![]() ![]() HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: 8.8.8.8 HKLM\.\Print\Monitors\LIDIL hpzllwn7: C:\Windows\system32\hpzllwn7.dll (Microsoft Windows -> Hewlett-Packard Company) HKLM\.\Print\Monitors\HP Discovery Port Monitor (HP DeskJet 2600 series): C:\Windows\system32\HPDiscoPM0053.dll (Hewlett Packard -> HP Inc.) HKLM\.\Print\Monitors\HP 0053 Status Monitor: C:\Windows\system32\hpinksts0053LM.dll (Hewlett Packard -> HP Inc.) HKLM\.\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll (Adobe Systems, Incorporated -> Adobe Systems Inc) HKLM\.\Windows 圆4\Print Processors\hpzppwn7: C:\Windows\System32\spool\prtprocs\圆4\hpzppwn7.dll (Microsoft Windows -> Hewlett-Packard Corporation) HKLM\.\Windows 圆4\Print Processors\hpcpp103: C:\Windows\System32\spool\prtprocs\圆4\hpcpp103.dll (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction C:\Program Files\Sandboxie\SbieCtrl.exe (Invincea, Inc. (If an entry is included in the fixlist, the registry item will be restored to default or removed. (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation -> Sysinternals - C:\Users\My PC\Downloads\ProcessExplorer\procexp64.exe > ) C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ![]() ![]() > Baidu, Inc.) C:\Program Files (x86)\Baidu WiFiHotspot\WifiHotspot.exe (Baidu Online Network Technology (Beijing) Co.,Ltd. (If an entry is included in the fixlist, the process will be closed. Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Ran by My PC (administrator) on MYPC-PC (Hewlett-Packard HP Pavilion g4 Notebook PC) (09-05-2021 01:23:43) Scan result of Farbar Recovery Scan Tool (FRST) (圆4) Version: 08-05-2021 01 txt doc fit, so attached Addition.txt per instructions. I REALLY REALLY REALLY APPRECIATE THIS FORUM, AND YOUR HELP! I have prob spent 50+ hours tooling around, reading articles on digital forensics, prob have downloaded at least half dozen apps by now. Let me know if I need to turn back on/rerun reports. I've opened a lot of dll's mui files etc in notepad & while mostly mumble jumble, super suspicious - since I have a standalone PC (of course I connect to the internet, but nobody shares my network or devices).Īlso, I was very lazy back then - logged in as admin, left PC on, long delay for password to kick in.ĪLSO WORTH MENTIONING - due to my increasing level of paranoia, I turned off many/if not all uneeded services. He was pretty well-versed in IT (since that's all he did, all day, every day) & I suspect (only) he loaded something via USB or maybe even somehow via our wireless, which is autorunning and somehow either sending an image to the print spooler (WMI / powershell), also some strange virtual disk activity, and a partition I don't remember creating (might be used for cache). My gut feeling - he's polluted my system with some kind of malware which has infected many points. After that initial login, a succession of "unspecified device" logins (or something like that, can't remember exact words but basically whomever was hacking my account learned how to ghost their system details). I was going to put off doing this, hoping to get a new laptop soon, however yesterday by accident I was logged into my eBay account & after tooling around found page of logins w/device type, and noticed a LINUX LOGIN. I've suspected for a long time, due to on/off again lagging, after which I would do some digging (I've used ever tool avail I think, but mostly Sysinternals Process Explorer) & find unrecognizable activity, A LOT of which refers to RPC/remote desktop/manifests/synchronous copies/VSS/loading-unloading/deleting logs after it's done. Highly suspect I'm being spied on by a creepy ex-roommate. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |