Jump to content

Potential Malware Found - PUM.OPTIONAL.DISABLECHROMEUPDATES

Thomas87

By Thomas87
in Resolved Malware Removal Logs

 Share
Go to solution Solved by kevinf80,

Recommended Posts

kevinf80

kevinf80

Posted
Posted
Hello Thomas87 and welcome to Malwarebytes,

Continue with the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites
Thomas87

Thomas87

Posted
  • Author
Posted

Hi Kevin, thanks for reopening this topic. Below are the necessary logs. 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/30/20
Scan Time: 10:36 PM
Log File: 80a69f08-335c-11eb-baca-3464a92674fb.json

-Software Information-
Version: 4.2.3.96
Components Version: 1.0.1122
Update Package Version: 1.0.33666
License: Expired

-System Information-
OS: Windows 10 (Build 18362.1198)
CPU: x64
File System: NTFS
User: DESKTOP-L8K10EF\Oliver

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 273188
Threats Detected: 4
Threats Quarantined: 4
Time Elapsed: 1 min, 33 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 2
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarantined, 6933, 252393, 1.0.33666, , ame, , , 
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Quarantined, 6933, 252393, 1.0.33666, , ame, , , 

Registry Value: 2
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DISABLEAUTOUPDATECHECKSCHECKBOXVALUE, Quarantined, 6933, 252393, 1.0.33666, , ame, , , 
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DISABLEAUTOUPDATECHECKSCHECKBOXVALUE, Quarantined, 6933, 252393, 1.0.33666, , ame, , , 

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

(AdwCleaner didn't request a restart, by the way - maybe because it didn't find anything malicious?)

 

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build:    10-08-2020
# Database: 2020-11-23.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    12-02-2020
# Duration: 00:00:17
# OS:       Windows 10 Pro
# Scanned:  31920
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

Faber Recovery Tool: 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-12-2020
Ran by Oliver (administrator) on DESKTOP-L8K10EF (HP HP ProDesk 400 G2.5 SFF) (02-12-2020 12:17:37)
Running from C:\Users\Oliver\Downloads
Loaded Profiles: Oliver
Platform: Windows 10 Pro Version 1909 18363.1198 (X64) Language: English (United States)
Default browser: "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --single-argument %1
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunesHelper.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <33>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler64.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(ninjaRMM LLC -> NinjaRMM, LLC) C:\Program Files (x86)\gocentricwfhremoteworkers-4.6.6495\NinjaRMMAgent.exe
(ninjaRMM LLC -> NinjaRMM, LLC) C:\Program Files (x86)\gocentricwfhremoteworkers-4.6.6495\NinjaRMMAgentPatcher.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Spotify AB -> Spotify Ltd) C:\Users\Oliver\AppData\Roaming\Spotify\Spotify.exe <6>
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9243072 2017-12-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [117344 2020-11-24] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\Oliver\AppData\Local\Microsoft\Teams\Update.exe [2452664 2020-11-10] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default
HKU\S-1-5-21-707411476-796677478-2133424202-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Oliver\AppData\Local\Microsoft\Teams\Update.exe [2452664 2020-11-10] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.66\Installer\chrmstp.exe [2020-11-29] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\86.1.6938.199\Installer\chrmstp.exe [2020-11-23] (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05C92007-760D-4BC0-B358-3BDA1BA2D670} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-15] (Google LLC -> Google LLC)
Task: {538EAB7F-50F0-454F-ACAD-7A8D1E15B53E} - System32\Tasks\ProtonVPN Update => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-04-17] (ProtonVPN AG -> )
Task: {6701C216-D808-455B-8CE3-59260CD2FE67} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4617832 2020-11-24] (Avast Software s.r.o. -> AVAST Software)
Task: {683D7547-FC00-4F6E-AB1B-870329A01B80} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2118392 2020-11-12] (Avast Software s.r.o. -> AVAST Software)
Task: {94F0D18B-2646-4E91-A3FD-03B33EB527D2} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2118392 2020-11-12] (Avast Software s.r.o. -> AVAST Software)
Task: {C19E12BC-589B-40B0-AAF6-103CEAED9C94} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1741416 2020-09-17] (Avast Software s.r.o. -> Avast Software)
Task: {E2C55E3A-B0A1-49A6-8AFF-9CC73C882563} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-15] (Google LLC -> Google LLC)
Task: {E2D99348-9E36-4A42-992E-9331723196BA} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
Task: {F3460587-9B56-44AA-8C76-175262FFA1CD} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{d9febfe4-872d-4a8d-827c-9914204ffc14}: [DhcpNameServer] 192.168.1.254

Edge: 
======
Edge Profile: C:\Users\Oliver\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-01]

