.DLS.Printing.Host.exe [5130240 2021-03-18] (Sanford, L.P.) [File not signed]
HKLM-x32…Run: [athenaNetDeviceManager] => C:Program Files (x86)athenahealth, IncaNetDeviceManager3.1.3.0TrayAppTrayAppLauncher.exe [28968 2020-09-30] (Athenahealth, Inc. -> athenahealth, inc) [File not signed]
HKLM-x32…Run: [PSUAMain] => C:Program Files (x86)Panda SecurityWACPSUAMain.exe [115704 2017-10-17] (Panda Security S.L. -> Panda Security, S.L.)
HKUS-1-5-21-3254881376-3538040254-3546701925-1003…Run: [MicrosoftEdgeAutoLaunch_AF2BBCAD27A22A0C1234356BDE5EE233] => “C:Program Files (x86)MicrosoftEdgeApplicationmsedge.exe” –no-startup-window –win-session-start /prefetch:5
HKLM…PrintMonitorsCPCA Language Monitor3b: C:Windowssystem32CNAS0MOK.DLL [1282048 2017-10-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM…PrintMonitorsDYMO LabelWriter Monitor: C:Windowssystem32LW400MON.DLL [16384 2021-03-15] (Microsoft Windows Hardware Compatibility Publisher -> DYMO Corp.)
HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program FilesGoogleChromeApplication94.0.4606.71Installerchrmstp.exe [2021-10-04] (Google LLC -> Google LLC)
HKLMSoftwareWow6432NodeMicrosoftActive SetupInstalled Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:Program Files (x86)AdobeAcrobat Reader DCEslAiodLite.dll [2021-07-24] (Adobe Inc. -> Adobe Systems, Inc.)
Policies: C:ProgramDataNTUSER.pol: Restriction <==== ATTENTION
HKLMSOFTWAREPoliciesGoogle: Restriction <==== ATTENTION
HKLMSOFTWAREPoliciesMicrosoftEdge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1EEDC404-81DF-49F7-95DF-59282DC4787E} – System32Taskschoco-upgrade-all-at-abort => taskkill [Argument = /im choco.exe /f /t]
Task: {2B445CBA-5319-4BF7-A40F-9C56EFDCAA21} – System32TasksMicrosoftOfficeOffice 15 Subscription Heartbeat => C:Program FilesCommon FilesMicrosoft SharedOffice16OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {2B6CD979-F8B3-4F9D-ACE4-0A822F7E9E91} – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [156232 2021-08-31] (Google LLC -> Google LLC)
“C:WindowsSystem32TasksMicrosoftWindowsGroupPolicy{A7719E0F-10DB-4640-AD8C-490CC6AD5202}” was unlocked. <==== ATTENTION
Task: {391DDDD9-0DB8-4ACB-9842-D21F4FA98BA7} – System32TasksMicrosoftWindowsGroupPolicy{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:Windowssystem32gpupdate.exe [30720 2021-07-06] (Microsoft Windows -> Microsoft Corporation)
Task: {45ED5690-298C-4DE3-A230-8E44AFFF8BD5} – System32TasksMicrosoftOfficeOfficeTelemetryAgentLogOn2016 => C:Program FilesMicrosoft OfficeOffice16msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {4808F33D-5360-4A7C-8162-71BD4F04D39C} – System32TasksMicrosoftOfficeOfficeTelemetryAgentFallBack2016 => C:Program FilesMicrosoft OfficeOffice16msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {960EA000-7172-43FE-9909-67B42B1DE490} – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [156232 2021-08-31] (Google LLC -> Google LLC)
“C:WindowsSystem32TasksMicrosoftWindowsGroupPolicy{3E0A038B-D834-4930-9981-E89C9BFF83AA}” was unlocked. <==== ATTENTION
Task: {9E94D68E-97AB-44CD-AD36-B2D6C42AA5E2} – System32TasksMicrosoftWindowsGroupPolicy{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:Windowssystem32gpupdate.exe [30720 2021-07-06] (Microsoft Windows -> Microsoft Corporation)
Task: {D081998D-CF79-40F5-BC6E-B2ED361149A7} – System32Taskschoco-upgrade-all-at => C:ProgramDatachocolateybinchoco-upgrade-all.bat [123 2021-08-31] () [File not signed]
Task: {DFD96464-8FAC-4B49-9790-F6CBCA4065F3} – System32TasksADM_{5C0E5C40-810E-4FC0-BB1D-7A5CBC54B60C} => C:Program Files (x86)athenahealth, IncaNetDeviceManager3.1.3.0TrayAppADMUpdater.exe [27944 2020-09-30] (Athenahealth, Inc. -> ) [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:WindowsTasksADM_{5C0E5C40-810E-4FC0-BB1D-7A5CBC54B60C}.job => C:Program Files (x86)athenahealth, IncaNetDeviceManager3.1.3.0TrayAppADMUpdater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:Program Files (x86)BonjourmdnsNSP.dll [121704 2011-08-31] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:Program FilesBonjourmdnsNSP.dll [132968 2011-08-31] (Apple Inc. -> Apple Inc.)
