Jump to content

owenflass

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hey Kevin, Thanks for jumping in. Here's the FRST text: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-01-2021 Ran by Owen_Laptop (administrator) on OWEN-LAPTOP (LENOVO 20FN002JUS) (20-01-2021 14:58:56) Running from C:\Users\Owen_Laptop\Downloads Loaded Profiles: Owen_Laptop Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (%CFullName%) [File not signed] C:\Program Files\Lenovo\Fingerprint Manager Pro\opvapp.exe (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <4> (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe <2> (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe (Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco WebEx LLC -> Cisco Webex LLC) C:\Users\Owen_Laptop\AppData\Local\WebEx\ciscowebexstart.exe (Cisco WebEx LLC -> Cisco Webex LLC) C:\Users\Owen_Laptop\AppData\Local\WebEx\WebEx\Meetings\atmgr.exe (Corel Corporation -> WinZip Computing) C:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3> (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\113.4.507\QtWebEngineProcess.exe <2> (Global Media (Thailand) Co., Ltd -> Global Media (Thailand) Co., Ltd) C:\Program Files (x86)\MaskVPN\mask_svc.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <47> (IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe (IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel Corporation -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel(R) Wireless Display -> Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe (LENOVO (UNITED STATES) INC. -> Lenovo) C:\Users\Owen_Laptop\AppData\Local\Apps\2.0\8TND9YDE.LT0\A2JV6A34.32M\lsb...tion_2d7b41b05b24775e_0001.0006_3b0a905c8de4f74a\LSB.exe (LENOVO -> Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Lenovo -> Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo -> Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo -> Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo -> Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe (Lenovo -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Lenovo -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (LENOVO -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (LENOVO -> Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (LENOVO -> Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (LENOVO -> Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (LENOVO -> Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Lenovo -> Lenovo.) C:\Windows\System32\TpShocks.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <8> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\ftp.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe (Nok Nok Labs, Inc. -> Nok Nok Labs Inc.) C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe (Nok Nok Labs, Inc. -> Nok Nok Labs, Inc.) C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\mfac.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2> (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Robert McNeel and Associates -> Robert McNeel & Associates) [File not signed] C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe (Slack Technologies, Inc. -> Slack Technologies Inc.) C:\Users\Owen_Laptop\AppData\Local\slack\app-4.12.2\slack.exe <6> (Softex Incorporated -> Lenovo) [File not signed] C:\Program Files\Lenovo\Fingerprint Manager Pro\CoreService.exe (Synaptics Inc. -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated -> Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe (TEFINCOM S.A. -> TEFINCOM S.A.) C:\Program Files\NordVPN\NordVPN.exe (TEFINCOM S.A. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [296664 2017-05-12] (Lenovo -> Lenovo Group Limited) HKLM\...\Run: [MFACApp] => C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\mfac.exe [5449544 2014-10-16] (Nok Nok Labs, Inc. -> Nok Nok Labs, Inc.) HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7953504 2018-05-16] (Intel Corporation -> Motorola Solutions, Inc.) HKLM\...\Run: [AutoKMS] => C:\windows\AutoKMS.exe HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation) HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436704 2020-09-25] (Corel Corporation -> WinZip Computing, S.L.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-10-07] (Intel Corporation - Software and Firmware Products -> Intel Corporation) HKLM-x32\...\Run: [PWMTRV] => C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [6422696 2016-04-14] (LENOVO -> Lenovo Group Limited) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-06-29] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [766464 2016-02-29] (Cisco Systems, Inc. -> Cisco Systems, Inc.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation -> Microsoft Corporation) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2091064 2020-07-17] (Adobe Inc. -> Adobe Inc.) HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-09-14] (Adobe Inc. -> ) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7992336 2021-01-13] (Dropbox, Inc -> Dropbox, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [285544 2020-12-07] (IDSA Production signing key -> Intel) HKLM\...\RunOnce: [NCInstallQueue] => C:\windows\system32\netman.dll [360448 2009-07-13] (Microsoft Windows -> Microsoft Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3411232 2020-12-20] (Valve -> Valve Corporation) HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\Run: [Spotify] => C:\Users\Owen_Laptop\AppData\Roaming\Spotify\Spotify.exe [23592304 2020-12-14] (Spotify AB -> Spotify Ltd) HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91701608 2020-07-07] (Skype Software Sarl -> Skype Technologies S.A.) HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Owen_Laptop\AppData\Local\Microsoft\Teams\Update.exe [2452664 2021-01-18] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [718208 2010-03-16] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\Run: [com.squirrel.slack.slack] => C:\Users\Owen_Laptop\AppData\Local\slack\slack.exe [306856 2021-01-12] (Slack Technologies, Inc. -> Slack Technologies Inc.) HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [274176 2020-10-16] (TEFINCOM S.A. -> TEFINCOM S.A.) HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\Run: [utweb] => C:\Users\Owen_Laptop\AppData\Roaming\uTorrent Web\utweb.exe [5643392 2020-12-18] (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed] HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\Run: [AdvancedTimer] => rundll32.exe "C:\Users\Owen_Laptop\AppData\Roaming\AdvancedTimer\bdwtmr.dll",bdwtmr 7R-10-1 <==== ATTENTION HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\Run: [CiscoMeetingDaemon] => C:\Users\Owen_Laptop\AppData\Local\WebEx\ciscowebexstart.exe [2395968 2020-12-11] (Cisco WebEx LLC -> Cisco Webex LLC) HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\RunOnce: [b75426da614240b28394bef43a17be45] => cmd /C copy /Y "C:\Users\Owen_Laptop\AppData\Local\Autodesk\webdeploy\production\1c390f736d162708dcf21ff0d9d996bd09400ac2\FusionLauncher.exe" "C:\Users\Owen_Laptop\AppData\Local\Autodesk\webdeploy\pro (the data entry has 60 more characters). HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\RunOnce: [BPInstaller.exe_3244134] => C:\Program Files\Bitdefender Antivirus Free\kitinstaller\BPInstaller.exe [1751160 2020-11-26] (Bitdefender SRL -> Bitdefender) <==== ATTENTION HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\MountPoints2: {075927d2-9115-11e6-af2a-a434d9c3147c} - D:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\MountPoints2: {1b60b5f5-cdef-11e8-be87-a434d9c3147c} - V:\SETUP.EXE HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\MountPoints2: {31232113-10f7-4f16-b618-49f581460b89} - Q:\LenovoQDrive.cmd HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\MountPoints2: {c7b39a8c-d570-11e9-9119-507b9da3dbb0} - D:\.\Setup.exe AUTORUN=1 HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\MountPoints2: {e02bbddc-c75f-11ea-9f23-507b9da3dbb0} - D:\TP-LINK_Gigabit_Ethernet_USB_Adapter.exe HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\Winlogon: [Shell] explorer.exe,C:\Users\Owen_Laptop\Documents\update_z\z-cloude.exe, <==== ATTENTION HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-11] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniPassCredProv.dll [2017-10-11] (Softex Incorporated -> Softex Inc..) [File not signed] HKLM\Software\...\Authentication\Credential Provider Filters: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniPassCredProv.dll [2017-10-11] (Softex Incorporated -> Softex Inc..) [File not signed] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2021-01-19] ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing) InternetURL: C:\Users\Owen_Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gUsSwOIyGF.url -> URL: "C:\Users\Owen_Laptop\AppData\Roaming\FDAMEtjSLj\OKdip.js" Startup: C:\Users\Owen_Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2020-08-30] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) GroupPolicy: Restriction - Windows Defender <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION Policies: C:\Users\Owen_Laptop\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {038C34E1-62BB-491F-840F-84B10391DBF3} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation) Task: {0696AAA6-2C2D-4BD2-8929-91AC6C8E817E} - System32\Tasks\Lenovo\Lenovo PowerENGAGE => C:\Program Files (x86)\Lenovo Registration\lenovoreg.exe [552992 2015-01-09] (Leader Technologies Inc -> Aviata Inc) Task: {0A52C39F-896A-4417-884C-FD07BF748439} - System32\Tasks\Nok Nok LabsMFACUpdaterTaskMachineCore => C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [148224 2016-03-11] (Nok Nok Labs, Inc. -> Nok Nok Labs Inc.) Task: {0F6BA421-5D12-4CDA-9128-E2F731BABEFB} - System32\Tasks\Lenovo\Lenovo PowerENGAGE Update => C:\Program Files (x86)\Lenovo Registration\lenovoreg.exe [552992 2015-01-09] (Leader Technologies Inc -> Aviata Inc) Task: {0FD3718A-C323-45CB-91E8-B59679A39EA0} - System32\Tasks\RGxYjFwHxEIKfk => rundll32 "C:\Program Files (x86)\iZzTXVUzpkLU2\qOmNEllaOyjXg.dll",#1 Task: {1240D21F-28DD-45E8-9285-E073496C38E9} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-26] (Dropbox, Inc -> Dropbox, Inc.) Task: {182D7016-47EE-491B-AFAE-8924EF6B2218} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [9944400 2016-06-02] (LENOVO -> Lenovo) Task: {21AB821B-FA19-42EC-A0EC-0CAC0D5A7645} - System32\Tasks\Nok Nok LabsMFACUpdaterTaskMachineUA => C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [148224 2016-03-11] (Nok Nok Labs, Inc. -> Nok Nok Labs Inc.) Task: {2DA13F42-42BD-4B92-A6A3-09D7B6465D4C} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758648 2020-09-08] (Lenovo -> ) Task: {31F9181D-9272-4F8A-AD3A-FACE90CC9C5E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe Task: {3DE5926A-2B7D-473F-B523-E1ED3CAB5D9D} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758648 2020-09-08] (Lenovo -> ) Task: {3E770A1D-078E-4039-921B-872F22B80E28} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-1237113960-3301161054-180056513-1000 => "C:\windows\system32\rundll32.exe" dfshim.dll,ShOpenVerbShortcut C:\Users\Owen_Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms Task: {458BC213-B3C9-47B3-91F2-FF59B43A5052} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-24] (Intel(R) Software Asset Manager -> Intel Corporation) Task: {4C111FDB-E9A8-47EF-ABB6-1A5321360F5B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24612232 2021-01-07] (Microsoft Corporation -> Microsoft Corporation) Task: {4DC2ABDA-94A1-4442-AEF5-E3F6FD9476D6} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-24] (Intel(R) Software Asset Manager -> Intel Corporation) Task: {4EC1ABA5-2F76-4F1B-95DF-0DB41C2B24FF} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115048 2021-01-15] (Microsoft Corporation -> Microsoft Corporation) Task: {50A3E893-48A6-4ABA-B476-FC8E82FC4D0B} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation) Task: {53D16E4C-BB16-49B2-B7B8-B09317E99C73} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-01] (Google Inc -> Google Inc.) Task: {5C4AE0AD-56AB-4FCD-8783-0E0867448640} - System32\Tasks\G2MUploadTask-S-1-5-21-1237113960-3301161054-180056513-1000 => C:\Users\Owen_Laptop\AppData\Local\GoToMeeting\19228\g2mupload.exe [31320 2020-12-23] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {68640350-8582-4444-8523-59D3BA7F7857} - System32\Tasks\TVT\LaunchFR => C:\Program Files (x86)\Lenovo\Factory Recovery\FRReminder.exe [641024 2015-12-23] (TODO: <Company name>) [File not signed] Task: {6A713D03-96DD-43DA-B4E8-08AA72B4AE37} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe Task: {6E6B6E6B-AF1A-49DC-B321-82F92852C9E6} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618088 2020-07-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {6EFFB3E1-DCDD-4131-9B62-30A4EA8F42DE} - System32\Tasks\jKWAiJPrCvRiPvBmI2 => rundll32 "C:\Program Files (x86)\JZkvhlsaTPvVqBWGjRR\UaexdgB.dll",#1 Task: {6FBF38D0-4BB2-4ABA-90C3-A94377A2840F} - System32\Tasks\Lenovo Active Protection System => C:\windows\system32\TpShUI.exe [120424 2017-03-21] (Lenovo -> Lenovo.) Task: {70FAEBC2-66C3-463D-BEB0-C43FE819F5B0} - System32\Tasks\G2MUpdateTask-S-1-5-21-1237113960-3301161054-180056513-1000 => C:\Users\Owen_Laptop\AppData\Local\GoToMeeting\19228\g2mupdate.exe [31320 2020-12-23] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {7154CDD3-BF33-45B0-B1D2-F35636735C0C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1443736 2021-01-15] (Microsoft Corporation -> Microsoft Corporation) Task: {7B968493-C808-453C-AB08-A6440EF76EB0} - System32\Tasks\UzmKUqQhrGyANHq2 => rundll32 "C:\Program Files (x86)\QugXxQbwU\ONlayX.dll",#1 Task: {81B2632C-3273-4ECF-B04D-36E198D07443} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-01] (Google Inc -> Google Inc.) Task: {81B9185B-ADA9-48FE-8763-8F544126F2FD} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {8AA933C7-5082-4A3C-96DB-07B26B5F41B2} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3098912 2020-11-05] (Intel(R) System Usage Report -> Intel Corporation) Task: {933D4A8E-A501-4B58-8260-6E00B0CFB785} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3098912 2020-11-05] (Intel(R) System Usage Report -> Intel Corporation) Task: {99E44EF0-8595-4D4E-AF5F-D17E3860E0C3} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1321296 2016-06-02] (LENOVO -> Lenovo) Task: {9A9C5F07-B0A9-49B2-B7B5-5D72D648850A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115048 2021-01-15] (Microsoft Corporation -> Microsoft Corporation) Task: {A60D256B-39AB-4B68-8D67-ADC7D7D4A3FF} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation) Task: {B00900D1-39C0-4BB3-BA53-F74CF7E975C6} - System32\Tasks\Intel\Intel® Management and Security Status => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\\IMSS\PIconStartup.exe [232536 2020-06-08] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) -> "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\\IMSS\PrivacyIconClient.exe" 60 Task: {B0E5112A-38D2-47B9-A86C-8FD07196A859} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [895080 2020-10-28] (Bitdefender SRL -> Bitdefender) Task: {C361693A-F229-4B99-A448-4E058C1AF819} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [868 2019-01-22] () [File not signed] Task: {C38F725D-91FB-4A6B-B646-093F653FFE42} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [9944400 2016-06-02] (LENOVO -> Lenovo) Task: {C57C9A4D-3EFE-48E3-9F93-D27B7DAC37C6} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)" Task: {C5B860C1-DCA2-4BEC-8E5C-1DA75D363502} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618088 2020-07-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {C765356E-7E3B-4CF8-8BDA-3112EFF3CCF5} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [3649704 2016-04-14] (LENOVO -> Lenovo Group Limited) Task: {CB7D403A-E6F6-4189-9255-2D27E8AB7269} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [263504 2016-06-02] (LENOVO -> ) Task: {DEFF96E3-62E9-4907-ACF8-C6B580E11124} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24612232 2021-01-07] (Microsoft Corporation -> Microsoft Corporation) Task: {E54C0D84-8B8F-42B6-8127-BE3C559F3DD6} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-26] (Dropbox, Inc -> Dropbox, Inc.) Task: {E7890444-FCE2-4613-A99E-AE2509CDCEAE} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe Task: {EDEC8AFB-1AA7-4BA8-9ACF-3B151AE87870} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [1698000 2015-06-05] (Intel(R) Software -> Intel Corporation) Task: {F90DB0B5-ED4C-4E90-A92D-2826EB14F3EE} - System32\Tasks\JcGMxmGFDydOUFycSnE2 => rundll32 "C:\Program Files (x86)\wdOFiWGfYwbQC\zczignd.dll",#1 (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-1237113960-3301161054-180056513-1000.job => C:\Users\Owen_Laptop\AppData\Local\GoToMeeting\19228\g2mupdate.exe Task: C:\windows\Tasks\G2MUploadTask-S-1-5-21-1237113960-3301161054-180056513-1000.job => C:\Users\Owen_Laptop\AppData\Local\GoToMeeting\19228\g2mupload.exe Task: C:\windows\Tasks\Lenovo Active Protection System.job => C:\windows\system32\TpShUI.exe Task: C:\windows\Tasks\Nok Nok LabsMFACUpdaterTaskMachineCore.job => C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe Task: C:\windows\Tasks\Nok Nok LabsMFACUpdaterTaskMachineUA.job => C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{5C78E93E-5B44-4529-9B23-3D0393962E5F}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\Owen_Laptop\AppData\Local\Microsoft\Edge\User Data\Default [2020-11-15] Edge Notifications: Default -> hxxps://www.zdnet.com Edge Session Restore: Default -> is enabled. Edge HKLM-x32\...\Edge\Extension: [eofogjfkadmolbbmnlbohhbkhbodcjjm] FireFox: ======== FF HKLM\...\Firefox\Extensions: [FIDOaddon@noknok.com] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon FF Extension: (MFAC Extension) - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon [2016-03-11] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [FIDOaddon@noknok.com] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-11-15] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-11-15] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-07-17] (Adobe Inc. -> Adobe Systems) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-13] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @update.noknok.com/Nok Nok Labs MFACUpdater;version=3 -> C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\1.3.27.0\npGoogleUpdate3.dll [2016-03-11] (Nok Nok Labs, Inc. -> Nok Nok Labs Inc.) FF Plugin-x32: @update.noknok.com/Nok Nok Labs MFACUpdater;version=9 -> C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\1.3.27.0\npGoogleUpdate3.dll [2016-03-11] (Nok Nok Labs, Inc. -> Nok Nok Labs Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems, Incorporated -> Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-07-17] (Adobe Inc. -> Adobe Systems) FF Plugin ProgramFiles/Appdata: C:\Users\Owen_Laptop\AppData\Roaming\mozilla\plugins\npatgpc.dll [2019-07-19] Chrome: ======= CHR DefaultProfile: Profile 1 CHR Profile: C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default [2020-11-19] CHR StartupUrls: Default -> "hxxps://www.facebook.com/","hxxp://www.reddit.com/" CHR Extension: (Slides) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12] CHR Extension: (Entanglement Web App) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2016-09-30] CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2016-09-30] CHR Extension: (reddit companion) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe [2016-09-30] CHR Extension: (Docs) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] CHR Extension: (Google Drive) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-15] CHR Extension: (Audiotool) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2016-09-30] CHR Extension: (YouTube) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-30] CHR Extension: (Realm of the Mad God) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp [2016-09-30] CHR Extension: (Bomomo) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnalbhgkcocoepphagnnlaiomnnngeln [2016-09-30] CHR Extension: (Sheets) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15] CHR Extension: (Google Docs Offline) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-15] CHR Extension: (Pastebin.com) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghipmampnddcpdlppkkamoankmkmcbmh [2018-05-20] CHR Extension: (AdBlock — best ad blocker) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-11-15] CHR Extension: (Cisco Webex Extension) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2020-06-22] CHR Extension: (Reddit Enhancement Suite) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2020-10-07] CHR Extension: (Steambirds: Survival) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcdhpokmalcfjnfkjlfncgekebcojinn [2016-09-30] CHR Extension: (MFAC) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbgbpjganndfjjmlamggkkkjafblbahl [2016-10-01] CHR Extension: (Poppit!) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2016-09-30] CHR Extension: (Google Dictionary (by Google)) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2020-04-30] CHR Extension: (Frontline Defense 2 HD) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nincmkjomngcmklpdkmdkioemlhdieim [2016-09-30] CHR Extension: (Chrome Web Store Payments) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-06] CHR Extension: (Chess) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\npgkocgbnkibjgifkbgnepoebjgcamap [2018-06-25] CHR Extension: (Gmail) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-15] CHR Extension: (Chrome Media Router) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-15] CHR Extension: (Canvas Rider) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2016-09-30] CHR Profile: C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-01-20] CHR Notifications: Profile 1 -> hxxps://calendar.google.com; hxxps://meet.google.com; hxxps://www.netflix.com CHR Extension: (Slides) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-09-16] CHR Extension: (Easy Image Downloader) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\agckcglooaipjmbeipibmbffnogjfdfb [2021-01-19] CHR Extension: (Docs) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-09-16] CHR Extension: (Google Drive) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-27] CHR Extension: (YouTube) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-09-16] CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-12-16] CHR Extension: (Pushbullet) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2020-12-01] CHR Extension: (Sheets) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-09-16] CHR Extension: (Google Docs Offline) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-19] CHR Extension: (Chrome Web Store Payments) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-09-16] CHR Extension: (Gmail) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-27] CHR Extension: (Chrome Media Router) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-16] CHR Profile: C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\System Profile [2020-10-03] CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb] CHR HKLM-x32\...\Chrome\Extension: [mbgbpjganndfjjmlamggkkkjafblbahl] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\Chrome\x86\FidoExtension.crx [2014-10-16] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088 2015-06-29] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [844856 2020-06-20] (Adobe Inc. -> Adobe Inc.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11137416 2021-01-07] (Microsoft Corporation -> Microsoft Corporation) R2 CoreService; C:\Program Files\Lenovo\Fingerprint Manager Pro\CoreService.exe [858896 2017-10-11] (Softex Incorporated -> Lenovo) [File not signed] S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-26] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-26] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\windows\system32\DbxSvc.exe [44064 2021-01-13] (Dropbox, Inc -> Dropbox, Inc.) R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-21] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [326160 2016-04-14] (LENOVO -> Lenovo.) R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [532968 2018-05-19] (Intel Corporation -> Intel Corporation) S3 Intel(R) WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-24] (Intel(R) Software Asset Manager -> Intel Corporation) R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [395744 2015-01-14] (Intel(R) Wireless Display -> Intel) R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [169176 2017-05-12] (Lenovo -> Lenovo Group Limited) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [114632 2015-07-13] (LENOVO -> Lenovo Group Limited) S3 LenovoProdRegManager; C:\Program Files (x86)\Lenovo Registration\EngageService.exe [293416 2015-01-09] (Leader Technologies Inc -> Aviata, Inc.) S2 LPlatSvc; C:\windows\system32\LPlatSvc.exe [892760 2018-12-25] (Lenovo -> Lenovo.) S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (LENOVO -> Lenovo) R2 MaskVPNService; C:\Program Files (x86)\MaskVPN\mask_svc.exe [7493560 2020-08-06] (Global Media (Thailand) Co., Ltd -> Global Media (Thailand) Co., Ltd) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-19] (Malwarebytes Inc -> Malwarebytes) R2 McNeelUpdate; C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [68192 2002-02-02] (Robert McNeel and Associates -> Robert McNeel & Associates) [File not signed] R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [275200 2020-10-16] (TEFINCOM S.A. -> TEFINCOM S.A.) S2 omaha; C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [148224 2016-03-11] (Nok Nok Labs, Inc. -> Nok Nok Labs Inc.) S3 omaham; C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [148224 2016-03-11] (Nok Nok Labs, Inc. -> Nok Nok Labs Inc.) R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1355768 2020-10-28] (Bitdefender SRL -> Bitdefender) R2 valWBFPolicyService; C:\windows\system32\valWBFPolicyService.exe [95016 2016-08-01] (Synaptics Inc. -> Synaptics Incorporated) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 3dxhid; C:\windows\System32\DRIVERS\3dxhid.sys [50032 2019-09-03] (3Dconnexion SAM -> 3Dconnexion SAM) S3 btmaudio; C:\windows\System32\drivers\btmaud.sys [99272 2018-05-16] (Intel Corporation -> Motorola Solutions, Inc.) S3 btmaux; C:\windows\System32\DRIVERS\btmaux.sys [156616 2018-05-16] (Intel Corporation -> Motorola Solutions, Inc.) S3 btmhsf; C:\windows\System32\DRIVERS\btmhsf.sys [1566152 2018-05-16] (Intel Corporation -> Motorola Solutions, Inc.) R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [153312 2021-01-19] (Malwarebytes Corporation -> Malwarebytes) S3 FiioE17; C:\windows\System32\drivers\FiioE17.sys [64464 2012-11-26] (Galaxy Far East Corp. -> Windows (R) Win 7 DDK provider) S3 KMJHidMini; C:\windows\System32\DRIVERS\3dxkmj.sys [18944 2019-09-03] (3Dconnextion Inc.) [File not signed] S3 KMJShim; C:\windows\System32\DRIVERS\3dxshim.sys [7168 2019-09-03] (3Dconnextion Inc.) [File not signed] R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [220160 2021-01-19] (Malwarebytes Inc -> Malwarebytes) R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [197792 2021-01-20] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [77496 2021-01-20] (Malwarebytes Inc -> Malwarebytes) R3 MBAMSwissArmy; C:\windows\system32\drivers\mbamswissarmy.sys [248992 2021-01-19] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\windows\System32\DRIVERS\mwac.sys [129648 2021-01-20] (Malwarebytes Inc -> Malwarebytes) S2 NDivert; C:\windows\System32\DRIVERS\NDivert.sys [92360 2020-12-29] (TEFINCOM S.A. -> ) R3 nlwt; C:\windows\System32\DRIVERS\nlwt.sys [29888 2020-06-10] (TEFINCOM S.A. -> WireGuard LLC) R1 nordlwf; C:\windows\System32\DRIVERS\nordlwf.sys [29384 2020-12-14] (TEFINCOM S.A. -> TEFINCOM S.A.) R1 npcap; C:\windows\System32\DRIVERS\npcap.sys [74040 2019-03-24] (Insecure.Com LLC -> Insecure.Com LLC.) R1 OMNISMI; C:\windows\SysWOW64\drivers\omnismi.sys [14776 2015-03-04] (Softex Incorporated -> ) R1 pefndis; C:\windows\System32\DRIVERS\pefndis.sys [72408 2016-10-21] (Microsoft Corporation -> Microsoft Corporation) R0 PMDRVS; C:\windows\System32\DRIVERS\pmdrvs.sys [44160 2018-12-25] (Lenovo -> Lenovo.) S3 rtux64w7; C:\windows\System32\DRIVERS\rtux64w7.sys [275200 2015-10-20] (Realtek Semiconductor Corp -> Realtek) R3 SPUVCbv; C:\windows\System32\Drivers\SPUVCbv_x64.sys [700008 2015-10-05] (Sunplus Innovation Technology Inc. -> Sunplus) R3 tap0901; C:\windows\System32\DRIVERS\tap0901.sys [27136 2018-08-29] (OpenVPN Technologies, Inc. -> The OpenVPN Project) R3 tapnordvpn; C:\windows\System32\DRIVERS\tapnordvpn.sys [35592 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project) R3 usb3Hub; C:\windows\System32\DRIVERS\usb3Hub.sys [212056 2015-01-14] (Intel(R) Wireless Display -> Windows (R) Win 7 DDK provider) S3 vpnva; C:\windows\System32\DRIVERS\vpnva64-6.sys [52592 2016-02-29] (Cisco Systems, Inc. -> Cisco Systems, Inc.) S3 wfpcapture; C:\windows\System32\Drivers\wfpcapture.sys [64728 2016-10-21] (Microsoft Corporation -> Microsoft Corporation) S3 xb1usb; C:\windows\System32\DRIVERS\xb1usb.sys [42760 2016-02-21] (Windows Central Build Account - X -> Microsoft Corporation) S3 mfeaack01; \Device\mfeaack01.sys [X] U4 npcap_wifi; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-01-20 14:58 - 2021-01-20 14:59 - 000047946 _____ C:\Users\Owen_Laptop\Downloads\FRST.txt 2021-01-20 14:58 - 2021-01-20 14:59 - 000000000 ____D C:\FRST 2021-01-20 14:57 - 2021-01-20 14:58 - 002295808 _____ (Farbar) C:\Users\Owen_Laptop\Downloads\FRST64.exe 2021-01-20 14:35 - 2021-01-20 14:35 - 000000000 ____D C:\Users\Owen_Laptop\AppData\LocalLow\IGDump 2021-01-20 11:54 - 2021-01-20 11:54 - 000000575 _____ C:\Users\Owen_Laptop\Desktop\medosinger.zip 2021-01-20 11:52 - 2021-01-20 11:52 - 000000665 _____ C:\Users\Owen_Laptop\Desktop\medosinger.txt 2021-01-20 11:09 - 2021-01-20 11:09 - 000003648 _____ C:\windows\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 2021-01-20 11:09 - 2021-01-20 11:09 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free 2021-01-20 11:07 - 2021-01-20 11:20 - 000000000 ____D C:\Program Files\Bitdefender Agent 2021-01-20 11:07 - 2021-01-20 11:07 - 000116132 _____ C:\ProgramData\agent.1611158834.bdinstall.v2.bin 2021-01-20 11:07 - 2021-01-20 11:07 - 000000000 ____D C:\ProgramData\Bitdefender Agent 2021-01-20 11:05 - 2021-01-20 11:06 - 013543384 _____ C:\Users\Owen_Laptop\Downloads\bitdefender_online.exe 2021-01-20 10:23 - 2021-01-20 10:23 - 000077496 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys 2021-01-20 10:22 - 2021-01-20 10:22 - 000197792 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys 2021-01-20 10:22 - 2021-01-20 10:22 - 000129648 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys 2021-01-20 10:04 - 2021-01-20 10:22 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2021-01-20 10:04 - 2021-01-20 10:19 - 000000000 ____D C:\Users\Owen_Laptop\Desktop\mbar 2021-01-20 10:04 - 2021-01-20 10:04 - 000255928 _____ (Malwarebytes) C:\windows\system32\Drivers\65C75250.sys 2021-01-20 10:03 - 2021-01-20 10:03 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Owen_Laptop\Downloads\mbar-1.10.3.1001.exe 2021-01-20 09:48 - 2021-01-20 09:48 - 000036525 _____ C:\Users\Owen_Laptop\Documents\*****.txt 2021-01-20 09:35 - 2021-01-20 09:36 - 061483296 _____ (Wireshark development team) C:\Users\Owen_Laptop\Downloads\Wireshark-win64-3.4.2.exe 2021-01-20 09:26 - 2021-01-20 11:14 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\CrashDumps 2021-01-19 16:37 - 2021-01-19 16:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2021-01-19 14:10 - 2021-01-19 14:10 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC 2021-01-19 14:10 - 2021-01-19 14:10 - 000000000 ___HD C:\ProgramData\Documents\AdobeGC 2021-01-19 13:44 - 2021-01-19 13:44 - 000248992 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys 2021-01-19 13:44 - 2021-01-19 13:44 - 000220160 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys 2021-01-19 13:44 - 2021-01-19 13:44 - 000001971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-01-19 13:44 - 2021-01-19 13:44 - 000001959 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-01-19 13:44 - 2021-01-19 13:44 - 000001959 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2021-01-19 13:44 - 2021-01-19 13:44 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\mbam 2021-01-19 13:43 - 2021-01-20 10:04 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-01-19 13:43 - 2021-01-19 13:43 - 002086424 _____ (Malwarebytes) C:\Users\Owen_Laptop\Downloads\MBSetup.exe 2021-01-19 13:43 - 2021-01-19 13:43 - 000153312 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys 2021-01-19 13:43 - 2021-01-19 13:43 - 000000000 ____D C:\Program Files\Malwarebytes 2021-01-19 13:39 - 2021-01-19 13:39 - 000000000 _____ C:\PECED.tmp 2021-01-19 12:57 - 2021-01-20 09:43 - 000000000 ____D C:\Program Files (x86)\fHUWuxXUrIE 2021-01-19 12:57 - 2021-01-19 12:57 - 000003202 _____ C:\windows\system32\Tasks\RGxYjFwHxEIKfk 2021-01-19 12:57 - 2021-01-19 12:57 - 000002872 _____ C:\windows\system32\Tasks\jKWAiJPrCvRiPvBmI2 2021-01-19 12:57 - 2021-01-19 12:57 - 000002860 _____ C:\windows\system32\Tasks\JcGMxmGFDydOUFycSnE2 2021-01-19 12:57 - 2021-01-19 12:57 - 000002850 _____ C:\windows\system32\Tasks\UzmKUqQhrGyANHq2 2021-01-19 12:56 - 2021-01-19 12:56 - 001564823 _____ C:\ProgramData\6071 2021-01-19 12:56 - 2021-01-19 12:56 - 001564823 _____ C:\ProgramData\5360 2021-01-19 12:56 - 2021-01-19 12:56 - 000253960 _____ (Cisco Webex LLC) C:\Users\Owen_Laptop\Downloads\webex.exe 2021-01-19 12:56 - 2021-01-19 12:56 - 000000000 ____D C:\ProgramData\60 2021-01-19 12:56 - 2021-01-19 12:56 - 000000000 ____D C:\ProgramData\53 2021-01-19 12:15 - 2021-01-19 12:33 - 000000000 ____D C:\Users\Owen_Laptop\Downloads\Autodesk Revit 2019 Patched Multilanguage 2021-01-19 12:13 - 2021-01-19 14:14 - 000000000 ____D C:\Users\Owen_Laptop\Documents\update_z 2021-01-19 12:07 - 2021-01-19 12:07 - 001564823 _____ C:\ProgramData\6273 2021-01-19 12:07 - 2021-01-19 12:07 - 001564823 _____ C:\ProgramData\5765 2021-01-19 12:07 - 2021-01-19 12:07 - 000000000 ____D C:\ProgramData\7GVM7R9GJGA542MVRG1DEUYXA 2021-01-19 12:07 - 2021-01-19 12:07 - 000000000 ____D C:\ProgramData\62 2021-01-19 12:07 - 2021-01-19 12:07 - 000000000 ____D C:\ProgramData\57 2021-01-19 11:59 - 2021-01-19 11:59 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\Xxu 2021-01-19 11:58 - 2021-01-20 09:44 - 000000000 ____D C:\Program Files (x86)\wdOFiWGfYwbQC 2021-01-19 11:58 - 2021-01-20 09:44 - 000000000 ____D C:\Program Files (x86)\JZkvhlsaTPvVqBWGjRR 2021-01-19 11:58 - 2021-01-20 09:43 - 000000000 ____D C:\Program Files (x86)\QugXxQbwU 2021-01-19 11:58 - 2021-01-20 09:43 - 000000000 ____D C:\Program Files (x86)\DRNUeEkNNVUn 2021-01-19 11:58 - 2021-01-19 14:15 - 000000000 ____D C:\Program Files (x86)\iZzTXVUzpkLU2 2021-01-19 11:58 - 2021-01-19 11:58 - 000040960 _____ (Microsoft Corporation) C:\windows\system32\rfxvmt.dll 2021-01-19 11:57 - 2021-01-19 12:59 - 000000000 ____D C:\Users\Owen_Laptop\AppData\LocalLow\pF2qC1gG7yH8hI1o 2021-01-19 11:57 - 2021-01-19 12:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MarginTrade 2021-01-19 11:57 - 2021-01-19 12:55 - 000000258 __RSH C:\Users\Owen_Laptop\ntuser.pol 2021-01-19 11:57 - 2021-01-19 11:57 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Roaming\FDAMEtjSLj 2021-01-19 11:56 - 2021-01-19 14:15 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Roaming\AdvancedTimer 2021-01-19 11:56 - 2021-01-19 12:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alex 2021-01-19 11:56 - 2021-01-19 12:57 - 000000000 ____D C:\Program Files (x86)\Alex 2021-01-19 11:56 - 2021-01-19 11:56 - 000000000 ____D C:\Program Files (x86)\CryptoSignalPro_3 2021-01-19 11:55 - 2021-01-19 12:56 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll 2021-01-19 11:55 - 2021-01-19 11:56 - 000000000 ____D C:\Program Files (x86)\MaskVPN 2021-01-19 11:55 - 2021-01-19 11:55 - 000003562 _____ C:\windows\system32\Tasks\WinZip Update Notifier 2 2021-01-19 11:55 - 2021-01-19 11:55 - 000003560 _____ C:\windows\system32\Tasks\WinZip Update Notifier 3 2021-01-19 11:55 - 2021-01-19 11:55 - 000003560 _____ C:\windows\system32\Tasks\WinZip Update Notifier 1 2021-01-19 11:55 - 2018-08-29 15:48 - 000027136 _____ (The OpenVPN Project) C:\windows\system32\Drivers\tap0901.sys 2021-01-19 11:54 - 2021-01-20 11:54 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\WinZip 2021-01-19 11:54 - 2021-01-20 11:54 - 000000000 ____D C:\ProgramData\WinZip 2021-01-19 11:54 - 2021-01-19 12:56 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll 2021-01-19 11:54 - 2021-01-19 12:56 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll 2021-01-19 11:54 - 2021-01-19 12:56 - 000000000 ____D C:\ProgramData\CP8Z9ZN3KMVU03RJRFJ2Y5TWZ 2021-01-19 11:54 - 2021-01-19 12:56 - 000000000 ____D C:\Program Files (x86)\Versium Research 2021-01-19 11:54 - 2021-01-19 12:55 - 000000000 ____D C:\Program Files (x86)\Vict1 2021-01-19 11:54 - 2021-01-19 12:06 - 000000000 ____D C:\Users\Owen_Laptop\AppData\LocalLow\eE8sF0yG2eQ6fT7 2021-01-19 11:54 - 2021-01-19 11:54 - 001564823 _____ C:\ProgramData\6578 2021-01-19 11:54 - 2021-01-19 11:54 - 001564823 _____ C:\ProgramData\4751 2021-01-19 11:54 - 2021-01-19 11:54 - 000002029 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip.lnk 2021-01-19 11:54 - 2021-01-19 11:54 - 000001929 _____ C:\Users\Public\Desktop\WinZip.lnk 2021-01-19 11:54 - 2021-01-19 11:54 - 000001929 _____ C:\ProgramData\Desktop\WinZip.lnk 2021-01-19 11:54 - 2021-01-19 11:54 - 000000000 ____D C:\ProgramData\UniqueId 2021-01-19 11:54 - 2021-01-19 11:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 2021-01-19 11:54 - 2021-01-19 11:54 - 000000000 ____D C:\ProgramData\65 2021-01-19 11:54 - 2021-01-19 11:54 - 000000000 ____D C:\ProgramData\47 2021-01-19 11:54 - 2021-01-19 11:54 - 000000000 ____D C:\Program Files\WinZip 2021-01-19 11:53 - 2021-01-19 12:55 - 000000000 ____D C:\Program Files (x86)\TakeMyFile 2021-01-19 11:53 - 2021-01-19 11:53 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\AdvinstAnalytics 2021-01-19 11:53 - 2019-05-22 19:10 - 000967720 _____ (NVIDIA Corporation) C:\windows\NvPluginAbHubClient32.dll 2021-01-19 11:52 - 2021-01-19 12:56 - 000000000 ____D C:\Program Files (x86)\1I_6BR0W53I3 2021-01-19 10:45 - 2021-01-19 11:12 - 000000000 ____D C:\Users\Owen_Laptop\Downloads\Autodesk Revit 2019 19.0.2 v5864 + Patch + Multi 2021-01-19 10:44 - 2021-01-19 10:44 - 000000000 ____D C:\ProgramData\Lavasoft 2021-01-19 08:14 - 2021-01-19 08:14 - 015664226 _____ C:\Users\Owen_Laptop\Downloads\TD CAD Files.zip 2021-01-18 15:02 - 2021-01-18 15:02 - 000004485 _____ C:\Users\Owen_Laptop\Downloads\invite (1).ics 2021-01-18 14:57 - 2021-01-18 14:57 - 000004464 _____ C:\Users\Owen_Laptop\Downloads\invite.ics 2021-01-18 10:51 - 2021-01-18 10:51 - 000336843 _____ C:\Users\Owen_Laptop\Downloads\Byrne Specification Sheet for Product BE02520-2-2-Z-Z353-U1-72.pdf 2021-01-15 18:59 - 2021-01-15 18:59 - 000000000 ____D C:\Users\Owen_Laptop\Downloads\221997215849-architecture_wood_fine-wood_dark-wood_burl-walnut-dark-wood-texture-seamless-04265 2021-01-15 18:58 - 2021-01-15 18:59 - 000000000 ____D C:\Users\Owen_Laptop\Downloads\221997215917-architecture_wood_fine-wood_medium-wood_walnut-wood-fine-medium-color-texture-seamless-04495 2021-01-15 18:58 - 2021-01-15 18:58 - 001187549 _____ C:\Users\Owen_Laptop\Downloads\221997215917-architecture_wood_fine-wood_medium-wood_walnut-wood-fine-medium-color-texture-seamless-04495.zip 2021-01-15 18:57 - 2021-01-15 18:57 - 000905046 _____ C:\Users\Owen_Laptop\Downloads\221997215849-architecture_wood_fine-wood_dark-wood_burl-walnut-dark-wood-texture-seamless-04265.zip 2021-01-15 08:57 - 2021-01-20 10:23 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\BitTorrentHelper 2021-01-15 08:39 - 2021-01-20 10:25 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Roaming\uTorrent Web 2021-01-15 08:39 - 2021-01-19 12:03 - 000001879 _____ C:\Users\Owen_Laptop\Desktop\uTorrent Web.lnk 2021-01-15 08:39 - 2021-01-19 12:03 - 000001865 _____ C:\Users\Owen_Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk 2021-01-15 08:37 - 2021-01-15 08:40 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\NordVPN 2021-01-15 08:37 - 2021-01-15 08:37 - 000001770 _____ C:\Users\Owen_Laptop\Desktop\NordVPN.lnk 2021-01-15 08:37 - 2021-01-15 08:37 - 000000000 ____D C:\ProgramData\NordVPN 2021-01-15 08:37 - 2021-01-15 08:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec 2021-01-15 08:37 - 2021-01-15 08:37 - 000000000 ____D C:\Program Files\NordVPN network TUN 2021-01-15 08:37 - 2021-01-15 08:37 - 000000000 ____D C:\Program Files\NordVPN 2021-01-15 08:37 - 2021-01-15 08:37 - 000000000 ____D C:\Program Files (x86)\NordVPN network TAP 2021-01-15 08:37 - 2020-12-29 17:02 - 000092360 _____ C:\windows\system32\Drivers\NDivert.sys 2021-01-15 08:37 - 2020-12-14 10:21 - 000029384 _____ (TEFINCOM S.A.) C:\windows\system32\Drivers\nordlwf.sys 2021-01-15 08:35 - 2021-01-15 08:36 - 020707128 _____ (TEFINCOM S.A. ) C:\Users\Owen_Laptop\Downloads\NordVPNSetup.exe 2021-01-14 09:18 - 2021-01-14 09:29 - 000212288 _____ C:\Users\Owen_Laptop\Desktop\MFA_filebar_updated1-14.pdf 2021-01-13 21:43 - 2021-01-13 21:43 - 000047600 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-stable.sys 2021-01-13 21:43 - 2021-01-13 21:43 - 000047600 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-dev.sys 2021-01-13 21:43 - 2021-01-13 21:43 - 000047600 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-canary.sys 2021-01-13 21:43 - 2021-01-13 21:43 - 000047600 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx.sys 2021-01-13 21:43 - 2021-01-13 21:43 - 000044064 _____ (Dropbox, Inc.) C:\windows\system32\DbxSvc.exe 2021-01-13 14:56 - 2021-01-13 14:56 - 000023684 _____ C:\Users\Owen_Laptop\Desktop\MFA_console_1inch_sheet1.nc 2021-01-13 14:54 - 2021-01-13 14:54 - 000023681 _____ C:\Users\Owen_Laptop\Desktop\MFA_console_3-4_sheet3.nc 2021-01-13 14:34 - 2021-01-13 14:36 - 000113963 _____ C:\Users\Owen_Laptop\Desktop\MFA_console_3-4_sheet2.nc 2021-01-13 14:33 - 2021-01-13 14:33 - 000114384 _____ C:\Users\Owen_Laptop\Desktop\MFA_console_3-4_sheet1.nc 2021-01-13 10:32 - 2021-01-13 10:32 - 000001314 _____ C:\Users\Owen_Laptop\Desktop\ADI_BRT_panels_sheet4.nc 2021-01-13 10:28 - 2021-01-13 10:28 - 000001211 _____ C:\Users\Owen_Laptop\Desktop\ADI_BRT_panels_sheet3.nc 2021-01-13 10:27 - 2021-01-13 10:27 - 000002787 _____ C:\Users\Owen_Laptop\Desktop\ADI_BRT_panels_sheet2.nc 2021-01-13 10:22 - 2021-01-13 10:22 - 000004124 _____ C:\Users\Owen_Laptop\Desktop\ADI_BRT_panels_sheet1.nc 2021-01-13 10:04 - 2021-01-13 10:04 - 000070658 _____ C:\Users\Owen_Laptop\Desktop\ADI_BRT_panels.dxf 2021-01-13 09:12 - 2021-01-13 09:12 - 020096430 _____ C:\Users\Owen_Laptop\Downloads\19 12 23_ANALOG DEVICES_BLDG 7- 3RD FLOOR_OVERALL (1).dwg 2021-01-12 14:37 - 2021-01-15 18:58 - 000000000 ____D C:\Users\Owen_Laptop\Downloads\218272923732-architecture_wood_fine-wood_light-wood_ash-fine-wood-texture-seamless-16836 2021-01-12 14:36 - 2021-01-12 14:37 - 001022468 _____ C:\Users\Owen_Laptop\Downloads\218272923732-architecture_wood_fine-wood_light-wood_ash-fine-wood-texture-seamless-16836.zip 2021-01-12 13:56 - 2021-01-12 13:56 - 038751697 _____ C:\Users\Owen_Laptop\Desktop\ERDL Skketchup Template.skp 2021-01-12 10:56 - 2021-01-12 10:56 - 000013695 _____ C:\Users\Owen_Laptop\Desktop\ADI_BRT_Berm_lattice-extras2.nc 2021-01-12 10:03 - 2021-01-12 10:03 - 000186043 _____ C:\Users\Owen_Laptop\Desktop\MFA_Console_parts.dwg.dxf 2021-01-12 10:01 - 2021-01-12 10:01 - 000062160 _____ C:\Users\Owen_Laptop\Desktop\MFA_Console_parts.dwg 2021-01-12 08:42 - 2021-01-12 08:42 - 000003204 _____ C:\Users\Owen_Laptop\Desktop\ADI_BRT_Berm_lattice-extras.nc 2021-01-11 17:00 - 2021-01-11 17:00 - 000016141 _____ C:\Users\Owen_Laptop\Desktop\ADI_Berm_nosing_FINAL CUT.nc 2021-01-11 16:20 - 2021-01-11 16:20 - 000061428 _____ C:\Users\Owen_Laptop\Desktop\ADI_BRT_Berm_lattice.nc 2021-01-11 15:55 - 2021-01-11 15:55 - 000147557 _____ C:\Users\Owen_Laptop\Desktop\ADI_BRT_Berm_lattice.dxf 2021-01-11 15:24 - 2021-01-11 15:24 - 000005408 _____ C:\Users\Owen_Laptop\Downloads\ADI_aluminum_recuts.dxf 2021-01-11 14:30 - 2021-01-11 14:30 - 000000791 _____ C:\Users\Owen_Laptop\Desktop\frequency_banquette_template-2.nc 2021-01-11 14:28 - 2021-01-11 14:28 - 000018265 _____ C:\Users\Owen_Laptop\Desktop\frequency_banquette_template-1.nc 2021-01-11 14:23 - 2021-01-11 14:23 - 000082420 _____ C:\Users\Owen_Laptop\Desktop\Frequency_banquette_template.dxf 2021-01-11 13:23 - 2021-01-11 13:23 - 000479125 _____ C:\Users\Owen_Laptop\Desktop\ADI_Berm_nosing_2.nc 2021-01-11 10:53 - 2021-01-11 10:53 - 000011040 _____ C:\Users\Owen_Laptop\Downloads\ADI_alum_profile_Curves.dxf 2021-01-11 08:36 - 2021-01-11 08:36 - 001153979 _____ C:\Users\Owen_Laptop\Desktop\ADI_Berm_nosing.nc 2021-01-08 16:22 - 2021-01-08 16:22 - 000058460 _____ C:\Users\Owen_Laptop\Desktop\adi_berm_nosing_outline.dwg.dxf 2021-01-08 16:22 - 2021-01-08 16:22 - 000025117 _____ C:\Users\Owen_Laptop\Desktop\adi_berm_nosing_outline.dwg 2021-01-08 15:55 - 2021-01-08 16:06 - 000060514 _____ C:\Users\Owen_Laptop\Desktop\ADI_Berm_Nosing2.obj 2021-01-08 15:55 - 2021-01-08 16:06 - 000000334 _____ C:\Users\Owen_Laptop\Desktop\ADI_Berm_Nosing2.mtl 2021-01-08 15:01 - 2021-01-08 15:01 - 000057995 _____ C:\Users\Owen_Laptop\Desktop\ADI_Berm_Nosing.obj 2021-01-08 15:01 - 2021-01-08 15:01 - 000000334 _____ C:\Users\Owen_Laptop\Desktop\ADI_Berm_Nosing.mtl 2021-01-08 12:44 - 2021-01-08 12:44 - 020096430 _____ C:\Users\Owen_Laptop\Downloads\19 12 23_ANALOG DEVICES_BLDG 7- 3RD FLOOR_OVERALL.dwg 2021-01-08 10:03 - 2021-01-08 10:03 - 000005536 _____ C:\Users\Owen_Laptop\Downloads\MFA_console_steel_top.dxf 2021-01-08 08:37 - 2021-01-08 08:52 - 000005536 _____ C:\Users\Owen_Laptop\Desktop\MFA_console_steel_top.dxf 2021-01-07 