FireFox:
========
FF DefaultProfile: lh42h0v4.default
FF ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\lh42h0v4.default [2020-05-15]
FF ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\f36quz2g.default-release [2020-12-01]
FF Extension: (Firefox Multi-Account Containers) - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\f36quz2g.default-release\Extensions\@testpilot-containers.xpi [2020-09-29]
FF Extension: (uBlock Origin) - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\f36quz2g.default-release\Extensions\uBlock0@raymondhill.net.xpi [2020-11-20]
FF Extension: (Temporary Containers) - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\f36quz2g.default-release\Extensions\{c607c8df-14a7-4f28-894f-29e8722976af}.xpi [2020-08-11]
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-10-26] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-10-26] (Avast Software s.r.o. -> AVAST Software)
FF Plugin HKU\S-1-5-21-707411476-796677478-2133424202-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Oliver\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-15] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default [2020-12-02]
CHR Notifications: Default -> hxxps://teams.microsoft.com
CHR Extension: (Slides) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-05-15]
CHR Extension: (Docs) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-05-15]
CHR Extension: (Google Drive) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-05-15]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-11-17]
CHR Extension: (Sheets) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-05-15]
CHR Extension: (Google Docs Offline) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-05-15]
CHR Extension: (My1Login SSO Connector) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmjlkfpmjldpacpocblimkniapnigff [2020-11-28] [UpdateUrl:hxxps://download.my1login.com/deployment/My1LoginSSOConnector/Firefox/firefox_updates.json] <==== ATTENTION
CHR Extension: (Prolific Assistant) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocfncbnofopjedoepmekajbgdenadepp [2020-07-31]
CHR Extension: (Gmail) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-30]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8454552 2020-11-24] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [365648 2020-11-24] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [3096160 2020-11-24] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\86.1.6938.199\elevation_service.exe [1348304 2020-11-12] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [58048 2020-11-24] (Avast Software s.r.o. -> AVAST Software)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7269976 2020-11-20] (Malwarebytes Inc -> Malwarebytes)
R2 NinjaRMMAgent; C:\Program Files (x86)\gocentricwfhremoteworkers-4.6.6495\NinjaRMMAgentPatcher.exe [18919304 2020-11-20] (ninjaRMM LLC -> NinjaRMM, LLC)
S3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [100672 2020-04-17] (ProtonVPN AG -> )
S3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-04-17] (ProtonVPN AG -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6153048 2020-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13082128 2020-07-20] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37152 2020-11-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [206408 2020-11-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [332368 2020-11-24] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [247888 2020-11-24] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [97352 2020-11-24] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [16816 2020-11-24] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42784 2020-11-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [176744 2020-11-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [521752 2020-11-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [109280 2020-11-24] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84856 2020-11-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851608 2020-11-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [469832 2020-11-24] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [217336 2020-11-24] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [326416 2020-11-24] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [231936 2019-10-07] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-11-20] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [217600 2020-11-20] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2020-11-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197792 2020-12-01] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2020-12-01] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-11-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [138904 2020-12-01] (Malwarebytes Inc -> Malwarebytes)
S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win10\ProtonVPN.SplitTunnelDriver.sys [31584 2020-01-15] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
R3 tapprotonvpn; C:\Windows\System32\drivers\tapprotonvpn.sys [49008 2020-04-06] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2018-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46472 2019-03-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [333784 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [62432 2019-03-19] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-02 12:17 - 2020-12-02 12:18 - 000018715 _____ C:\Users\Oliver\Downloads\FRST.txt
2020-12-02 12:16 - 2020-12-02 12:17 - 000000000 ____D C:\FRST
2020-12-02 12:10 - 2020-12-02 12:11 - 002288640 _____ (Farbar) C:\Users\Oliver\Downloads\FRST64.exe
2020-12-02 12:03 - 2020-12-02 12:05 - 000000000 ____D C:\AdwCleaner
2020-12-02 12:03 - 2020-12-02 12:03 - 008447152 _____ (Malwarebytes) C:\Users\Oliver\Downloads\adwcleaner_8.0.8.exe
2020-12-01 23:03 - 2020-12-01 23:03 - 000197792 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2020-12-01 23:03 - 2020-12-01 23:03 - 000138904 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2020-12-01 23:03 - 2020-12-01 23:03 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-12-01 16:35 - 2020-12-01 16:35 - 000361222 _____ C:\Users\Oliver\Downloads\Outbreak Taskforce List 27.11.pdf
2020-12-01 16:30 - 2020-12-01 16:30 - 000850491 _____ C:\Users\Oliver\Downloads\20200922 - app slide pack (1).pdf
2020-12-01 14:44 - 2020-12-01 14:44 - 000334370 _____ C:\Users\Oliver\Downloads\20201123 - SOP - External Messaging.pdf
2020-12-01 10:48 - 2020-12-01 10:48 - 000501162 _____ C:\Users\Oliver\Downloads\1. Start of shift checklist (Tier 3) (1).pdf
2020-12-01 10:48 - 2020-12-01 10:48 - 000064850 _____ C:\Users\Oliver\Downloads\2. Top FAQs Tier 2 _ 3_ (1).pdf
2020-12-01 10:35 - 2020-12-01 10:35 - 000234269 _____ C:\Users\Oliver\Downloads\difficult situations v01 (1).pptx
2020-12-01 09:48 - 2020-12-01 09:48 - 000194509 _____ C:\Users\Oliver\Downloads\Segmentation phase 2 comms - DOB no longer mandated.pdf
2020-11-30 19:58 - 2020-11-30 19:58 - 001177887 _____ C:\Users\Oliver\Downloads\segmentation phase 2.pdf
2020-11-30 19:58 - 2020-11-30 19:58 - 000381943 _____ C:\Users\Oliver\Downloads\Segmentation update - additional guidance 28Nov.pdf
2020-11-30 19:57 - 2020-11-30 19:57 - 003342494 _____ C:\Users\Oliver\Downloads\20201123- UPDATED SLIDES-Level 2 and 3 script update November.pdf
2020-11-30 19:51 - 2020-11-30 19:51 - 001811016 _____ C:\Users\Oliver\Downloads\202001120 - SLIDES - Level 3 script update training (1).pdf
2020-11-30 19:47 - 2020-11-30 19:47 - 000215025 _____ C:\Users\Oliver\Downloads\20201023 CONFOLLOW UP scripts v1.0 (1).pdf
2020-11-30 19:44 - 2020-11-30 19:44 - 000161261 _____ C:\Users\Oliver\Downloads\20201023 FOLLOW UP scripts v1.0 (1).pdf
2020-11-30 19:43 - 2020-11-30 19:43 - 000617304 _____ C:\Users\Oliver\Downloads\Syn script (1).pptx
2020-11-30 19:43 - 2020-11-30 19:43 - 000459800 _____ C:\Users\Oliver\Downloads\20201123 -SCRIPT - Contact v15.1.pdf
2020-11-30 19:06 - 2020-11-30 19:06 - 000679537 _____ C:\Users\Oliver\Downloads\Accessing FAQs in Syn.pdf
2020-11-30 18:55 - 2020-11-30 18:55 - 000130025 _____ C:\Users\Oliver\Downloads\20200731_SOPManagingQueriesLevel3 (1).pdf
2020-11-30 18:54 - 2020-11-30 18:54 - 000161707 _____ C:\Users\Oliver\Downloads\20201022 - SOP - v1.3 (1).pdf
2020-11-30 17:49 - 2020-11-30 17:49 - 000217305 _____ C:\Users\Oliver\Downloads\Non-Response V02.03 (1).pdf
2020-11-30 17:34 - 2020-11-30 17:34 - 001005502 _____ C:\Users\Oliver\Downloads\20201105-SOP-v01.11 (1).pdf
2020-11-30 17:34 - 2020-11-30 17:34 - 000969852 _____ C:\Users\Oliver\Downloads\Ring Central v8 - 10.09.2020 (1).pdf
2020-11-30 17:34 - 2020-11-30 17:34 - 000433234 _____ C:\Users\Oliver\Downloads\20201119-Update v0.04.pdf
2020-11-30 17:33 - 2020-11-30 17:33 - 002438103 _____ C:\Users\Oliver\Downloads\Webinar - updated (1).pptx
2020-11-30 17:32 - 2020-11-30 17:32 - 001153765 _____ C:\Users\Oliver\Downloads\Webinar -  (1).pdf
2020-11-30 14:39 - 2020-11-30 14:39 - 000048375 _____ C:\Users\Oliver\Downloads\Payslip - 30-11-2020.pdf
2020-11-30 10:46 - 2020-11-30 10:46 - 000811087 _____ C:\Users\Oliver\Downloads\20201105_Introduction (1).pdf
2020-11-30 09:46 - 2020-11-30 09:46 - 000376184 _____ C:\Users\Oliver\Downloads\20200731 New Starter Training Manualv01.07 (2).pdf
2020-11-30 09:26 - 2020-11-30 09:26 - 000597096 _____ C:\Users\Oliver\Downloads\20.11.28-TrainingUpdates.pdf
2020-11-29 11:06 - 2020-11-29 11:06 - 001116987 _____ C:\Users\Oliver\Downloads\20201120-FAQsAddition.txtV15.01FINAL (2).pdf
2020-11-28 11:35 - 2020-11-28 11:35 - 001116987 _____ C:\Users\Oliver\Downloads\20201120-FAQsV15.01FINAL (1).pdf
2020-11-25 19:09 - 2020-11-25 19:09 - 000083197 _____ C:\Users\Oliver\Downloads\Maxcontact - Team Codes (Per Day & Per Month).pdf
2020-11-25 16:47 - 2020-11-25 16:47 - 000179841 _____ C:\Users\Oliver\Downloads\MaxContact - Agent Code Definitions & Usage.pdf
2020-11-24 23:04 - 2020-11-24 23:04 - 000010702 _____ C:\Users\Oliver\Documents\Startup Files.odt
2020-11-24 22:06 - 2020-11-24 22:06 - 000339552 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2020-11-24 22:06 - 2020-11-24 22:06 - 000217336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2020-11-24 11:31 - 2020-11-24 11:31 - 000000000 ____D C:\Users\Oliver\AppData\Local\Teradici
2020-11-24 11:28 - 2020-11-24 11:28 - 000000000 ____D C:\Users\Oliver\AppData\Local\Amazon Web Services
2020-11-24 10:40 - 2020-11-24 10:40 - 001116987 _____ C:\Users\Oliver\Downloads\20201120-FAQsCallhandlerV15.01FINAL.pdf
2020-11-23 11:41 - 2020-11-23 11:41 - 001811016 _____ C:\Users\Oliver\Downloads\202001120 - SLIDES - update training.pdf
2020-11-23 11:39 - 2020-11-23 11:39 - 000376184 _____ C:\Users\Oliver\Downloads\20200731 Programme New Starter Training Manualv01.07 (1).pdf
2020-11-21 21:17 - 2020-11-21 21:17 - 000006807 _____ C:\Users\Oliver\Downloads\Malwarebyte scan log.txt
2020-11-20 19:51 - 2020-11-25 16:23 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-11-20 19:51 - 2020-11-20 19:51 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2020-11-20 10:09 - 2020-11-20 10:09 - 001975368 _____ C:\Users\Oliver\Downloads\20201118-SLIDES-Level 2 and 3 script update November (1).pdf
2020-11-20 09:55 - 2020-11-20 09:55 - 001758125 _____ C:\Users\Oliver\Downloads\202001015 - SLIDES - Level 3 script update training (1).pdf
2020-11-20 09:41 - 2020-11-20 09:41 - 000388056 _____ C:\Users\Oliver\Downloads\20201111 -SCRIPT - Contact v15.0 (1).pdf
2020-11-19 18:50 - 2020-11-19 18:50 - 000304536 _____ C:\Users\Oliver\Downloads\47772_Certificate_19Nov2020185005.pdf
2020-11-19 18:49 - 2020-11-19 18:49 - 001975368 _____ C:\Users\Oliver\Downloads\20201118-SLIDES-Level 2 and 3 script update November.pdf
2020-11-19 18:49 - 2020-11-19 18:49 - 001758125 _____ C:\Users\Oliver\Downloads\202001015 - SLIDES - Level 3 script update training .pdf
2020-11-19 18:49 - 2020-11-19 18:49 - 000850491 _____ C:\Users\Oliver\Downloads\20200922 -  app slide pack.pdf
2020-11-19 18:49 - 2020-11-19 18:49 - 000388056 _____ C:\Users\Oliver\Downloads\20201111 -SCRIPT - Contact v15.0.pdf
2020-11-19 18:49 - 2020-11-19 18:49 - 000215025 _____ C:\Users\Oliver\Downloads\20201023 CON FOLLOW UP scripts v1.0.pdf
2020-11-19 18:49 - 2020-11-19 18:49 - 000161261 _____ C:\Users\Oliver\Downloads\20201023 C FOLLOW UP scripts v1.0.pdf
2020-11-19 18:48 - 2020-11-19 18:49 - 000617304 _____ C:\Users\Oliver\Downloads\ Synergy script.pptx
2020-11-19 13:28 - 2020-11-19 13:28 - 000679537 _____ C:\Users\Oliver\Downloads\Accessing FAQs in Synergy_v1.0.pdf
2020-11-19 13:28 - 2020-11-19 13:28 - 000217305 _____ C:\Users\Oliver\Downloads\Non-Response V02.03.pdf
2020-11-19 13:27 - 2020-11-19 13:27 - 001153765 _____ C:\Users\Oliver\Downloads\Webinar - updated.pdf
2020-11-19 13:27 - 2020-11-19 13:27 - 000969852 _____ C:\Users\Oliver\Downloads\Ring Central v8 - 10.09.2020.pdf
2020-11-19 13:27 - 2020-11-19 13:27 - 000376462 _____ C:\Users\Oliver\Downloads\20201105-End Date Update-v0.03.pdf
2020-11-19 12:15 - 2020-11-19 12:15 - 000811087 _____ C:\Users\Oliver\Downloads\20201105_Introduction to principles of tracing_v3.0.pdf
2020-11-19 11:20 - 2020-11-19 11:21 - 000454622 _____ C:\Users\Oliver\Downloads\20200616 - SLIDES - Clinical  Information Governance  - v02.02.pdf
2020-11-18 19:05 - 2020-11-18 19:05 - 000012395 _____ C:\Users\Oliver\Documents\Training Resources.odt
2020-11-18 16:32 - 2020-11-18 16:32 - 000064850 _____ C:\Users\Oliver\Downloads\2. Top FAQs Tier 2 _ 3_.pdf
2020-11-18 16:31 - 2020-11-18 16:31 - 000501162 _____ C:\Users\Oliver\Downloads\1. Start of shift checklist (Tier 3).pdf
2020-11-18 16:30 - 2020-11-18 16:30 - 000234269 _____ C:\Users\Oliver\Downloads\difficult situations v01.pptx
2020-11-18 16:00 - 2020-11-18 16:00 - 001108279 _____ C:\Users\Oliver\Downloads\20201106- GUIDANCE - FAQs - v14.18 (1).pdf
2020-11-18 15:55 - 2020-11-18 15:55 - 000130025 _____ C:\Users\Oliver\Downloads\20200731_SOPManagingQueriesLevel3.pdf
2020-11-18 15:52 - 2020-11-18 15:52 - 000161707 _____ C:\Users\Oliver\Downloads\20201022 - SOP -  - v1.3.pdf
2020-11-18 15:41 - 2020-11-18 15:41 - 001005502 _____ C:\Users\Oliver\Downloads\20201105-SOP--v01.11.pdf
2020-11-18 15:32 - 2020-11-18 15:32 - 002438103 _____ C:\Users\Oliver\Downloads\ Webinar -  updated.pptx
2020-11-18 15:24 - 2020-11-18 15:24 - 000376184 _____ C:\Users\Oliver\Downloads\20200731 v01.07.pdf
2020-11-18 15:24 - 2020-11-18 15:24 - 000133059 _____ C:\Users\Oliver\Downloads\17.11.20-TrainingUpdates.pdf
2020-11-18 11:24 - 2020-11-18 11:24 - 001108279 _____ C:\Users\Oliver\Downloads\20201106- GUIDANCE -  FAQs - v14.18.pdf
2020-11-17 11:02 - 2020-11-29 23:26 - 000023869 _____ C:\Users\Oliver\Documents\bookmarks.odt
2020-11-17 08:54 - 2020-11-20 13:45 - 000000000 ____D C:\Users\Oliver\Documents\Zoom
2020-11-17 08:46 - 2020-11-17 08:46 - 000001934 _____ C:\Users\Oliver\Desktop\Zoom.lnk
2020-11-17 08:37 - 2020-11-17 08:37 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\Oliver\Downloads\Zoom_cm_ds_mxsPn2Cbkxmd1YZ8laf9Kr18b-uP5QnImjdl1@nNXmE94BGFjvJniO_k6e0ac7debb87b0e7_.exe
2020-11-15 19:20 - 2020-11-15 19:20 - 000000000 ____D C:\Users\Public\Documents\sun
2020-11-15 19:20 - 2020-11-15 19:20 - 000000000 ____D C:\ProgramData\Documents\sun
2020-11-15 18:20 - 2020-11-15 18:20 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\Oliver\Downloads\Zoom_cm_ds_mcnhxT-B4cKln-RTz9tSR2nvNMFr+OjvrRN+E@hgpnxpKjFXC1azO5_k53563ff9aeccfae4_.exe
2020-11-15 18:14 - 2020-11-15 18:14 - 000001181 _____ C:\Users\Public\Desktop\LibreOffice 7.0.lnk
2020-11-15 18:14 - 2020-11-15 18:14 - 000001181 _____ C:\ProgramData\Desktop\LibreOffice 7.0.lnk
2020-11-15 18:14 - 2020-11-15 18:14 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.0
2020-11-15 18:13 - 2020-11-15 18:14 - 000000000 ____D C:\Program Files\LibreOffice
2020-11-15 00:13 - 2020-11-15 00:13 - 000000000 ____D C:\Users\Oliver\AppData\Local\SoulseekQt
2020-11-14 23:21 - 2020-11-14 23:21 - 000000000 ____D C:\Users\Oliver\Documents\Soulseek Downloads
2020-11-14 23:12 - 2020-11-14 23:12 - 017677170 _____ (Soulseek LLC ) C:\Users\Oliver\Downloads\SoulseekQt-2019-7-22-64bit.exe
2020-11-14 23:12 - 2020-11-14 23:12 - 000001100 _____ C:\Users\Public\Desktop\SoulseekQt.lnk
2020-11-14 23:12 - 2020-11-14 23:12 - 000001100 _____ C:\ProgramData\Desktop\SoulseekQt.lnk
2020-11-14 23:12 - 2020-11-14 23:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoulseekQt
2020-11-14 23:12 - 2020-11-14 23:12 - 000000000 ____D C:\Program Files (x86)\SoulseekQt
2020-11-14 10:18 - 2020-11-21 11:16 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-11-13 13:03 - 2020-11-13 13:03 - 000094501 _____ C:\Users\Oliver\Downloads\OliverContract (edit).pdf
2020-11-13 12:55 - 2020-11-13 12:55 - 000095008 _____ C:\Users\Oliver\Downloads\Offer_Letter (edit).pdf
2020-11-12 17:10 - 2020-11-12 17:10 - 000163563 _____ C:\Users\Oliver\Downloads\Oliver Contract.pdf
2020-11-12 17:09 - 2020-11-12 17:09 - 000061140 _____ C:\Users\Oliver\Downloads\Example_Rota.pdf
2020-11-12 17:04 - 2020-11-12 17:04 - 000540149 _____ C:\Users\Oliver\Downloads\Employee_Handbook.pdf
2020-11-12 17:03 - 2020-11-12 17:03 - 000179193 _____ C:\Users\Oliver\Downloads\Offer_Letter.pdf
2020-11-11 18:38 - 2020-11-11 18:38 - 001841152 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2020-11-11 18:38 - 2020-11-11 18:38 - 001101312 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2020-11-11 18:38 - 2020-11-11 18:38 - 000000315 _____ C:\Windows\system32\DrtmAuth9.bin
2020-11-11 18:38 - 2020-11-11 18:38 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2020-11-11 18:38 - 2020-11-11 18:38 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2020-11-11 18:38 - 2020-11-11 18:38 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2020-11-11 18:38 - 2020-11-11 18:38 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2020-11-11 18:38 - 2020-11-11 18:38 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2020-11-11 18:38 - 2020-11-11 18:38 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2020-11-11 18:38 - 2020-11-11 18:38 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2020-11-11 18:38 - 2020-11-11 18:38 - 000000315 _____ C:\Windows\system32\DrtmAuth12.bin
2020-11-11 18:38 - 2020-11-11 18:38 - 000000315 _____ C:\Windows\system32\DrtmAuth11.bin
2020-11-11 18:38 - 2020-11-11 18:38 - 000000315 _____ C:\Windows\system32\DrtmAuth10.bin
2020-11-11 18:38 - 2020-11-11 18:38 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2020-11-11 18:37 - 2020-11-11 18:37 - 000200704 _____ C:\Windows\system32\IHDS.dll
2020-11-11 18:37 - 2020-11-11 18:37 - 000164864 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2020-11-10 15:19 - 2020-11-10 15:19 - 000001637 _____ C:\Users\Oliver\Desktop\Amazon WorkSpaces.lnk
2020-11-10 15:19 - 2020-11-10 15:19 - 000000000 ____D C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon WorkSpaces
2020-11-10 15:17 - 2020-11-10 15:18 - 162611712 _____ C:\Users\Oliver\Downloads\Amazon+WorkSpaces.msi
2020-11-10 15:13 - 2020-11-17 13:35 - 000000000 ____D C:\Users\Oliver\AppData\Local\3CX VoIP Phone
2020-11-10 15:13 - 2020-11-10 15:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3CX Phone
2020-11-10 15:13 - 2020-11-10 15:13 - 000000000 ____D C:\Program Files (x86)\3CXPhone
2020-11-10 15:12 - 2020-11-10 15:12 - 013994496 _____ C:\Users\Oliver\Downloads\3CXPhone6.msi
2020-11-10 15:07 - 2020-11-10 15:07 - 000002369 _____ C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2020-11-10 15:07 - 2020-11-10 15:07 - 000002361 _____ C:\Users\Oliver\Desktop\Microsoft Teams.lnk
2020-11-10 15:07 - 2020-11-10 15:07 - 000000000 ____D C:\Users\Oliver\AppData\Roaming\Teams
2020-11-10 15:07 - 2020-11-10 15:07 - 000000000 ____D C:\Users\Oliver\AppData\Local\SquirrelTemp
2020-11-10 14:25 - 2020-11-10 14:25 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\Oliver\Downloads\Zoom_cm_fo42mnktZ9vvrZo4_mJ8+Exau0ILZmOAPpEciTZ9aZY8wwneBaWgj7@Gio5f0nBkKyTKlPi_k57372a09beb11e52_.exe
2020-11-10 11:57 - 2020-11-10 11:57 - 000000000 ___HD C:\$AV_ASW
2020-11-10 11:56 - 2020-11-10 11:56 - 000001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer Host.lnk
2020-11-10 11:56 - 2020-11-10 11:56 - 000001028 _____ C:\Users\Public\Desktop\TeamViewer Host.lnk
2020-11-10 11:56 - 2020-11-10 11:56 - 000001028 _____ C:\ProgramData\Desktop\TeamViewer Host.lnk
2020-11-10 11:56 - 2020-11-10 11:56 - 000000000 ____D C:\Users\Oliver\AppData\Local\TeamViewer
2020-11-10 11:55 - 2020-12-02 10:01 - 000000000 ____D C:\ProgramData\NinjaRMMAgent
2020-11-10 11:55 - 2020-12-01 23:48 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-11-10 11:55 - 2020-12-01 08:43 - 000002785 _____ C:\Windows\SysWOW64\smbios.bin
2020-11-10 11:55 - 2020-11-21 15:15 - 000000000 ____D C:\Program Files (x86)\wfhremoteworkers-4.6.6495
2020-11-10 11:54 - 2020-11-10 11:54 - 029880320 _____ C:\Users\Oliver\Downloads\wfhremoteworkers-4.6.6495-windows-installer.msi
2020-11-09 18:38 - 2020-11-09 18:38 - 000263168 _____ (Go-Centric Ltd) C:\Users\Oliver\Downloads\SystemScan.exe
2020-11-06 22:31 - 2020-11-06 22:31 - 001153438 _____ C:\Users\Oliver\Downloads\Kohman 1939 oxalic acid_01.pdf
2020-11-06 21:57 - 2020-11-06 21:57 - 000132237 _____ C:\Users\Oliver\Downloads\Reduction of oxalate by week.xlsx
2020-11-06 20:10 - 2020-11-06 20:10 - 000486634 _____ C:\Users\Oliver\Downloads\Oxalate consumption by probiotic (1).pdf
2020-11-06 20:10 - 2020-11-06 20:10 - 000339064 _____ C:\Users\Oliver\Downloads\Susan post on pyridoxine supplementation.pdf
2020-11-06 20:00 - 2020-11-06 20:00 - 000075979 _____ C:\Users\Oliver\Downloads\supplements and nutrition - mito cocktail (1).pdf
2020-11-06 19:51 - 2020-11-06 19:51 - 000039503 _____ C:\Users\Oliver\Downloads\Conditions associated to oxalate.V4.pdf
2020-11-06 19:41 - 2020-11-06 19:41 - 000627364 _____ C:\Users\Oliver\Downloads\Amino Acids (1).pdf
2020-11-06 19:38 - 2020-11-06 19:38 - 000354522 _____ C:\Users\Oliver\Downloads\Vitamin Information (2).pdf
2020-11-06 19:00 - 2020-11-06 19:00 - 000415214 _____ C:\Users\Oliver\Downloads\Mineral Information (2).pdf
2020-11-06 18:59 - 2020-11-06 18:59 - 000136280 _____ C:\Users\Oliver\Downloads\Helpful Supplements while using LOD (3).pdf
2020-11-06 18:53 - 2020-11-06 18:53 - 000244170 _____ C:\Users\Oliver\Downloads\Oxalate Consuming Activities of Probiotics Page 1.pdf
2020-11-06 18:52 - 2020-11-06 18:52 - 000232878 _____ C:\Users\Oliver\Downloads\Thiamine and Magnesium deficiencies, keys to disease.pdf
2020-11-06 18:42 - 2020-11-06 18:42 - 000334773 _____ C:\Users\Oliver\Downloads\B1 and B6 Deficiency Dumps.pdf
2020-11-06 18:41 - 2020-11-06 18:41 - 000334773 _____ C:\Users\Oliver\Downloads\B1 and B6 supplement-induced Dumps.pdf
2020-11-06 18:41 - 2020-11-06 18:41 - 000009424 _____ C:\Users\Oliver\Downloads\Vitamin_C_foods (1).pdf
2020-11-06 18:35 - 2020-11-06 18:35 - 001018321 _____ C:\Users\Oliver\Downloads\Ox,GFCF,SAL, Histamine List.pdf
2020-11-06 16:59 - 2020-11-06 16:59 - 000048710 _____ C:\Users\Oliver\Downloads\Common %22dumping%22 symptoms.pdf
2020-11-06 16:57 - 2020-11-06 16:57 - 000112973 _____ C:\Users\Oliver\Downloads\Oxalate issues_Calcium as an exitotoxin.pdf
2020-11-06 15:24 - 2020-11-06 15:24 - 000068186 _____ C:\Users\Oliver\Downloads\thiamine.htm
2020-11-06 15:18 - 2020-11-06 15:18 - 000174918 _____ C:\Users\Oliver\Downloads\Where oxalate gets stored.pdf
2020-11-06 15:01 - 2020-11-06 15:01 - 000575217 _____ C:\Users\Oliver\Downloads\oxalatevestibulitis-1 (1).pdf
2020-11-06 14:57 - 2020-11-06 14:57 - 000131968 _____ C:\Users\Oliver\Downloads\Susans comments on getting rid of oxalate (1).pdf
2020-11-06 14:53 - 2020-11-06 14:53 - 000354522 _____ C:\Users\Oliver\Downloads\Vitamin Information (1).pdf
2020-11-06 14:53 - 2020-11-06 14:53 - 000115900 _____ C:\Users\Oliver\Downloads\Specific Issues with the Vit K Protocol.pdf
2020-11-06 14:45 - 2020-11-06 14:45 - 000190927 _____ C:\Users\Oliver\Downloads\Helpful Supplements while using LOD.pdf
2020-11-06 14:45 - 2020-11-06 14:45 - 000136280 _____ C:\Users\Oliver\Downloads\Helpful Supplements while using LOD (2).pdf
2020-11-06 14:45 - 2020-11-06 14:45 - 000094593 _____ C:\Users\Oliver\Downloads\Helpful Supplements while using LOD (1).pdf
2020-11-06 14:30 - 2020-11-06 14:30 - 000491304 _____ C:\Users\Oliver\Downloads\Choosing-the-Right-Probiotic-for-Specific-Therapeutic-Applications (1).pdf
2020-11-06 14:29 - 2020-11-06 14:29 - 000486634 _____ C:\Users\Oliver\Downloads\Oxalate consumption by probiotic.pdf
2020-11-06 14:22 - 2020-11-06 14:22 - 000415214 _____ C:\Users\Oliver\Downloads\Mineral Information (1).pdf
2020-11-06 14:22 - 2020-11-06 14:22 - 000075979 _____ C:\Users\Oliver\Downloads\supplements and nutrition - mito cocktail.pdf
2020-11-06 14:20 - 2020-11-06 14:20 - 000627364 _____ C:\Users\Oliver\Downloads\Amino Acids.pdf
2020-11-06 14:00 - 2020-11-06 14:00 - 000108251 _____ C:\Users\Oliver\Downloads\MASTER FILE - Trying Low Oxalates Group (1).pdf
2020-11-05 22:24 - 2020-11-05 22:24 - 000108251 _____ C:\Users\Oliver\Downloads\MASTER FILE - Trying Low Oxalates Group.pdf
2020-11-05 22:24 - 2020-11-05 22:24 - 000017584 _____ C:\Users\Oliver\Downloads\Purine - Uric Acid - Oxalate Chart Sorted.xlsx
2020-11-05 22:23 - 2020-11-05 22:23 - 000356746 _____ C:\Users\Oliver\Downloads\IC-post-to-LOD-group-28726915.pdf
2020-11-05 22:23 - 2020-11-05 22:23 - 000114896 _____ C:\Users\Oliver\Downloads\Purine - Uric Acid - Oxalate Chart Sorted.pdf
2020-11-05 22:03 - 2020-11-05 22:03 - 000266093 _____ C:\Users\Oliver\Downloads\Endogenous Oxalate Glycine Serine Vitamin B6.pdf
2020-11-05 22:01 - 2020-11-05 22:01 - 001305134 _____ C:\Users\Oliver\Downloads\Metabolism of Taurine in man.pdf
2020-11-05 22:00 - 2020-11-05 22:00 - 000266957 _____ C:\Users\Oliver\Downloads\Detocpathwaysxenobioticsdrugsnutrients.pdf
2020-11-05 22:00 - 2020-11-05 22:00 - 000131968 _____ C:\Users\Oliver\Downloads\Susans comments on getting rid of oxalate.pdf
2020-11-05 21:59 - 2020-11-05 21:59 - 000415214 _____ C:\Users\Oliver\Downloads\Mineral Information.pdf
2020-11-05 21:38 - 2020-11-05 21:38 - 000459441 _____ C:\Users\Oliver\Downloads\Alternative Medicine Review Volume 13, Number 4 2008 Riboflavin.pdf
2020-11-05 19:30 - 2020-11-05 19:30 - 000354522 _____ C:\Users\Oliver\Downloads\Vitamin Information.pdf
2020-11-05 18:46 - 2020-11-05 18:46 - 000221026 _____ C:\Users\Oliver\Downloads\Consolidated Posts on Glutamine.pdf
2020-11-05 18:41 - 2020-11-05 18:41 - 000482517 _____ C:\Users\Oliver\Downloads\Oxalate Consuming Activities of Probiotics Page 5.pdf
2020-11-05 18:23 - 2020-11-05 18:23 - 000166294 _____ C:\Users\Oliver\Downloads\Drug_Glucuronidation_in_Clinical.8.pdf
2020-11-05 18:21 - 2020-11-05 18:21 - 000763809 _____ C:\Users\Oliver\Downloads\LOD newsletter Feb 2014.pdf
2020-11-05 16:52 - 2020-11-05 16:52 - 000318041 _____ C:\Users\Oliver\Downloads\Donna_Gates.pdf
2020-11-05 16:49 - 2020-11-05 16:49 - 000491304 _____ C:\Users\Oliver\Downloads\Choosing-the-Right-Probiotic-for-Specific-Therapeutic-Applications.pdf
2020-11-05 16:33 - 2020-11-05 16:33 - 000912199 _____ C:\Users\Oliver\Downloads\Oxalate Consumption by Probiotic Microorganisms.pdf
2020-11-05 16:33 - 2020-11-05 16:33 - 000052890 _____ C:\Users\Oliver\Downloads\Oxalate connection to Salicylates, Phenols, Food Chemical Intolerances.pdf
2020-11-05 16:17 - 2020-11-05 16:17 - 000575217 _____ C:\Users\Oliver\Downloads\oxalatevestibulitis-1.pdf
2020-11-05 15:05 - 2020-11-05 15:05 - 000015310 _____ C:\Users\Oliver\Downloads\Frequently_used_Acronyms.pdf
2020-11-05 15:04 - 2020-11-05 15:04 - 000440932 _____ C:\Users\Oliver\Downloads\Utilization of calcium in various foods.pdf
2020-11-05 15:04 - 2020-11-05 15:04 - 000033282 _____ C:\Users\Oliver\Downloads\antibiotics that kill biotin producing flora.pdf
2020-11-05 15:03 - 2020-11-05 15:03 - 000332427 _____ C:\Users\Oliver\Downloads\Oxalate Consuming Activities of Probiotics Page 3.pdf
2020-11-05 14:58 - 2020-11-05 14:58 - 000760044 _____ C:\Users\Oliver\Downloads\LOD newsletter 1- Feb 2014 (1).pdf
2020-11-05 13:52 - 2020-11-05 13:52 - 000110844 _____ C:\Users\Oliver\Downloads\Thougts about glutamate and excitotoxicity.pdf
2020-11-05 13:50 - 2020-11-05 13:50 - 000141194 _____ C:\Users\Oliver\Downloads\Addressing Specific Issues with the Vit K paper.pdf
2020-11-05 13:49 - 2020-11-05 13:49 - 000356264 _____ C:\Users\Oliver\Downloads\Oxalate Consuming Activities of Probiotics Page 2.pdf
2020-11-05 13:43 - 2020-11-05 13:43 - 001303321 _____ C:\Users\Oliver\Downloads\Navigating the new Yahoo neo format.pdf
2020-11-05 13:43 - 2020-11-05 13:43 - 001303321 _____ C:\Users\Oliver\Downloads\Navigating the new Yahoo neo format (1).pdf
2020-11-05 13:43 - 2020-11-05 13:43 - 000013624 _____ C:\Users\Oliver\Downloads\csf plasma and urine.pdf
2020-11-05 13:28 - 2020-11-05 13:28 - 000147756 _____ C:\Users\Oliver\Downloads\Influence of Processing Techniques on the Nutrients and Antinutrients of Tigernut .pdf
2020-11-04 00:07 - 2020-11-17 23:13 - 000038428 _____ C:\Users\Oliver\Documents\Oxalate and Candida Resources.odt