TcpipParameters: [DhcpNameServer] 192.168.1.1
Tcpip..Interfaces{c43c12ad-5c23-426d-99af-bcf021fa75e3}: [DhcpNameServer] 192.168.1.1
Tcpip..Interfaces{fbac7952-6138-4f6a-a67a-e189dbe3175e}: [DhcpNameServer] 172.16.1.19 172.16.1.250
HKLMSOFTWAREPoliciesMicrosoftInternet Explorer: Restriction <==== ATTENTION

Edge:
=======
Edge Profile: C:UserstestAppDataLocalMicrosoftEdgeUser DataDefault [2021-10-06]

FireFox:
========
FF Plugin: @lastpass.com/NPLastPass -> C:Program Files (x86)LastPassnplastpass64.dll [2021-08-31] (LastPass (Marvasol Inc) -> LastPass)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:PROGRA~1MICROS~1Office16NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:Program Files (x86)LastPassnplastpass64.dll [2021-08-31] (LastPass (Marvasol Inc) -> LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:Program Files (x86)Mozilla Firefoxpluginsnpmeetingjoinpluginoc.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:PROGRA~2MICROS~2Office16NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:Program Files (x86)AdobeAcrobat Reader DCReaderAIRnppdf32.dll [2021-07-24] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR HKLM…ChromeExtension: [hdokiejnpimakedhajhdlcegeplioahd]
CHR HKLM-x32…ChromeExtension: [hdokiejnpimakedhajhdlcegeplioahd]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ApHidMonitorService; C:Windowssystem32DellTPadHidMonitorSvc.exe [867216 2019-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Alps Electric Co., Ltd.)
R2 athenaNetDeviceManager3.1; C:Program Files (x86)athenahealth, IncaNetDeviceManager3.1.3.0WindowsServiceApollo.exe [54056 2020-09-30] (Athenahealth, Inc. -> athenahealth, inc) [File not signed]
R2 CWAUpdaterService; C:Program Files (x86)CitrixICA ClientReceiverUpdaterService.exe [51816 2021-07-27] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
R2 DellFFDPWmiService; C:WindowsSystem32driversDellFFDPWmiService.exe [32528 2020-02-17] (“STMicroelectronics Srl” -> )
R2 DymoPnpService; C:Program Files (x86)DYMODYMO Label SoftwareDymoPnpService.exe [27136 2021-03-18] (Sanford, L.P.) [File not signed]
R2 hostcontrolsvc; C:WindowsSystem32bcmHostControlService.exe [841984 2021-05-17] (Broadcom Corporation -> Broadcom Corporation)
R2 hoststoragesvc; C:WindowsSystem32bcmHostStorageService.exe [178432 2021-05-17] (Broadcom Corporation -> Broadcom Corporation)
R2 NanoServiceMain; C:Program Files (x86)Panda SecurityWACPSANHost.exe [109024 2017-09-19] (Panda Security S.L. -> Panda Security, S.L.)
R2 NVWMI; C:Windowssystem32nvwmi64.exe [4777560 2020-03-31] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PSUAService; C:Program Files (x86)Panda SecurityWACPSUAService.exe [48784 2017-10-17] (Panda Security S.L. -> Panda Security, S.L.)
R2 ScreenConnect Client (637ec66d614d25d4); C:Program Files (x86)ScreenConnect Client (637ec66d614d25d4)ScreenConnect.ClientService.exe [90728 2021-03-22] (ConnectWise, LLC -> )
S3 Sense; C:Program FilesWindows Defender Advanced Threat ProtectionMsSense.exe [5394872 2021-09-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ushupgradesvc; C:WindowsSystem32bcmUshUpgradeService.exe [312992 2021-05-17] (Broadcom Corporation -> )
R2 WAHost; C:Program Files (x86)Panda SecurityWaAgentWAHostWAHost.exe [571536 2017-11-30] (Panda Security S.L. -> Panda Security International)
S3 WdNisSvc; C:Program FilesWindows DefenderNisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:Program FilesWindows DefenderMsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:WindowsSystem32DriverStoreFileRepositorynvdm.inf_amd64_8f0766276bba828fDisplay.NvContainerNVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%NVDisplay.ContainerLocalSystem.log -l 3 -d C:WindowsSystem32DriverStoreFileRepositorynvdm.inf_amd64_8f0766276bba828fDisplay.NvContainerpluginsLocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystemLocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ApHidfiltrService; C:WindowsSystem32driversApHidfiltrSW.sys [363920 2019-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Alps Electric Co., Ltd.)
S3 BthA2dp; C:WindowsSystem32driversBthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R2 ctxusbm; C:Windowssystem32DRIVERSctxusbmon.sys [135160 2021-07-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
R2 dvctprov; C:WindowsSystem32DRIVERSdvctprov.sys [112888 2015-12-22] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSALPC; C:Windowssystem32DRIVERSNNSALPC.sys [108000 2017-10-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSDHCP; C:Windowssystem32DRIVERSNNSDHCP.sys [104416 2017-10-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSDNS; C:Windowssystem32DRIVERSNNSDNS.sys [99296 2017-10-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSHTTP; C:Windowssystem32DRIVERSNNSHTTP.sys [211936 2017-10-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSHTTPS; C:Windowssystem32DRIVERSNNSHTTPS.sys [121312 2017-10-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSIDS; C:Windowssystem32DRIVERSNNSIDS.sys [126432 2017-10-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSNAHSL; C:Windowssystem32DRIVERSNNSNAHSL.sys [99512 2017-09-26] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPICC; C:Windowssystem32DRIVERSNNSPICC.sys [117728 2017-10-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPIHSW; C:Windowssystem32DRIVERSNNSPIHSW.sys [91616 2017-10-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPOP3; C:Windowssystem32DRIVERSNNSPOP3.sys [135648 2017-10-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPROT; C:Windowssystem32DRIVERSNNSPROT.sys [335840 2017-10-19] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPRV; C:Windowssystem32DRIVERSNNSPRV.sys [250760 2018-01-22] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSSMTP; C:Windowssystem32DRIVERSNNSSMTP.sys [123360 2017-10-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSSTRM; C:Windowssystem32DRIVERSNNSSTRM.sys [281056 2017-10-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSTLSC; C:Windowssystem32DRIVERSNNSTLSC.sys [125920 2017-10-06] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINAflt; C:Windowssystem32DRIVERSPSINAflt.sys [191456 2017-11-07] (Panda Security S.L. -> Panda Security, S.L.)
R0 PSINDvct; C:WindowsSystem32DRIVERSPSINDvct.sys [62224 2015-01-23] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINFile; C:WindowsSystem32DRIVERSPSINFile.sys [154000 2018-01-19] (Panda Security S.L. -> Panda Security, S.L.)
R1 PSINKNC; C:Windowssystem32DRIVERSPSINKNC.sys [207240 2018-01-16] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINProc; C:WindowsSystem32DRIVERSPSINProc.sys [146912 2017-10-16] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINProt; C:Windowssystem32DRIVERSPSINProt.sys [159200 2017-10-16] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINReg; C:Windowssystem32DRIVERSPSINReg.sys [128992 2017-10-16] (Panda Security S.L. -> Panda Security, S.L.)
R3 PSKMAD; C:WindowsSystem32DRIVERSPSKMAD.sys [72648 2017-05-22] (Panda Security S.L. -> Panda Security, S.L.)
R1 vbdenum; C:WindowsSystem32driversvbdenum.sys [119432 2020-04-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
R3 wbfcvusbdrv; C:WindowsSystem32Driverswbfcvusbdrv.sys [31464 2021-05-17] (Broadcom Corporation -> Broadcom Corporation)
S3 WdBoot; C:Windowssystem32driversWdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:Windowssystem32driversWdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:WindowsSystem32DriversWdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WiManH; C:WindowsSystem32DriverStoreFileRepositorywiman.inf_amd64_420e5de7a8744212WiManHWiManH.sys [174672 2021-04-19] (Intel Corporation -> )
U4 xbgm; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-06 20:16 – 2021-10-06 20:16 – 000022360 _____ C:UserstestDownloadsFRST.txt
2021-10-06 20:15 – 2021-10-06 20:16 – 000000000 ____D C:FRST
2021-10-06 20:14 – 2021-10-06 20:14 – 002308096 _____ (Farbar) C:UserstestDownloadsUnconfirmed 45658.crdownload
2021-10-06 20:13 – 2021-10-06 20:14 – 002308096 _____ (Farbar) C:UserstestDownloadsFRST64.exe
2021-10-06 20:11 – 2021-10-06 20:11 – 000003368 _____ C:Windowssystem32TasksOneDrive Standalone Update Task-S-1-5-21-3254881376-3538040254-3546701925-1003
2021-10-06 20:11 – 2021-10-06 20:11 – 000002364 _____ C:UserstestAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk
2021-10-06 20:11 – 2021-10-06 20:11 – 000000000 ___RD C:UserstestOneDrive
2021-10-06 20:10 – 2021-10-06 20:15 – 000000000 ____D C:UserstestAppDataLocalPackages
2021-10-06 20:10 – 2021-10-06 20:13 – 000000000 ____D C:UserstestAppDataLocalD3DSCache
2021-10-06 20:10 – 2021-10-06 20:11 – 000000000 ____D C:UserstestAppDataLocalIntel
2021-10-06 20:10 – 2021-10-06 20:10 – 000000020 ___SH C:Userstestntuser.ini
2021-10-06 20:10 – 2021-10-06 20:10 – 000000000 __SHD C:UserstestIntelGraphicsProfiles
2021-10-06 20:10 – 2021-10-06 20:10 – 000000000 ___RD C:Userstest3D Objects
2021-10-06 20:10 – 2021-10-06 20:10 – 000000000 ____D C:UserstestAppDataRoamingICAClient
2021-10-06 20:10 – 2021-10-06 20:10 – 000000000 ____D C:UserstestAppDataRoamingGreenshot
2021-10-06 20:10 – 2021-10-06 20:10 – 000000000 ____D C:UserstestAppDataRoamingAdobe
2021-10-06 20:10 – 2021-10-06 20:10 – 000000000 ____D C:UserstestAppDataLocalLowLastPass
2021-10-06 20:10 – 2021-10-06 20:10 – 000000000 ____D C:UserstestAppDataLocalLowIntel
2021-10-06 20:10 – 2021-10-06 20:10 – 000000000 ____D C:UserstestAppDataLocalVirtualStore
2021-10-06 20:10 – 2021-10-06 20:10 – 000000000 ____D C:UserstestAppDataLocalIsolatedStorage
2021-10-06 20:10 – 2021-10-06 20:10 – 000000000 ____D C:UserstestAppDataLocalGreenshot
2021-10-06 20:10 – 2021-10-06 20:10 – 000000000 ____D C:UserstestAppDataLocalGoogle
2021-10-06 20:10 – 2021-10-06 20:10 – 000000000 ____D C:UserstestAppDataLocalDYMO
2021-10-06 20:10 – 2021-10-06 20:10 – 000000000 ____D C:UserstestAppDataLocalConnectedDevicesPlatform
2021-10-06 20:10 – 2021-10-06 20:10 – 000000000 ____D C:UserstestAppDataLocalCitrix
2021-10-06 20:10 – 2021-10-06 20:10 – 000000000 ____D C:UserstestAppDataLocalCEF
2021-10-06 20:10 – 2021-10-06 20:10 – 000000000 ____D C:UserstestAppDataLocalathenahealth, Inc
2021-10-06 20:10 – 2021-10-06 19:56 – 000000276 _____ C:UserstestDesktoponemacusa[.]com drive by download – Virus, Trojan, Spyware, and Malware Removal Help.URL
2021-10-06 20:10 – 2021-09-17 16:39 – 000000000 ____D C:UserstestAppDataLocalMicrosoft Help
2021-10-06 20:09 – 2021-10-06 20:11 – 000000000 ____D C:Userstest
2021-10-06 15:08 – 2021-10-06 15:07 – 000065536 _____ C:Windowssystem32configsam-ms
2021-09-17 16:44 – 2021-09-17 16:44 – 000000000 ____D C:Program Files (x86)Mozilla Firefox
2021-09-17 16:39 – 2021-09-17 16:39 – 000000000 ____D C:UsersDefaultAppDataLocalMicrosoft Help
2021-09-17 11:04 – 2021-09-17 11:04 – 006923649 _____ C:UsersjmoranDownloadsdocumentlabellist.csv
2021-09-17 07:32 – 2021-05-17 03:40 – 002161960 _____ (Microsoft Corporation) C:Windowssystem32WudfUpdate_01009.dll
2021-09-17 07:32 – 2021-05-17 03:40 – 000841984 _____ (Broadcom Corporation) C:Windowssystem32bcmHostControlService.exe
2021-09-17 07:32 – 2021-05-17 03:40 – 000655104 _____ (Broadcom Corporation) C:Windowssystem32bcmbipdll.dll
2021-09-17 07:32 – 2021-05-17 03:40 – 000548104 _____ (Broadcom) C:Windowssystem32bcmcvproppage.dll
2021-09-17 07:32 – 2021-05-17 03:40 – 000312992 _____ C:Windowssystem32bcmUshUpgradeService.exe
2021-09-17 07:32 – 2021-05-17 03:40 – 000286880 _____ C:Windowssystem32bcmFirmwareUpgradeProgress.exe
2021-09-17 07:32 – 2021-05-17 03:40 – 000259392 _____ (Broadcom Corporation) C:Windowssystem32bcmlms.dll
2021-09-17 07:32 – 2021-05-17 03:40 – 000178432 _____ (Broadcom Corporation) C:Windowssystem32bcmHostStorageService.exe
2021-09-17 07:32 – 2021-05-17 03:40 – 000139008 _____ (Broadcom Corporation) C:Windowssystem32bcmCVUsrIfc.dll
2021-09-17 07:32 – 2021-05-17 03:40 – 000078056 _____ (Broadcom Corporation) C:Windowssystem32Driverscvusbdrv.sys
2021-09-17 07:32 – 2021-05-17 03:40 – 000033512 _____ (Broadcom Corporation) C:Windowssystem32bcmCVRemoteServer.exe
2021-09-17 07:32 – 2021-05-17 03:40 – 000031464 _____ (Broadcom Corporation) C:Windowssystem32Driverswbfcvusbdrv.sys
2021-09-17 07:32 – 2021-05-14 07:07 – 002788571 _____ C:Windowssystem32bcmDeviceFirmwareCitadel_7.bin
2021-09-17 07:32 – 2021-05-14 07:07 – 002788571 _____ C:Windowssystem32bcmDeviceFirmwareCitadel_1.bin
2021-09-17 07:32 – 2021-05-14 07:07 – 002490288 _____ C:Windowssystem32bcmCitadel_7.otp
2021-09-17 07:32 – 2021-05-14 07:07 – 002490288 _____ C:Windowssystem32bcmCitadel_1.otp
2021-09-17 07:32 – 2021-05-14 07:07 – 000166688 _____ C:Windowssystem32bcmsbi_External_1.otp
2021-09-17 07:32 – 2021-05-14 07:07 – 000166672 _____ C:Windowssystem32bcmsbi_External_7.otp
2021-09-17 07:32 – 2021-05-14 07:07 – 000161552 _____ C:Windowssystem32bcmsbiCitadelA0_7.otp
2021-09-17 07:32 – 2021-05-14 07:07 – 000161552 _____ C:Windowssystem32bcmsbiCitadelA0_1.otp
2021-09-17 07:32 – 2021-05-14 07:07 – 000000056 _____ C:Windowssystem32bcm_cv_current_version.txt
2021-09-14 21:26 – 2021-09-14 21:26 – 002295296 _____ (Digimarc) C:Windowssystem32DMRCDecoder.dll
2021-09-14 21:26 – 2021-09-14 21:26 – 002260992 _____ C:Windowssystem32TextInputMethodFormatter.dll
2021-09-14 21:26 – 2021-09-14 21:26 – 002111488 _____ (Digimarc) C:WindowsSysWOW64DMRCDecoder.dll
2021-09-14 21:26 – 2021-09-14 21:26 – 001823304 _____ (Microsoft Corporation) C:Windowssystem32winload.efi
2021-09-14 21:26 – 2021-09-14 21:26 – 001393480 _____ (Microsoft Corporation) C:Windowssystem32winresume.efi
2021-09-14 21:26 – 2021-09-14 21:26 – 001333760 _____ C:WindowsSysWOW64TextInputMethodFormatter.dll
2021-09-14 21:26 – 2021-09-14 21:26 – 001313608 _____ (Microsoft Corporation) C:Windowssystem32SecConfig.efi
2021-09-14 21:26 – 2021-09-14 21:26 – 001164288 _____ C:Windowssystem32MBR2GPT.EXE
2021-09-14 21:26 – 2021-09-14 21:26 – 000672768 _____ C:Windowssystem32FsNVSDeviceSource.dll
2021-09-14 21:26 – 2021-09-14 21:26 – 000570368 _____ (Microsoft Corporation) C:Windowssystem32inetcpl.cpl
2021-09-14 21:26 – 2021-09-14 21:26 – 000566784 _____ (Microsoft Corporation) C:Windowssystem32winspool.drv
2021-09-14 21:26 – 2021-09-14 21:26 – 000452096 _____ (Microsoft Corporation) C:WindowsSysWOW64inetcpl.cpl
2021-09-14 21:26 – 2021-09-14 21:26 – 000426496 _____ (Microsoft Corporation) C:WindowsSysWOW64winspool.drv
2021-09-14 21:26 – 2021-09-14 21:26 – 000272384 _____ C:Windowssystem32TpmTool.exe
2021-09-14 21:26 – 2021-09-14 21:26 – 000223744 _____ C:WindowsSysWOW64TpmTool.exe
2021-09-14 21:26 – 2021-09-14 21:26 – 000170496 _____ C:Windowssystem32DeviceUpdateCenterCsp.dll
2021-09-14 21:26 – 2021-09-14 21:26 – 000162816 _____ C:Windowssystem32DataStoreCacheDumpTool.exe
2021-09-14 21:26 – 2021-09-14 21:26 – 000147456 _____ (Microsoft Corporation) C:Windowssystem32wshom.ocx
2021-09-14 21:26 – 2021-09-14 21:26 – 000122880 _____ (Microsoft Corporation) C:WindowsSysWOW64wshom.ocx
2021-09-14 21:26 – 2021-09-14 21:26 – 000098816 _____ C:Windowssystem32Driverscimfs.sys
2021-09-14 21:26 – 2021-09-14 21:26 – 000011355 _____ C:Windowssystem32DrtmAuthTxt.wim
2021-09-14 21:22 – 2021-09-14 21:22 – 000000000 ___HD C:$WinREAgent
2021-09-08 07:35 – 2021-09-08 07:36 – 000000000 ____D C:UsersjmoranAppDataLocalIntel
2021-09-08 07:35 – 2021-09-08 07:35 – 000000000 __SHD C:UsersjmoranIntelGraphicsProfiles
2021-09-08 07:34 – 2021-09-08 07:34 – 000000000 ____D C:Windowssystem32TasksIntel
2021-09-08 07:34 – 2021-09-08 07:34 – 000000000 ____D C:ProgramDataIntel

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-06 20:15 – 2019-12-07 04:14 – 000000000 ____D C:WindowsAppReadiness
2021-10-06 20:15 – 2019-12-07 04:13 – 000000000 ____D C:WindowsINF
2021-10-06 20:13 – 2021-08-31 13:56 – 000000000 ____D C:Program Files (x86)Google
2021-10-06 20:10 – 2021-08-31 13:54 – 000000000 __RHD C:UsersPublicAccountPictures
2021-10-06 20:10 – 2019-12-07 04:14 – 000000000 ___RD C:WindowsImmersiveControlPanel
2021-10-06 20:09 – 2021-08-31 14:01 – 000000000 ____D C:ProgramDataboost_interprocess
2021-10-06 20:09 – 2021-08-31 13:52 – 000008192 ___SH C:DumpStack.log.tmp
2021-10-06 20:09 – 2021-08-31 13:52 – 000000006 ____H C:WindowsTasksSA.DAT
2021-10-06 20:09 – 2021-08-31 13:43 – 000000000 ____D C:Intel
2021-10-06 20:09 – 2021-08-31 13:27 – 000046962 _____ C:Windowssystem32CVFirmwareUpgradeLog.txt
2021-10-06 20:09 – 2019-12-07 04:14 – 000000000 ____D C:WindowsServiceState
2021-10-06 20:09 – 2019-12-07 04:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft
2021-10-06 18:25 – 2021-08-31 13:36 – 000016746 _____ C:ProgramDataDisplaySessionContainer1.log_backup1
2021-10-06 18:25 – 2021-08-31 13:30 – 000017131 _____ C:ProgramDataNVDisplay.ContainerLocalSystem.log_backup1
2021-10-06 18:25 – 2021-08-31 13:30 – 000006450 _____ C:ProgramDataNVDisplayContainerWatchdog.log_backup1
2021-10-06 18:23 – 2021-08-31 13:30 – 000001205 _____ C:ProgramDataNvcDispCorePlugin.log_backup1
2021-10-06 14:07 – 2019-12-07 04:03 – 000524288 _____ C:Windowssystem32configBBI
2021-10-06 14:05 – 2021-08-31 13:52 – 000487016 _____ C:Windowssystem32FNTCACHE.DAT
2021-10-06 14:05 – 2021-08-31 13:38 – 000000136 _____ C:Windowssystem32confignetlogon.ftl
2021-10-06 10:01 – 2019-12-07 04:52 – 000000000 ____D C:Program FilesWindows Defender Advanced Threat Protection
2021-10-06 10:01 – 2019-12-07 04:14 – 000000000 ____D C:WindowsSysWOW64WinMetadata
2021-10-06 10:01 – 2019-12-07 04:14 – 000000000 ____D C:WindowsSysWOW64oobe
2021-10-06 10:01 – 2019-12-07 04:14 – 000000000 ____D C:WindowsSysWOW64Dism
2021-10-06 10:01 – 2019-12-07 04:14 – 000000000 ____D C:WindowsSystemResources
2021-10-06 10:01 – 2019-12-07 04:14 – 000000000 ____D C:Windowssystem32WinMetadata
2021-10-06 10:01 – 2019-12-07 04:14 – 000000000 ____D C:Windowssystem32WinBioPlugIns
2021-10-06 10:01 – 2019-12-07 04:14 – 000000000 ____D C:Windowssystem32oobe
2021-10-06 10:01 – 2019-12-07 04:14 – 000000000 ____D C:Windowssystem32migwiz
2021-10-06 10:01 – 2019-12-07 04:14 – 000000000 ____D C:Windowssystem32Dism
2021-10-06 10:01 – 2019-12-07 04:14 – 000000000 ____D C:Windowssystem32DDFs
2021-10-06 10:01 – 2019-12-07 04:14 – 000000000 ____D C:Windowssystem32appraiser
2021-10-06 10:01 – 2019-12-07 04:14 – 000000000 ____D C:WindowsShellComponents
2021-10-06 10:01 – 2019-12-07 04:14 – 000000000 ____D C:WindowsProvisioning
2021-10-06 10:01 – 2019-12-07 04:14 – 000000000 ____D C:WindowsPolicyDefinitions
2021-10-06 10:01 – 2019-12-07 04:14 – 000000000 ____D C:Windowsbcastdvr
2021-10-06 10:01 – 2019-12-07 04:03 – 000000000 ____D C:Windowsservicing
2021-10-06 10:00 – 2021-08-31 13:44 – 000000000 ____D C:Usersjmoran
2021-10-06 07:53 – 2021-08-31 13:46 – 000003362 _____ C:Windowssystem32TasksOneDrive Standalone Update Task-S-1-5-21-459868269-849608783-1538882281-5090
2021-10-06 07:53 – 2021-08-31 13:46 – 000002382 _____ C:UsersjmoranAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk
2021-10-06 07:49 – 2021-08-31 13:52 – 000000000 ____D C:Windowssystem32SleepStudy
2021-10-04 08:38 – 2019-12-07 04:14 – 000000000 ___HD C:Program FilesWindowsApps
2021-10-04 07:46 – 2021-08-31 13:52 – 000002438 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk
2021-10-04 07:40 – 2021-08-31 13:56 – 000002247 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk
2021-10-04 07:40 – 2021-08-31 13:56 – 000002206 _____ C:UsersPublicDesktopGoogle Chrome.lnk
2021-10-04 07:40 – 2021-08-31 13:52 – 000003480 _____ C:Windowssystem32TasksMicrosoftEdgeUpdateTaskMachineUA
2021-10-04 07:40 – 2021-08-31 13:52 – 000003356 _____ C:Windowssystem32TasksMicrosoftEdgeUpdateTaskMachineCore
2021-10-01 13:51 – 2021-08-31 13:56 – 000003420 _____ C:Windowssystem32TasksGoogleUpdateTaskMachineUA
2021-10-01 13:51 – 2021-08-31 13:56 – 000003296 _____ C:Windowssystem32TasksGoogleUpdateTaskMachineCore
2021-09-30 08:43 – 2021-09-01 10:21 – 000000739 _____ C:UsersjmoranDesktoplabel-printer-change.ps1 – Shortcut.lnk
2021-09-17 16:51 – 2019-12-07 04:14 – 000000167 _____ C:Windowswin.ini
2021-09-17 16:41 – 2019-12-07 04:14 – 000000000 ____D C:Program FilesCommon Filesmicrosoft shared
2021-09-17 16:35 – 2021-08-31 13:39 – 000025198 __RSH C:ProgramDatantuser.pol
2021-09-14 21:28 – 2019-12-07 04:03 – 000000000 ____D C:WindowsCbsTemp
2021-09-14 21:20 – 2021-09-02 15:47 – 000000000 ____D C:Windowssystem32MRT
2021-09-14 21:19 – 2021-09-02 15:47 – 135637312 ____C (Microsoft Corporation) C:Windowssystem32MRT.exe
2021-09-10 07:48 – 2021-09-02 16:33 – 000000000 ____D C:Program FilesMicrosoft Update Health Tools
2021-09-08 07:39 – 2021-08-31 14:00 – 000840602 _____ C:Windowssystem32PerfStringBackup.INI
2021-09-08 07:33 – 2019-12-07 04:14 – 000000000 ___SD C:Windowssystem32UNP
2021-09-08 07:33 – 2019-12-07 04:14 – 000000000 ____D C:Program FilesCommon FilesSystem
2021-09-07 08:12 – 2021-08-31 13:45 – 000000000 ____D C:UsersjmoranAppDataLocalD3DSCache

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


https://www.bleepingcomputer.com/forums/t/759545/onemacusacom-drive-by-download/

Erlando F Rasatro

Next Post

How to find your IP address

Sat Feb 5 , 2022
Knowing how to find your IP address is a skill most of us rarely use in daily life, but it’s the kind of know-how you’ll appreciate having when you need it — especially if you’re running one of the best Wi-Fi routers. Knowing your IP address is important when you’re […]