15:02 - 2021-01-07 15:02 - 000001374 _____ C:\Users\Owen_Laptop\Desktop\Vitrine_doorblocks_lastpass_recut.nc 2021-01-07 14:27 - 2021-01-07 14:28 - 108802048 _____ C:\Users\Owen_Laptop\Downloads\17004_AddisonSt_Struct_v2018_NEW0319.rvt 2021-01-07 10:24 - 2021-01-07 10:25 - 000052479 _____ C:\Users\Owen_Laptop\Desktop\adi_angledsurround_kick_assembly.pdf 2021-01-07 10:07 - 2021-01-07 14:27 - 051079294 _____ C:\Users\Owen_Laptop\Desktop\ADI_angledsurround_kick.layout 2021-01-07 10:07 - 2021-01-07 10:07 - 051014920 _____ C:\Users\Owen_Laptop\Desktop\Backup of ADI_angledsurround_kick.layout 2021-01-07 10:04 - 2021-01-07 10:04 - 000006459 _____ C:\Users\Owen_Laptop\Desktop\ADI_angledsurround_kick.nc 2021-01-07 09:43 - 2021-01-07 09:43 - 000056168 _____ C:\Users\Owen_Laptop\Desktop\ADI_angled_kick_interior.dxf 2021-01-06 16:06 - 2021-01-06 16:06 - 000124916 _____ C:\Users\Owen_Laptop\Desktop\Vitrine_doorblocks.nc 2021-01-06 12:59 - 2020-12-26 11:11 - 000932329 _____ C:\Users\Owen_Laptop\Documents\144Addison.skb 2021-01-06 12:48 - 2021-01-06 12:48 - 000163233 _____ C:\Users\Owen_Laptop\Downloads\Landmark Vitrine deadbolt mockup.skp 2021-01-05 15:25 - 2021-01-05 15:25 - 000007677 _____ C:\Users\Owen_Laptop\Desktop\ADI_AdminSurround_Panel34.nc 2021-01-05 15:25 - 2021-01-05 15:25 - 000004230 _____ C:\Users\Owen_Laptop\Desktop\ADI_AdminSurround_Panel2.nc 2021-01-05 15:24 - 2021-01-05 15:24 - 000004232 _____ C:\Users\Owen_Laptop\Desktop\ADI_AdminSurround_Panel1.nc 2021-01-05 14:07 - 2021-01-05 14:07 - 000007613 _____ C:\Users\Owen_Laptop\Desktop\ADI_AngledSurround_Panel34.nc 2021-01-05 13:28 - 2021-01-05 13:28 - 000007638 _____ C:\Users\Owen_Laptop\Desktop\ADI_AngledSurrounds_Panel34.nc 2021-01-05 13:05 - 2021-01-05 14:07 - 000004240 _____ C:\Users\Owen_Laptop\Desktop\ADI_AngledSurround_Panel2.nc 2021-01-05 13:04 - 2021-01-05 14:07 - 000004201 _____ C:\Users\Owen_Laptop\Desktop\ADI_AngledSurround_Panel1.nc 2021-01-04 14:30 - 2021-01-04 14:30 - 000017861 _____ C:\Users\Owen_Laptop\Desktop\ADI_surrounds_ENDCAP-RECUT5.nc 2021-01-04 14:27 - 2021-01-04 14:39 - 000042514 _____ C:\Users\Owen_Laptop\Desktop\ADI_surrounds_ENDCAP-RECUT12.nc 2021-01-04 11:36 - 2021-01-04 11:36 - 000024997 _____ C:\Users\Owen_Laptop\Desktop\ADI_surrounds_ENDCAP-RECUT_final7.nc 2021-01-04 11:16 - 2021-01-04 11:16 - 118932633 _____ C:\Users\Owen_Laptop\Downloads\REFERENCE 144 Addison_Architecture_100 DD CD SET (1).pdf 2021-01-04 10:55 - 2021-01-04 10:55 - 000042948 _____ C:\Users\Owen_Laptop\Desktop\ADI_surrounds_ENDCAP-RECUT_FULLSHEET.nc 2021-01-04 09:40 - 2021-01-04 09:40 - 000014604 _____ C:\Users\Owen_Laptop\Desktop\ADI_surrounds_ENDCAP-RECUT.nc 2020-12-31 15:06 - 2020-12-31 15:21 - 000000000 ____D C:\Users\Owen_Laptop\Downloads\Grubstreet Pics 2020-12-31 15:05 - 2020-12-31 15:05 - 001664817 _____ C:\Users\Owen_Laptop\Downloads\IMG_0469.jpeg 2020-12-31 15:04 - 2020-12-31 15:04 - 001972874 _____ C:\Users\Owen_Laptop\Downloads\IMG_8141.jpeg 2020-12-31 15:03 - 2020-12-31 15:04 - 073800673 _____ C:\Users\Owen_Laptop\Downloads\iCloud Photos (3).zip 2020-12-29 14:58 - 2020-12-29 14:58 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\GameAnalytics 2020-12-29 11:26 - 2020-12-29 11:26 - 000005427 _____ C:\Users\Owen_Laptop\Downloads\ERDL.tools 2020-12-29 09:51 - 2020-12-29 09:51 - 000462756 _____ C:\Users\Owen_Laptop\Downloads\A-102_ LEVEL 2 PLAN Rev.0 markup (2).pdf 2020-12-29 09:23 - 2020-12-29 09:23 - 000000000 ____D C:\Users\Owen_Laptop\Downloads\engagementPics 2020-12-29 09:17 - 2020-12-29 09:19 - 156911369 _____ C:\Users\Owen_Laptop\Downloads\iCloud Photos (2).zip 2020-12-28 11:42 - 2020-12-28 11:42 - 000000223 _____ C:\Users\Owen_Laptop\Desktop\Hades.url 2020-12-28 11:09 - 2020-12-28 11:10 - 000262230 _____ C:\Users\Owen_Laptop\Desktop\MFA_EA-Pods_REVISED28DEC2020.pdf 2020-12-28 11:05 - 2020-12-28 11:16 - 007357744 _____ C:\Users\Owen_Laptop\Desktop\MFA_EA-Pods_REVISED28DEC2020.layout 2020-12-28 11:05 - 2020-12-28 11:10 - 007357744 _____ C:\Users\Owen_Laptop\Desktop\Backup of MFA_EA-Pods_REVISED28DEC2020.layout 2020-12-26 21:09 - 2020-12-26 21:09 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Roaming\paradox-launcher-v2 2020-12-26 21:03 - 2020-12-26 21:03 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Roaming\Paradox Interactive 2020-12-26 20:59 - 2020-12-26 20:59 - 000000000 ____D C:\Users\Owen_Laptop\Documents\Paradox Interactive 2020-12-26 20:59 - 2020-12-26 20:59 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\Paradox Interactive 2020-12-26 18:01 - 2020-12-26 18:01 - 000000222 _____ C:\Users\Owen_Laptop\Desktop\Stellaris.url 2020-12-26 16:24 - 2020-12-26 16:24 - 000003616 _____ C:\windows\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 2020-12-26 16:24 - 2020-12-26 16:24 - 000003370 _____ C:\windows\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon 2020-12-26 16:23 - 2020-12-26 16:23 - 004986456 _____ (Intel) C:\Users\Owen_Laptop\Downloads\Intel-Driver-and-Support-Assistant-Installer.exe 2020-12-26 16:23 - 2020-12-26 16:23 - 000001532 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk 2020-12-26 12:26 - 2020-12-26 12:26 - 000000000 ____D C:\Users\Owen_Laptop\AppData\LocalLow\IronOak Games 2020-12-26 12:20 - 2020-12-26 12:20 - 000000222 _____ C:\Users\Owen_Laptop\Desktop\For The King.url 2020-12-26 11:11 - 2021-01-06 12:59 - 000975979 _____ C:\Users\Owen_Laptop\Documents\144Addison.skp 2020-12-23 09:11 - 2020-12-23 09:11 - 000001194 _____ C:\Users\Owen_Laptop\Desktop\MFA_filebar_stonetop.nc 2020-12-22 16:17 - 2020-12-22 16:18 - 092154565 _____ C:\Users\Owen_Laptop\Downloads\Addendum 2 _ 144 Addison_Architecture_100 DD.pdf 2020-12-22 15:32 - 2020-12-22 15:32 - 000613240 _____ C:\Users\Owen_Laptop\Downloads\Erik Rueda - 144 Addison Final Scope 7OCT20.pdf 2020-12-22 11:21 - 2020-12-22 11:22 - 118932633 _____ C:\Users\Owen_Laptop\Downloads\REFERENCE 144 Addison_Architecture_100 DD CD SET.pdf 2020-12-21 13:06 - 2020-12-21 13:06 - 000036869 _____ C:\Users\Owen_Laptop\Downloads\59df2d96-d618-4f4b-bb6c-d513efb30911 (1).pdf 2020-12-21 13:03 - 2020-12-21 13:03 - 000036869 _____ C:\Users\Owen_Laptop\Downloads\59df2d96-d618-4f4b-bb6c-d513efb30911.pdf 2020-12-21 13:02 - 2020-12-21 13:02 - 000098761 _____ C:\Users\Owen_Laptop\Downloads\6e1c8650-4827-44d6-9e58-6702de99130c.pdf 2020-12-21 13:02 - 2020-12-21 13:02 - 000061607 _____ C:\Users\Owen_Laptop\Downloads\8912c6fe-4910-476e-9083-1d3d2d36ca8f.pdf 2020-12-21 12:16 - 2020-12-21 12:16 - 005832855 _____ (UserBenchmark.com) C:\Users\Owen_Laptop\Downloads\UserBenchMark.exe 2020-12-21 10:54 - 2020-12-21 10:54 - 012486266 _____ C:\Users\Owen_Laptop\Downloads\Flass_dental.pdf 2020-12-21 10:54 - 2020-12-21 10:54 - 000000000 ____D C:\Users\Owen_Laptop\Downloads\iCloud Photos 2020-12-21 10:52 - 2020-12-21 10:52 - 012480999 _____ C:\Users\Owen_Laptop\Downloads\IMG_0339-converted.pdf 2020-12-21 10:43 - 2020-12-21 10:43 - 000000000 ____D C:\Users\Owen_Laptop\Downloads\iCloud Photos (1) 2020-12-21 10:37 - 2020-12-21 10:38 - 012545968 _____ C:\Users\Owen_Laptop\Downloads\iCloud Photos (1).zip 2020-12-21 10:35 - 2020-12-21 10:35 - 003225540 _____ C:\Users\Owen_Laptop\Downloads\iCloud Photos.zip ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-01-20 14:56 - 2020-11-04 11:29 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Roaming\Slack 2021-01-20 14:52 - 2020-10-26 12:40 - 000000918 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job 2021-01-20 14:42 - 2020-03-28 13:27 - 000000574 _____ C:\windows\Tasks\G2MUpdateTask-S-1-5-21-1237113960-3301161054-180056513-1000.job 2021-01-20 14:38 - 2016-03-11 17:29 - 000000952 _____ C:\windows\Tasks\Nok Nok LabsMFACUpdaterTaskMachineUA.job 2021-01-20 14:34 - 2016-03-11 17:29 - 000000948 _____ C:\windows\Tasks\Nok Nok LabsMFACUpdaterTaskMachineCore.job 2021-01-20 14:06 - 2020-03-28 13:27 - 000000670 _____ C:\windows\Tasks\G2MUploadTask-S-1-5-21-1237113960-3301161054-180056513-1000.job 2021-01-20 10:30 - 2009-07-14 00:13 - 001251482 _____ C:\windows\system32\PerfStringBackup.INI 2021-01-20 10:30 - 2009-07-13 23:45 - 000035744 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2021-01-20 10:30 - 2009-07-13 23:45 - 000035744 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2021-01-20 10:25 - 2017-07-04 10:18 - 000000000 ____D C:\Program Files (x86)\Steam 2021-01-20 10:24 - 2016-09-30 14:45 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\Spotify 2021-01-20 10:22 - 2020-10-26 12:40 - 000000914 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job 2021-01-20 10:22 - 2018-02-15 16:50 - 000000000 ____D C:\ProgramData\Synaptics 2021-01-20 10:22 - 2017-04-17 10:16 - 000000222 _____ C:\windows\Tasks\Lenovo Active Protection System.job 2021-01-20 10:22 - 2016-10-01 03:21 - 000000180 _____ C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2021-01-20 10:22 - 2016-10-01 03:21 - 000000000 __SHD C:\Users\Owen_Laptop\IntelGraphicsProfiles 2021-01-20 10:22 - 2016-09-30 14:45 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Roaming\Spotify 2021-01-20 10:22 - 2009-07-14 00:08 - 000000006 ____H C:\windows\Tasks\SA.DAT 2021-01-20 10:21 - 2019-07-19 12:45 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\WebEx 2021-01-20 09:44 - 2019-05-18 09:57 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Roaming\Wireshark 2021-01-20 09:44 - 2009-07-13 22:20 - 000000000 ____D C:\windows\Branding 2021-01-20 09:22 - 2017-01-17 16:50 - 000004968 __RSH C:\ProgramData\ntuser.pol 2021-01-20 08:16 - 2020-05-18 12:21 - 000003380 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-01-20 08:16 - 2020-05-18 12:21 - 000003252 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-01-19 16:37 - 2020-10-26 12:40 - 000000000 ____D C:\Program Files (x86)\Dropbox 2021-01-19 13:01 - 2019-07-19 12:45 - 000000000 ____D C:\Users\Owen_Laptop\AppData\LocalLow\WebEx 2021-01-19 12:58 - 2016-12-20 18:38 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Roaming\uTorrent 2021-01-19 12:55 - 2016-10-01 03:21 - 000000000 ____D C:\Users\Owen_Laptop 2021-01-19 12:05 - 2016-10-01 03:22 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\Deployment 2021-01-19 12:04 - 2020-10-20 10:28 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Roaming\Code 2021-01-19 12:01 - 2009-07-13 23:45 - 000436632 _____ C:\windows\system32\FNTCACHE.DAT 2021-01-19 11:58 - 2009-07-13 22:20 - 000000000 ___HD C:\windows\system32\GroupPolicy 2021-01-19 11:55 - 2009-07-13 22:20 - 000000000 ____D C:\windows\inf 2021-01-19 10:43 - 2016-12-20 18:42 - 000000872 _____ C:\Users\Owen_Laptop\Desktop\µTorrent.lnk 2021-01-19 10:43 - 2016-12-20 18:42 - 000000852 _____ C:\Users\Owen_Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2021-01-18 14:58 - 2020-01-30 15:24 - 000002332 _____ C:\Users\Owen_Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk 2021-01-18 14:58 - 2019-08-16 11:10 - 000002324 _____ C:\Users\Owen_Laptop\Desktop\Microsoft Teams.lnk 2021-01-18 14:58 - 2019-08-16 11:10 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\SquirrelTemp 2021-01-15 18:55 - 2020-07-19 12:42 - 000000000 __RHD C:\Users\Owen_Laptop\Creative Cloud Files 2021-01-15 13:56 - 2016-03-11 17:31 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-01-15 13:55 - 2016-03-11 17:31 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2021-01-15 08:05 - 2020-07-19 12:36 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData 2021-01-15 08:05 - 2020-07-19 12:36 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData 2021-01-13 10:04 - 2020-12-01 11:36 - 000000000 _____ C:\Users\Owen_Laptop\Desktop\Audit report.txt 2021-01-12 14:18 - 2020-11-30 10:38 - 000000000 ___HD C:\adobeTemp 2021-01-12 09:08 - 2020-11-04 11:29 - 000002171 _____ C:\Users\Owen_Laptop\Desktop\Slack.lnk 2021-01-12 09:08 - 2020-11-04 11:29 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc 2021-01-12 09:08 - 2020-11-04 11:29 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\slack 2021-01-11 14:51 - 2016-10-01 03:23 - 000002235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-01-11 14:51 - 2016-10-01 03:23 - 000002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2021-01-11 14:51 - 2016-10-01 03:23 - 000002194 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2021-01-10 12:54 - 2020-05-18 12:22 - 000002234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-01-10 12:54 - 2020-05-18 12:22 - 000002193 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2021-01-10 12:54 - 2020-05-18 12:22 - 000002193 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk 2021-01-06 08:44 - 2016-09-30 14:54 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Roaming\Autodesk 2020-12-28 11:42 - 2020-02-10 20:56 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2020-12-26 16:24 - 2016-03-11 17:17 - 000000000 ____D C:\ProgramData\Package Cache 2020-12-26 16:23 - 2016-03-11 17:16 - 000000000 ____D C:\ProgramData\Intel 2020-12-26 16:23 - 2016-03-11 17:16 - 000000000 ____D C:\Program Files\Intel 2020-12-26 16:23 - 2016-03-11 17:16 - 000000000 ____D C:\Program Files (x86)\Intel 2020-12-23 10:53 - 2020-03-28 13:27 - 000003714 _____ C:\windows\system32\Tasks\G2MUploadTask-S-1-5-21-1237113960-3301161054-180056513-1000 2020-12-23 10:53 - 2020-03-28 13:27 - 000003618 _____ C:\windows\system32\Tasks\G2MUpdateTask-S-1-5-21-1237113960-3301161054-180056513-1000 2020-12-23 10:53 - 2020-03-28 13:27 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\GoToMeeting ==================== Files in the root of some directories ======== 2021-01-19 11:54 - 2021-01-19 12:56 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll 2021-01-19 11:54 - 2021-01-19 12:56 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll 2021-01-19 11:55 - 2021-01-19 12:56 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll 2021-01-19 11:55 - 2021-01-19 12:56 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll 2021-01-19 11:55 - 2021-01-19 12:56 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll 2020-07-19 17:42 - 2020-07-19 17:42 - 000000000 _____ () C:\Users\Owen_Laptop\AppData\Local\oobelibMkey.log 2017-01-08 15:33 - 2017-01-08 15:33 - 000007609 _____ () C:\Users\Owen_Laptop\AppData\Local\Resmon.ResmonCfg 2016-12-31 01:46 - 2016-12-31 01:46 - 000000000 _____ () C:\Users\Owen_Laptop\AppData\Local\{868F2A3A-3028-4B71-A7F2-58BE3407864A} 2017-01-07 18:58 - 2017-01-07 18:58 - 000000000 _____ () C:\Users\Owen_Laptop\AppData\Local\{8BAF8997-9911-4EDC-9507-FC83D8469D35} 2019-12-06 08:48 - 2019-12-06 08:48 - 000000000 _____ () C:\Users\Owen_Laptop\AppData\Local\{A6E1AC67-6BCA-4923-93D6-D7CA0B061713} 2017-01-13 12:23 - 2017-01-13 12:23 - 000000000 _____ () C:\Users\Owen_Laptop\AppData\Local\{F2ABD796-9629-42CF-9DA9-32EADF1FA43B} ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) LastRegBack: 2021-01-12 16:59 ==================== End of FRST.txt ======================== And attached is the addition.txt. Addition.txt
  2. Attached is a typical log from one of these attempts. medosinger.zip
  3. Hi, MWB keeps blocking, as the title suggests, an outbound connection with IP address 8.208.22.227 / domain medosinger.top, going after C:\Windows\SysWOW64\ftp.exe. I can't seem to find any other reference to this online... Ran the root toolkit and it found/removed something else seemingly unrelated; ran MWB scan several times to no avail. What is this?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.