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-02 12:19 - 2019-03-19 04:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-02 11:59 - 2020-05-15 20:58 - 000000000 ____D C:\Users\Oliver\AppData\Roaming\Spotify
2020-12-02 11:59 - 2020-05-15 20:58 - 000000000 ____D C:\Users\Oliver\AppData\Local\Spotify
2020-12-02 11:15 - 2020-08-30 10:54 - 000029767 _____ C:\Users\Oliver\Documents\music1.odt
2020-12-02 10:01 - 2019-03-19 04:52 - 000000000 ____D C:\Windows\AppReadiness
2020-12-02 09:57 - 2020-05-15 19:25 - 000000000 __SHD C:\Users\Oliver\IntelGraphicsProfiles
2020-12-02 09:57 - 2020-05-15 19:21 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-12-02 00:16 - 2020-07-16 08:07 - 000003408 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-12-02 00:16 - 2020-07-16 08:07 - 000003184 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-12-02 00:16 - 2020-05-17 13:02 - 000002836 _____ C:\Windows\system32\Tasks\ProtonVPN Update
2020-12-02 00:16 - 2020-05-15 19:33 - 000003346 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-02 00:16 - 2020-05-15 19:33 - 000003122 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-01 23:52 - 2019-03-19 04:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-01 23:42 - 2020-05-15 20:44 - 000000000 ____D C:\Users\Oliver\AppData\LocalLow\Mozilla
2020-12-01 23:09 - 2020-05-15 20:43 - 000000000 ____D C:\ProgramData\Mozilla
2020-12-01 22:25 - 2020-05-15 20:18 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2020-12-01 18:55 - 2020-07-16 08:08 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-01 18:55 - 2020-07-16 08:08 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-12-01 18:55 - 2020-07-16 08:08 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-12-01 18:44 - 2020-07-14 12:41 - 000000000 ____D C:\Users\Oliver\AppData\Local\CrashDumps
2020-12-01 18:44 - 2020-05-16 03:24 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-12-01 09:12 - 2020-10-26 11:38 - 000000000 ____D C:\Users\Oliver\AppData\Local\AVAST Software
2020-11-30 16:36 - 2020-05-15 20:18 - 000004264 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2020-11-29 17:04 - 2020-05-15 19:34 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-29 17:04 - 2020-05-15 19:34 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-11-29 17:04 - 2020-05-15 19:34 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-11-28 10:57 - 2020-05-15 19:23 - 000795992 _____ C:\Windows\system32\PerfStringBackup.INI
2020-11-28 10:57 - 2019-03-19 04:50 - 000000000 ____D C:\Windows\INF
2020-11-27 09:22 - 2019-03-19 04:52 - 000000000 ____D C:\Windows\system32\NDF
2020-11-27 00:27 - 2020-09-03 23:00 - 000013935 _____ C:\Users\Oliver\Documents\ml1.odt
2020-11-26 20:37 - 2020-05-16 03:24 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-11-26 20:37 - 2019-03-19 04:37 - 000524288 _____ C:\Windows\system32\config\BBI
2020-11-24 22:06 - 2020-10-24 19:30 - 000176744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2020-11-24 22:06 - 2020-05-15 20:18 - 000851608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2020-11-24 22:06 - 2020-05-15 20:18 - 000521752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2020-11-24 22:06 - 2020-05-15 20:18 - 000469832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2020-11-24 22:06 - 2020-05-15 20:18 - 000332368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2020-11-24 22:06 - 2020-05-15 20:18 - 000326416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2020-11-24 22:06 - 2020-05-15 20:18 - 000247888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2020-11-24 22:06 - 2020-05-15 20:18 - 000206408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2020-11-24 22:06 - 2020-05-15 20:18 - 000109280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2020-11-24 22:06 - 2020-05-15 20:18 - 000097352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2020-11-24 22:06 - 2020-05-15 20:18 - 000084856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2020-11-24 22:06 - 2020-05-15 20:18 - 000042784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2020-11-24 22:06 - 2020-05-15 20:18 - 000037152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2020-11-24 22:06 - 2020-05-15 20:18 - 000016816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswElam.sys
2020-11-24 22:06 - 2019-03-19 04:52 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-11-23 21:11 - 2020-09-20 09:33 - 000000000 ____D C:\Users\Oliver\Documents\Cover Letter + CVs
2020-11-23 19:43 - 2020-10-26 11:38 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2020-11-23 19:43 - 2020-10-26 11:38 - 000002463 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2020-11-23 19:43 - 2020-10-26 11:38 - 000002463 _____ C:\ProgramData\Desktop\Avast Secure Browser.lnk
2020-11-21 11:16 - 2020-05-15 20:43 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-11-21 11:15 - 2020-05-15 19:23 - 000000000 ____D C:\Users\Oliver
2020-11-21 10:44 - 2019-03-19 04:52 - 000000000 ____D C:\Windows\LiveKernelReports
2020-11-20 19:52 - 2020-05-15 20:31 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-11-20 19:52 - 2020-05-15 20:31 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-11-20 19:52 - 2020-05-15 20:31 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-11-20 19:51 - 2020-10-01 08:37 - 000217600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-11-20 19:51 - 2020-05-15 20:31 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-11-20 08:29 - 2020-10-01 22:47 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2020-11-17 08:33 - 2020-05-16 03:24 - 000615696 _____ C:\Windows\system32\FNTCACHE.DAT
2020-11-17 08:33 - 2020-05-15 20:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-11-14 23:28 - 2020-05-15 19:25 - 000000000 ____D C:\Users\Oliver\AppData\Local\Packages
2020-11-14 23:19 - 2020-05-15 19:27 - 000000000 ____D C:\Users\Oliver\AppData\Local\PlaceholderTileLogoFolder
2020-11-12 11:00 - 2020-10-01 22:47 - 000907064 _____ (Microsoft Corporation) C:\Windows\system32\sedplugins.dll
2020-11-12 10:59 - 2020-10-01 22:47 - 000436536 _____ (Microsoft Corporation) C:\Windows\system32\QualityUpdateAssistant.dll
2020-11-12 09:24 - 2020-05-15 20:17 - 000000000 ____D C:\ProgramData\Avast Software
2020-11-12 09:23 - 2020-05-15 19:25 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-11-12 09:23 - 2020-05-15 19:25 - 000000000 ___RD C:\Users\Oliver\3D Objects
2020-11-12 00:17 - 2019-03-19 06:23 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-11-12 00:17 - 2019-03-19 04:52 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2020-11-12 00:17 - 2019-03-19 04:52 - 000000000 ____D C:\Windows\TextInput
2020-11-12 00:17 - 2019-03-19 04:52 - 000000000 ____D C:\Windows\SysWOW64\setup
2020-11-12 00:17 - 2019-03-19 04:52 - 000000000 ____D C:\Windows\SystemResources
2020-11-12 00:17 - 2019-03-19 04:52 - 000000000 ____D C:\Windows\system32\setup
2020-11-12 00:17 - 2019-03-19 04:52 - 000000000 ____D C:\Windows\system32\oobe
2020-11-12 00:17 - 2019-03-19 04:52 - 000000000 ____D C:\Windows\system32\migwiz
2020-11-12 00:17 - 2019-03-19 04:52 - 000000000 ____D C:\Windows\ShellExperiences
2020-11-12 00:17 - 2019-03-19 04:52 - 000000000 ____D C:\Windows\PolicyDefinitions
2020-11-12 00:17 - 2019-03-19 04:52 - 000000000 ____D C:\Windows\bcastdvr
2020-11-11 18:43 - 2020-05-17 07:28 - 000000000 ____D C:\Windows\system32\MRT
2020-11-11 18:42 - 2020-05-17 07:28 - 133736600 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-11-11 18:42 - 2019-03-19 04:37 - 000000000 ____D C:\Windows\CbsTemp
2020-11-11 18:37 - 2020-05-15 19:18 - 002876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2020-11-05 21:17 - 2020-10-24 23:13 - 000010558 _____ C:\Users\Oliver\Documents\Osteoarthritis Resources.odt

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Thanks for your help,

Thomas87

Addition.txt

Link to post
Share on other sites
  • Solution
kevinf80

kevinf80

Posted
  • Solution
Posted

Hiya Thomas87,

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

The following directories are emptied:
 
  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin


Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

user posted image

The system will be rebooted after the fix has run.

Next,

Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Clsoe out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Let me see those logs in your reply...

Thank you,

Kevin...

fixlist.txt

Link to post
Share on other sites
Thomas87

Thomas87

Posted
  • Author
Posted

Thanks, below are the necessary logs:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/4/20
Scan Time: 11:14 PM
Log File: 78b42dce-3686-11eb-9177-3464a92674fb.json

-Software Information-
Version: 4.2.3.96
Components Version: 1.0.1122
Update Package Version: 1.0.33877
License: Premium

-System Information-
OS: Windows 10 (Build 18362.1198)
CPU: x64
File System: NTFS
User: DESKTOP-L8K10EF\Oliver

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 272695
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 2 min, 49 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Fixlog.txt

Link to post
Share on other sites
Thomas87

Thomas87

Posted
  • Author
Posted

Everything seems to be running as normal, which is a relief. 

I was hoping to get to the bottom of the "PUM.OPTIONAL.DISABLECHROMEUPDATES" detection by Malwarebytes, and to make sure there wasn't anything else harmful on my PC. 

Would you say you're satisfied on the basis of the logs? 

Thanks for your help 🙂

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hello Thomas87,

Malwarebytes detected the issue you had as a PUM - which means, Potential Unwanted Modification

In your case, it looks like Chrome Updates were disabled.

Some users do disable this event themselves via regedit, as described here: http://www.chromefans.org/chrome-tutorial/how-to-disable-google-chrome-automatic-updates.htm

This is mostly done, because newer versions of Chrome may cause problems for them. If you had done this yourself you would obviously have been aware and would need to create an exclusion in Malwarebytes settings...

Unfortunately this registry value can also be set by Malware (mostly Adware), that is to prevent updates to chrome where it may block or disable the Adware

Malwarebytes can't distinguish who changed the registry setting, hence that setting is alerted as a Potential Unwanted Modification. It is always recommend having the latest browser updates to maintain the security of your Browser...
One last scan before we can clean and remove tools etc...
 
Download "Microsoft's Safety Scanner" and save direct to the desktop

Ensure to get the correct version for your system....

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download


Right click on the Tool, select Run as Administrator the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\msert.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....
 
Thank you,
 
Kevin..

 

Link to post
Share on other sites
Thomas87

Thomas87

Posted
  • Author
Posted

Thanks Kevin, the log from the latest program can be found below: 

 


---------------------------------------------------------------------------------------

Microsoft Safety Scanner v1.0, (build 1.327.2189.0)
Started On Mon Dec 07 00:13:18 2020
->Scan ERROR: resource process://pid:104,ProcessStart:132515968696045958 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:456,ProcessStart:132515968718242798 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:600,ProcessStart:132515968764007408 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:692,ProcessStart:132515968766545745 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:772,ProcessStart:132515968767307222 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1820,ProcessStart:132515968773409262 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1960,ProcessStart:132515968773842143 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:2984,ProcessStart:132515968784782901 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:3528,ProcessStart:132515968795586015 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:5216,ProcessStart:132515968828196076 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:5628,ProcessStart:132515968833031200 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:8820,ProcessStart:132515969030005129 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1108,ProcessStart:132515970004223404 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:9624,ProcessStart:132515970010980848 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:26412,ProcessStart:132517643095243851 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:5628,ProcessStart:132515968833031200 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:2984,ProcessStart:132515968784782901 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1820,ProcessStart:132515968773409262 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1108,ProcessStart:132515970004223404 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:3528,ProcessStart:132515968795586015 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:8820,ProcessStart:132515969030005129 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:9624,ProcessStart:132515970010980848 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:5216,ProcessStart:132515968828196076 (code 0x00000005 (5))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000021 (33))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000021 (33))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000021 (33))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000021 (33))
->Scan ERROR: resource file://C:\swapfile.sys (code 0x00000021 (33))
->Scan ERROR: resource file://C:\swapfile.sys (code 0x00000021 (33))
->Scan ERROR: resource process://pid:3528,ProcessStart:132515968795586015 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:3528,ProcessStart:132515968795586015 (code 0x00000005 (5))

Quick Scan Results for 26060CE4-969F-4FF7-94DF-015958F114F6:
----------------
Threat detected: VirTool:Win32/DefenderTamperingRestore
    regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware
        SigSeq: 0x0000055555C57273

Quick Scan Removal Results
----------------
Start 'remove' for regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware
Operation succeeded !


Results Summary:
----------------
Found VirTool:Win32/DefenderTamperingRestore and Removed!
Microsoft Safety Scanner Finished On Mon Dec 07 00:17:05 2020


Return code: 6 (0x6)

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hiya Thomas87,

Thanks for that log, your system is clean so all we need to do is clean up tools etc...

Right click on FRST here: C:\Users\Oliver\Downloads\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall

That action will remove FRST and all created files and folders...

Next,

Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2

Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point

Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/

Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/

Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee

PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download

From there you should be good to go...

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept