Jump to content

Not sure if I should be worried about this?


Recommended Posts

Hello,

I hope this post is in the proper section. If not please let me know and I'll post it whenever I need to.

I noticed a bunch of random XXXXXX.log (X represents random number) files popping up in random spots around my computer. I am mainly concerned about one log file I found. I think this is suggestion that my computer is attempting to cast my screen to another device on my network, but I am not sure. Any help? 

Capture2.PNG

Capture.PNG

Link to post
Share on other sites
Hello markiejw and welcome to Malwarebytes,

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 4 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts.

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....
Link to post
Share on other sites

From Malwarebytes
==============
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/21/20
Scan Time: 6:30 PM
Log File: 43c14b7a-2c62-11eb-bc10-000000000000.json

-Software Information-
Version: 4.2.3.96
Components Version: 1.0.1104
Update Package Version: 1.0.33234
License: Trial

-System Information-
OS: Windows 10 (Build 18362.1198)
CPU: x64
File System: NTFS
User: DESKTOP-K23KPQ7\Mark Wilkins

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 293332
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 2 min, 14 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.InstallCore, HKU\S-1-5-21-3795192839-582509274-95860967-1001\SOFTWARE\CSASTATS\ic, Quarantined, 508, 586068, 1.0.33234, , ame, , , 

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Adware.FusionCore, C:\USERS\MARK WILKINS\DOWNLOADS\FILEZILLA_3.47.2.1_WIN64_SPONSORED-SETUP.EXE, Quarantined, 7443, 815611, 1.0.33234, , ame, , 79BF26BC69173A7F03E0127B987F65D2, 4D5C06858D8E0240EB87A3BC912502937CF8384D4E2E87280F6031B834F57A55

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

AdwCleaner
==========
 

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build:    10-08-2020
# Database: 2020-11-12.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    11-21-2020
# Duration: 00:00:00
# OS:       Windows 10 Home
# Cleaned:  1
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\csastats

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1424 octets] - [21/11/2020 18:39:57]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Link to post
Share on other sites

FRST
======
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-11-2020
Ran by Mark Wilkins (administrator) on DESKTOP-K23KPQ7 (21-11-2020 18:44:04)
Running from C:\Users\Mark Wilkins\Downloads
Loaded Profiles: Mark Wilkins
Platform: Windows 10 Home Version 1909 18363.1198 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe <2>
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\110.4.458\QtWebEngineProcess.exe <2>
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\87.0.4280.58\remoting_host.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <37>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler64.exe
(GoPro Media, Inc. -> ) C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_54b736e5be5b50b2\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a086f01cc7be643a\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a086f01cc7be643a\IntelCpHeciSvc.exe
(Logitech Inc -> Logitech) C:\Program Files\Logitech\LogiCapture\bin\Service\LogiFacecamService.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\Mark Wilkins\Downloads\adwcleaner_8.0.8.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2009.4.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd) C:\Windows\SysWOW64\Creative.UWPRPCService.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmd.inf_amd64_24c42a580c125b30\Display.NvContainer\NVDisplay.Container.exe <2>
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMAService.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Slack Technologies, Inc. -> Slack Technologies Inc.) C:\Users\Mark Wilkins\AppData\Local\slack\app-4.11.1\slack.exe <5>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7992832 2020-11-16] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [97703592 2020-02-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2042424 2020-03-16] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5866032 2020-10-22] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1310720 2020-02-10] (Seiko Epson Corporation) [File not signed]
HKU\S-1-5-21-3795192839-582509274-95860967-1001\...\Run: [com.squirrel.slack.slack] => C:\Users\Mark Wilkins\AppData\Local\slack\slack.exe [306672 2020-11-11] (Slack Technologies, Inc. -> Slack Technologies Inc.)
HKU\S-1-5-21-3795192839-582509274-95860967-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Mark Wilkins\AppData\Local\Microsoft\Teams\Update.exe [2342544 2020-04-12] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3795192839-582509274-95860967-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [648328 2020-04-13] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3795192839-582509274-95860967-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5491248 2020-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3795192839-582509274-95860967-1001\...\Run: [electron.app.Loom] => C:\Users\Mark Wilkins\AppData\Local\Programs\Loom\Loom.exe [99988832 2020-08-31] (Loom, Inc. -> Loom, Inc.)
HKU\S-1-5-21-3795192839-582509274-95860967-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [71464072 2020-04-20] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-3795192839-582509274-95860967-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32410000 2020-09-11] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3795192839-582509274-95860967-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3395360 2020-09-03] (Valve -> Valve Corporation)
HKU\S-1-5-21-3795192839-582509274-95860967-1001\...\Run: [C24E506BD8F15465F2B88807A76D9541F273F143._service_run] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=service /prefetch:8
HKU\S-1-5-21-3795192839-582509274-95860967-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNMON.EXE [346712 2020-07-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-3795192839-582509274-95860967-1001\...\Run: [utweb] => "C:\Users\Mark Wilkins\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [65496 2020-10-22] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\EPSON XP-4100 Series 64MonitorBE: C:\Windows\system32\E_YLMBWDE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\Windows\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.66\Installer\chrmstp.exe [2020-11-19] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09468A3F-4C4A-4A93-9E49-5FDAF502CC4B} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {12E19E4E-874D-439C-980F-E44C1E8D83DC} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1529911D-B566-4157-B128-B1F7C451FA8C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [660688 2020-09-01] (Mozilla Corporation -> Mozilla Foundation)
Task: {2A442814-2B0D-4E67-8016-01B318BFF562} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3EBD73C8-C843-46A4-87ED-012F01C78075} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4797A47B-C465-4A2C-B099-D69795754827} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-12] (Google LLC -> Google LLC)
Task: {5732C7C1-FABC-4E3A-89A5-04CAA9F628E1} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-04-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {58829863-79E1-4953-8D90-E2C667ABE0FF} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {6DD732EC-2CB6-4CAC-A0B8-C056B1EF4166} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939528 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {73024373-1E24-4AF8-A278-B2EB70B9837D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1526680 2020-11-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {78B89B7E-627D-4EBA-8CB4-ADFDF05AC37C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-06] (Adobe Inc. -> Adobe Inc.)
Task: {94718F2D-D4B1-49D5-B6D9-48A026C9D0FF} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9A132F49-A4F2-4E7D-8345-779556DC60B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-12] (Google LLC -> Google LLC)
Task: {9B722DC5-8DBA-4D4C-BC3D-452311F06F1A} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {9F92D663-F13D-46F9-8F7F-FBE4A4F841FF} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3292984 2020-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A579ED77-2933-4487-911B-F0EFD933E10F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939528 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {B50DD300-984C-427B-8522-37352A07FF24} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D8CAED1F-054A-46BD-ACF5-53C3806C8A76} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647656 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D904CC1F-AA00-4293-AA1E-55C767557967} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144744 2020-11-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {DB301975-1EB1-4C7B-A909-B3D795A176DA} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144744 2020-11-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0243A6F-F424-4685-A180-6511BCBDDB8C} - System32\Tasks\EPSON XP-4100 Series Update {289CCFF1-4DE5-4A7F-957B-370140DBFA42} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSWDE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {E3F2152A-AED1-4390-8789-12D4E22D5B0E} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {EDFB47B2-E7A8-4F09-B114-D7C3FD6A7DA9} - System32\Tasks\Intel PTT EK Recertification => C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {F22C5FD1-1F8B-4CF8-9244-652358D0A65A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-04-12] (Dropbox, Inc -> Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\EPSON XP-4100 Series Update {289CCFF1-4DE5-4A7F-957B-370140DBFA42}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSWDE.EXE:/EXE:{289CCFF1-4DE5-4A7F-957B-370140DBFA42} /F:UpdateWORKGROUP\DESKTOP-K23KPQ7$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0f8c4acb-3a7f-4ced-a1d6-9e0374aa3c9f}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f140ca19-bdbe-4b06-8156-2dc8932c3a41}: [DhcpNameServer] 192.168.1.1

Edge: 
======
Edge Profile: C:\Users\Mark Wilkins\AppData\Local\Microsoft\Edge\User Data\Default [2020-06-17]

FireFox:
========
FF DefaultProfile: 7tdp7v3w.default
FF ProfilePath: C:\Users\Mark Wilkins\AppData\Roaming\Mozilla\Firefox\Profiles\7tdp7v3w.default [2020-04-13]
FF ProfilePath: C:\Users\Mark Wilkins\AppData\Roaming\Mozilla\Firefox\Profiles\khz5uc4h.default-release [2020-10-16]
FF Extension: (AdBlocker Ultimate) - C:\Users\Mark Wilkins\AppData\Roaming\Mozilla\Firefox\Profiles\khz5uc4h.default-release\Extensions\adblockultimate@adblockultimate.net.xpi [2020-08-11]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-03-05]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-09-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2020-10-22] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)
FF Plugin HKU\S-1-5-21-3795192839-582509274-95860967-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Mark Wilkins\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-20] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-3795192839-582509274-95860967-1001: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2020-08-04] (TD Ameritrade -> TD Ameritrade)
FF Plugin HKU\S-1-5-21-3795192839-582509274-95860967-1001: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2020-08-04] (TD Ameritrade -> TD Ameritrade)

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Default [2020-11-21]
CHR Notifications: Default -> hxxps://meet.google.com; hxxps://na134.lightning.force.com; hxxps://www.loom.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://intranet.ncr.com/index.php?"
CHR Extension: (Slides) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-12]
CHR Extension: (Docs) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-12]
CHR Extension: (Google Drive) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21]
CHR Extension: (YouTube) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-12]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-11-19]
CHR Extension: (Dark Reader) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2020-11-20]
CHR Extension: (Sheets) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-12]
CHR Extension: (ExpressVPN: VPN proxy to unblock everything) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgddmllnllkalaagkghckoinaemmogpe [2020-11-19]
CHR Extension: (Google Docs Offline) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-11]
CHR Extension: (Loom for Chrome) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\liecbddmkiiihnedobmlmillhodjkdmb [2020-11-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-12]
CHR Extension: (Gmail) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-26]
CHR Extension: (Chrome Media Router) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-20]
CHR Profile: C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-05-22]
CHR Profile: C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-11-21]
CHR Notifications: Profile 1 -> hxxps://www.youtube.com
CHR HomePage: Profile 1 -> hxxp://www.google.com/
CHR StartupUrls: Profile 1 -> "hxxps://intranet.ncr.com/index.php?"
CHR Extension: (Easy Auto Refresh) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2020-04-12]
CHR Extension: (Slides) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-12]
CHR Extension: (Docs) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-12]
CHR Extension: (Google Drive) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-27]
CHR Extension: (Podio Super Menu) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bfdcjfocmgcodfnodiinggiflglplfaa [2020-04-12]
CHR Extension: (YouTube) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-12]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-11-21]
CHR Extension: (Adobe Acrobat) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-09-16]
CHR Extension: (Dark Reader) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2020-11-21]
CHR Extension: (Sheets) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-12]
CHR Extension: (ExpressVPN: VPN proxy to unblock everything) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fgddmllnllkalaagkghckoinaemmogpe [2020-11-21]
CHR Extension: (Google Docs Offline) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-21]
CHR Extension: (Web Scraper - Free Web Scraping) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jnhgnonknehpejjnehehllkliplmbmhn [2020-09-23]
CHR Extension: (ProcFu for GlobiFlow) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jpplggeamninpolmceelnkafpcegigam [2020-09-01]
CHR Extension: (Loom for Chrome) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\liecbddmkiiihnedobmlmillhodjkdmb [2020-11-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-12]
CHR Extension: (Data Scraper - Easy Web Scraping) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nndknepjnldbdbepjfgmncbggmopgden [2020-04-12]
CHR Extension: (Gmail) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-21]
CHR Extension: (Podio Power Tools) - C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\poiiimgigdekjmhpohdceabjlocjenfl [2020-10-15]
CHR Profile: C:\Users\Mark Wilkins\AppData\Local\Google\Chrome\User Data\System Profile [2020-04-12]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-06] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [820280 2020-03-16] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8686928 2020-09-01] (BattlEye Innovations e.K. -> )
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\87.0.4280.58\remoting_host.exe [73200 2020-11-10] (Google LLC -> Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9057136 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-04-12] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-04-12] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [44552 2020-11-16] (Dropbox, Inc -> Dropbox, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811120 2020-04-24] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 Epson PMAService A; C:\Program Files (x86)\Epson Software\PMA_A\PMAService.exe [113144 2017-03-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2019-07-04] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [38328 2018-08-31] (GoPro Media, Inc. -> )
R2 LGHUBUpdaterService; C:\Program Files\LGHUB/lghub_updater.exe [10131080 2020-04-20] (Logitech Inc -> Logitech, Inc.)
R2 LogiFacecamService; C:\Program Files\Logitech\LogiCapture\bin\Service\LogiFacecamService.exe [446600 2020-01-08] (Logitech Inc -> Logitech)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7269976 2020-11-21] (Malwarebytes Inc -> Malwarebytes)
R2 UWPService; C:\Windows\SysWOW64\Creative.UWPRPCService.exe [363968 2019-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\NisSrv.exe [2467088 2020-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MsMpEng.exe [128376 2020-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvmd.inf_amd64_24c42a580c125b30\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvmd.inf_amd64_24c42a580c125b30\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [231936 2020-01-09] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-11-21] (Malwarebytes Corporation -> Malwarebytes)
R2 LGHUBTemperatureService; C:\ProgramData\LGHUB\depots\47127\driver_cpu_temperature\logi_core_temp.sys [25448 2020-04-20] (Logitech Inc. -> Logitech)
S3 logi_audio_surround; C:\Windows\system32\drivers\logi_audio_surround.sys [44088 2020-04-20] (Logitech Inc -> Logitech)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [38136 2020-04-20] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [20624 2020-04-20] (WDKTestCert sqa,131523902232810150 -> Logitech, Inc.)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [66808 2020-04-20] (Logitech Inc -> Logitech)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [217600 2020-11-21] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2020-11-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197792 2020-11-21] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [74936 2020-11-21] (Malwarebytes Inc -> Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-11-21] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [134304 2020-11-21] (Malwarebytes Inc -> Malwarebytes)
R3 MBfilt; C:\Windows\system32\drivers\MBfilt64.sys [43456 2019-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2020-11-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [429288 2020-11-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [71912 2020-11-11] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-21 18:44 - 2020-11-21 18:44 - 000033258 _____ C:\Users\Mark Wilkins\Downloads\FRST.txt
2020-11-21 18:43 - 2020-11-21 18:44 - 000000000 ____D C:\FRST
2020-11-21 18:42 - 2020-11-21 18:43 - 002294784 _____ (Farbar) C:\Users\Mark Wilkins\Downloads\FRST64.exe
2020-11-21 18:41 - 2020-11-21 18:41 - 000197792 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2020-11-21 18:41 - 2020-11-21 18:41 - 000074936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-11-21 18:40 - 2020-11-21 18:40 - 000134304 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2020-11-21 18:39 - 2020-11-21 18:40 - 000000000 ____D C:\AdwCleaner
2020-11-21 18:39 - 2020-11-21 18:39 - 008447152 _____ (Malwarebytes) C:\Users\Mark Wilkins\Downloads\adwcleaner_8.0.8.exe
2020-11-21 18:29 - 2020-11-21 18:29 - 000001993 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-11-21 18:29 - 2020-11-21 18:29 - 000001981 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-11-21 18:29 - 2020-11-21 18:29 - 000001981 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-11-21 18:29 - 2020-11-21 18:29 - 000000000 ____D C:\Users\Mark Wilkins\AppData\Local\mbam
2020-11-21 18:28 - 2020-11-21 18:28 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-11-21 18:28 - 2020-11-21 18:28 - 000217600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-11-21 18:28 - 2020-11-21 18:28 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-11-21 18:28 - 2020-11-21 18:28 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2020-11-21 18:28 - 2020-11-21 18:28 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-11-21 18:28 - 2020-11-21 18:28 - 000000000 ____D C:\Program Files\Malwarebytes
2020-11-21 18:27 - 2020-11-21 18:27 - 002076624 _____ (Malwarebytes) C:\Users\Mark Wilkins\Downloads\MBSetup.exe
2020-11-21 15:37 - 2020-11-21 15:56 - 000000000 ____D C:\Users\Mark Wilkins\AppData\Roaming\balena-etcher
2020-11-21 15:37 - 2020-11-21 15:37 - 000002487 _____ C:\Users\Mark Wilkins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\balenaEtcher.lnk
2020-11-21 15:37 - 2020-11-21 15:37 - 000002479 _____ C:\Users\Mark Wilkins\Desktop\balenaEtcher.lnk
2020-11-21 15:37 - 2020-11-21 15:37 - 000000000 ____D C:\Users\Mark Wilkins\AppData\Local\balena-etcher-updater
2020-11-21 15:25 - 2020-11-21 15:25 - 130419872 _____ (Balena Inc.) C:\Users\Mark Wilkins\Downloads\balenaEtcher-Setup-1.5.105.exe
2020-11-21 15:21 - 2020-11-21 15:34 - 000000000 ____D C:\Users\Mark Wilkins\Downloads\kali-linux-2020-4-installer-amd64-iso
2020-11-21 15:20 - 2020-11-21 18:34 - 000001900 _____ C:\Users\Mark Wilkins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk
2020-11-21 15:20 - 2020-11-21 18:34 - 000000000 ____D C:\Users\Mark Wilkins\AppData\Local\BitTorrentHelper
2020-11-21 14:49 - 2020-11-21 15:03 - 000007669 _____ C:\Users\Mark Wilkins\AppData\Local\Resmon.ResmonCfg
2020-11-21 05:59 - 2020-11-21 05:59 - 000000000 ____D C:\Windows\LastGood.Tmp
2020-11-21 05:58 - 2020-08-21 02:32 - 001018776 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2020-11-21 05:58 - 2020-08-21 02:32 - 000675224 _____ C:\Windows\system32\nvofapi64.dll
2020-11-21 05:58 - 2020-08-21 02:32 - 000541936 _____ C:\Windows\SysWOW64\nvofapi.dll
2020-11-21 05:58 - 2020-08-21 02:31 - 001485536 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2020-11-21 05:58 - 2020-08-21 02:31 - 001146256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2020-11-21 05:58 - 2020-08-21 02:31 - 000816360 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2020-11-21 05:58 - 2020-08-21 02:31 - 000669416 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2020-11-21 05:58 - 2020-08-21 02:31 - 000555920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2020-11-21 05:58 - 2020-08-21 02:30 - 002078104 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2020-11-21 05:58 - 2020-08-21 02:30 - 001570712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2020-11-21 05:58 - 2020-08-21 02:30 - 000811248 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2020-11-21 05:58 - 2020-08-21 02:30 - 000656792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2020-11-21 05:58 - 2020-08-21 02:30 - 000582888 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2020-11-21 05:58 - 2020-08-21 02:30 - 000048432 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhdap64.dll
2020-11-21 05:58 - 2020-08-21 02:29 - 006653336 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2020-11-21 05:58 - 2020-08-21 02:29 - 005882608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2020-11-21 05:58 - 2020-08-21 02:29 - 003916696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2020-11-21 05:58 - 2020-08-21 02:29 - 002376088 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2020-11-21 05:58 - 2020-08-21 02:29 - 000849648 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2020-11-21 05:58 - 2020-08-21 02:29 - 000443632 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2020-11-21 05:58 - 2020-08-21 02:28 - 004707696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2020-11-21 05:58 - 2020-08-21 01:57 - 000077891 _____ C:\Windows\system32\nvinfo.pb
2020-11-20 17:53 - 2020-11-20 18:02 - 000526710 _____ C:\Users\Mark Wilkins\Desktop\Withdrawal Request Form(2020).pdf
2020-11-19 00:09 - 2020-11-19 00:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-11-16 16:57 - 2020-11-16 16:57 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2020-11-16 16:57 - 2020-11-16 16:57 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2020-11-16 16:57 - 2020-11-16 16:57 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2020-11-16 16:57 - 2020-11-16 16:57 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx.sys
2020-11-16 16:57 - 2020-11-16 16:57 - 000044552 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2020-11-11 17:12 - 2020-11-11 17:12 - 001841152 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2020-11-11 17:12 - 2020-11-11 17:12 - 001101312 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2020-11-11 17:12 - 2020-11-11 17:12 - 000200704 _____ C:\Windows\system32\IHDS.dll
2020-11-11 17:12 - 2020-11-11 17:12 - 000164864 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2020-11-11 17:12 - 2020-11-11 17:12 - 000000315 _____ C:\Windows\system32\DrtmAuth9.bin
2020-11-11 17:12 - 2020-11-11 17:12 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2020-11-11 17:12 - 2020-11-11 17:12 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2020-11-11 17:12 - 2020-11-11 17:12 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2020-11-11 17:12 - 2020-11-11 17:12 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2020-11-11 17:12 - 2020-11-11 17:12 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2020-11-11 17:12 - 2020-11-11 17:12 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2020-11-11 17:12 - 2020-11-11 17:12 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2020-11-11 17:12 - 2020-11-11 17:12 - 000000315 _____ C:\Windows\system32\DrtmAuth12.bin
2020-11-11 17:12 - 2020-11-11 17:12 - 000000315 _____ C:\Windows\system32\DrtmAuth11.bin
2020-11-11 17:12 - 2020-11-11 17:12 - 000000315 _____ C:\Windows\system32\DrtmAuth10.bin
2020-11-11 17:12 - 2020-11-11 17:12 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2020-11-02 16:28 - 2020-11-02 16:28 - 001196035 _____ C:\Users\Mark Wilkins\Documents\Hubbell_St-Opening-Letter.pdf
2020-10-29 11:11 - 2020-10-29 11:11 - 000076624 _____ C:\Users\Mark Wilkins\Desktop\full-phone-number-details-20201029-141059.csv
2020-10-29 08:52 - 2020-10-29 08:52 - 000003840 _____ C:\Windows\system32\Tasks\Intel PTT EK Recertification
2020-10-28 18:46 - 2020-09-11 11:36 - 000305992 _____ C:\Windows\system32\libmfxhw64.dll
2020-10-28 18:46 - 2020-09-11 11:36 - 000254520 _____ C:\Windows\SysWOW64\libmfxhw32.dll
2020-10-28 18:46 - 2020-09-11 11:36 - 000171472 _____ (Intel Corporation) C:\Windows\system32\intel_gfx_api-x64.dll
2020-10-28 18:46 - 2020-09-11 11:36 - 000146752 _____ (Intel Corporation) C:\Windows\SysWOW64\intel_gfx_api-x86.dll
2020-10-28 18:46 - 2020-09-11 11:35 - 026676016 _____ (Intel Corporation) C:\Windows\system32\mfxplugin64_hw.dll
2020-10-28 18:46 - 2020-09-11 11:35 - 013519664 _____ (Intel Corporation) C:\Windows\SysWOW64\mfxplugin32_hw.dll
2020-10-28 18:46 - 2020-09-11 11:35 - 001790192 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2020-10-28 18:46 - 2020-09-11 11:35 - 001790192 _____ C:\Windows\system32\vulkaninfo.exe
2020-10-28 18:46 - 2020-09-11 11:35 - 001386224 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-10-28 18:46 - 2020-09-11 11:35 - 001386224 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2020-10-28 18:46 - 2020-09-11 11:35 - 001096800 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2020-10-28 18:46 - 2020-09-11 11:35 - 001096800 _____ C:\Windows\system32\vulkan-1.dll
2020-10-28 18:46 - 2020-09-11 11:35 - 000949856 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2020-10-28 18:46 - 2020-09-11 11:35 - 000949856 _____ C:\Windows\SysWOW64\vulkan-1.dll
2020-10-28 18:46 - 2020-09-11 11:35 - 000507696 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2020-10-28 18:46 - 2020-09-11 11:35 - 000462640 _____ C:\Windows\system32\ze_loader.dll
2020-10-28 18:46 - 2020-09-11 11:35 - 000370480 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2020-10-28 18:46 - 2020-09-11 11:35 - 000148784 _____ C:\Windows\system32\ze_validation_layer.dll
2020-10-26 17:24 - 2020-10-26 17:24 - 000000000 ____D C:\Users\Mark Wilkins\AppData\Roaming\Epson
2020-10-26 16:56 - 2020-10-26 16:56 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2020-10-26 16:55 - 2020-11-02 15:55 - 000000000 ____D C:\ProgramData\EPSON
2020-10-26 16:55 - 2020-10-29 08:51 - 000000951 _____ C:\Windows\Tasks\EPSON XP-4100 Series Update {289CCFF1-4DE5-4A7F-957B-370140DBFA42}.job
2020-10-26 16:55 - 2020-10-26 16:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2020-10-26 16:55 - 2020-10-26 16:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2020-10-26 16:55 - 2020-10-26 16:56 - 000000000 ____D C:\Program Files (x86)\EPSON Software
2020-10-26 16:55 - 2020-10-26 16:56 - 000000000 ____D C:\Program Files (x86)\epson
2020-10-26 16:55 - 2020-10-26 16:55 - 000004150 _____ C:\Windows\system32\Tasks\EPSON XP-4100 Series Update {289CCFF1-4DE5-4A7F-957B-370140DBFA42}
2020-10-26 16:55 - 2020-10-26 16:55 - 000000000 ____D C:\Program Files\EpsonNet
2020-10-26 16:55 - 2020-10-26 16:55 - 000000000 ____D C:\Program Files\Common Files\EPSON
2020-10-26 16:55 - 2019-07-04 15:29 - 000145224 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc64.exe
2020-10-26 16:55 - 2019-07-04 15:28 - 000147472 _____ (TWAIN Working Group) C:\Windows\SysWOW64\twaindsm.dll
2020-10-26 16:55 - 2018-06-15 04:14 - 000187392 _____ (Seiko Epson Corporation) C:\Windows\system32\E_YLMBWDE.DLL
2020-10-26 16:55 - 2018-06-15 03:04 - 000083968 _____ (Seiko Epson Corporation) C:\Windows\system32\E_YD4BWDE.DLL
2020-10-26 16:54 - 2020-10-26 16:54 - 013584816 _____ (Epson America, Inc. ) C:\Users\Mark Wilkins\Downloads\XP4100_Lite_NA.exe
2020-10-22 15:42 - 2020-10-22 15:42 - 000065496 _____ (Adobe Systems Inc) C:\Windows\system32\AdobePDF.dll
2020-10-22 15:42 - 2020-10-22 15:42 - 000036312 _____ (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-21 18:44 - 2020-04-12 17:32 - 000000000 ____D C:\Users\Mark Wilkins\AppData\Roaming\Slack
2020-11-21 18:43 - 2020-04-12 17:06 - 000000000 ____D C:\ProgramData\NVIDIA
2020-11-21 18:42 - 2019-03-18 21:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-11-21 18:41 - 2020-04-12 16:43 - 000000000 __SHD C:\Users\Mark Wilkins\IntelGraphicsProfiles
2020-11-21 18:40 - 2020-04-12 16:43 - 000000000 ____D C:\Intel
2020-11-21 18:40 - 2020-04-12 16:40 - 000841376 _____ C:\Windows\system32\PerfStringBackup.INI
2020-11-21 18:40 - 2020-04-12 16:32 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-11-21 18:40 - 2019-03-18 21:50 - 000000000 ____D C:\Windows\INF
2020-11-21 18:40 - 2019-03-18 21:37 - 000524288 _____ C:\Windows\system32\config\BBI
2020-11-21 18:36 - 2020-04-17 14:30 - 000000000 ____D C:\Users\Mark Wilkins\AppData\Local\CrashDumps
2020-11-21 18:34 - 2020-04-12 16:32 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-11-21 18:28 - 2019-03-18 21:52 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-11-21 14:15 - 2020-05-11 11:23 - 000004176 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{9FA11BE9-52C2-4078-B1E7-CB3EB56518D0}
2020-11-21 05:41 - 2020-06-17 11:30 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-11-20 23:58 - 2020-09-30 13:02 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2020-11-20 23:56 - 2019-03-18 21:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-11-20 23:56 - 2019-03-18 21:52 - 000000000 ____D C:\Windows\AppReadiness
2020-11-20 18:02 - 2020-04-13 09:19 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-11-20 18:02 - 2020-04-13 09:19 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-11-20 17:54 - 2020-04-12 17:25 - 000000000 ____D C:\Program Files\Microsoft Office
2020-11-20 17:50 - 2020-07-07 22:03 - 000000000 ____D C:\Users\Mark Wilkins\AppData\Local\SteringTraderPro
2020-11-19 18:05 - 2020-06-17 11:29 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-19 18:05 - 2020-06-17 11:29 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-19 17:19 - 2020-04-12 16:54 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-19 00:14 - 2020-04-12 16:54 - 000000000 ____D C:\Program Files (x86)\Google
2020-11-19 00:09 - 2020-04-12 17:24 - 000000000 ____D C:\Program Files (x86)\Dropbox
2020-11-18 23:07 - 2020-04-12 17:09 - 000011528 _____ C:\ProgramData\DisplaySessionContainer2.log_backup1
2020-11-18 23:07 - 2020-04-12 17:05 - 000011793 _____ C:\ProgramData\DisplaySessionContainer1.log_backup1
2020-11-18 23:03 - 2020-04-12 17:05 - 000022382 _____ C:\ProgramData\NVDisplayContainerWatchdog.log_backup1
2020-11-18 23:03 - 2020-04-12 17:05 - 000018245 _____ C:\ProgramData\NVDisplay.ContainerLocalSystem.log_backup1
2020-11-18 23:03 - 2020-04-12 17:05 - 000002948 _____ C:\ProgramData\NvcDispCorePlugin.log_backup1
2020-11-12 11:47 - 2020-04-14 00:20 - 000000000 ____D C:\Users\Mark Wilkins\AppData\Local\Spotify
2020-11-12 11:47 - 2020-04-12 21:37 - 000011535 _____ C:\ProgramData\DisplaySessionContainer3.log_backup1
2020-11-12 11:33 - 2020-04-14 00:20 - 000000000 ____D C:\Users\Mark Wilkins\AppData\Roaming\Spotify
2020-11-12 11:00 - 2020-09-30 13:02 - 000907064 _____ (Microsoft Corporation) C:\Windows\system32\sedplugins.dll
2020-11-12 10:59 - 2020-09-30 13:02 - 000436536 _____ (Microsoft Corporation) C:\Windows\system32\QualityUpdateAssistant.dll
2020-11-11 22:39 - 2020-04-12 17:24 - 000000952 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2020-11-11 22:39 - 2020-04-12 17:24 - 000000948 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2020-11-11 22:39 - 2020-04-12 16:36 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-11-11 22:39 - 2020-04-12 16:36 - 000000000 ___RD C:\Users\Mark Wilkins\3D Objects
2020-11-11 22:39 - 2020-04-12 16:32 - 000476992 _____ C:\Windows\system32\FNTCACHE.DAT
2020-11-11 19:29 - 2019-03-18 21:52 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2020-11-11 19:29 - 2019-03-18 21:52 - 000000000 ____D C:\Windows\TextInput
2020-11-11 19:29 - 2019-03-18 21:52 - 000000000 ____D C:\Windows\SysWOW64\setup
2020-11-11 19:29 - 2019-03-18 21:52 - 000000000 ____D C:\Windows\SystemResources
2020-11-11 19:29 - 2019-03-18 21:52 - 000000000 ____D C:\Windows\system32\setup
2020-11-11 19:29 - 2019-03-18 21:52 - 000000000 ____D C:\Windows\system32\oobe
2020-11-11 19:29 - 2019-03-18 21:52 - 000000000 ____D C:\Windows\system32\migwiz
2020-11-11 19:29 - 2019-03-18 21:52 - 000000000 ____D C:\Windows\ShellExperiences
2020-11-11 19:29 - 2019-03-18 21:52 - 000000000 ____D C:\Windows\PolicyDefinitions
2020-11-11 19:29 - 2019-03-18 21:52 - 000000000 ____D C:\Windows\bcastdvr
2020-11-11 18:11 - 2020-04-12 17:32 - 000000000 ____D C:\Users\Mark Wilkins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc
2020-11-11 18:11 - 2020-04-12 17:32 - 000000000 ____D C:\Users\Mark Wilkins\AppData\Local\slack
2020-11-11 18:10 - 2020-04-12 17:32 - 000000000 ____D C:\Users\Mark Wilkins\AppData\Local\SquirrelTemp
2020-11-11 17:16 - 2020-04-12 16:49 - 000000000 ____D C:\Windows\system32\MRT
2020-11-11 17:15 - 2020-04-12 16:49 - 133736600 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-11-11 17:15 - 2019-03-18 21:37 - 000000000 ____D C:\Windows\CbsTemp
2020-11-11 17:12 - 2020-04-12 16:35 - 002876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2020-11-11 13:14 - 2020-04-13 09:24 - 000002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2020-11-11 13:14 - 2020-04-13 09:24 - 000002103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2020-11-11 13:13 - 2020-04-12 16:32 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-11-02 19:38 - 2020-04-12 16:38 - 000000000 ____D C:\Users\Mark Wilkins\AppData\Local\PlaceholderTileLogoFolder
2020-11-02 17:31 - 2020-04-12 16:36 - 000000000 ____D C:\Users\Mark Wilkins\AppData\Local\Packages
2020-11-02 16:39 - 2020-04-12 17:24 - 000004012 _____ C:\Windows\system32\Tasks\DropboxUpdateTaskMachineUA
2020-11-02 16:39 - 2020-04-12 17:24 - 000003780 _____ C:\Windows\system32\Tasks\DropboxUpdateTaskMachineCore
2020-10-30 16:51 - 2020-04-12 16:50 - 000795000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2020-10-29 08:51 - 2020-04-12 16:35 - 000000000 ____D C:\Users\Mark Wilkins
2020-10-27 20:01 - 2020-04-13 13:20 - 000014306 _____ C:\ProgramData\DisplaySessionContainer6.log_backup1
2020-10-26 20:18 - 2020-04-13 13:16 - 000013385 _____ C:\ProgramData\DisplaySessionContainer5.log_backup1
2020-10-26 17:07 - 2020-04-13 13:15 - 000013377 _____ C:\ProgramData\DisplaySessionContainer4.log_backup1

==================== Files in the root of some directories ========

2020-04-28 19:05 - 2020-04-28 19:05 - 000000128 _____ () C:\Users\Mark Wilkins\AppData\Roaming\PUTTY.RND
2020-04-17 13:15 - 2020-04-17 13:48 - 000006144 _____ () C:\Users\Mark Wilkins\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-04-13 09:16 - 2020-04-13 09:16 - 000000410 _____ () C:\Users\Mark Wilkins\AppData\Local\oobelibMkey.log
2020-04-17 14:35 - 2020-04-28 19:08 - 000000128 _____ () C:\Users\Mark Wilkins\AppData\Local\PUTTY.RND
2020-09-21 09:11 - 2020-09-21 09:11 - 000000849 _____ () C:\Users\Mark Wilkins\AppData\Local\recently-used.xbel
2020-11-21 14:49 - 2020-11-21 15:03 - 000007669 _____ () C:\Users\Mark Wilkins\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Addition.txt

Link to post
Share on other sites

Hiya markiejw,

One more scan please:

Download Kaspersky Virus Removal Tool (KVRT) from here: https://www.kaspersky.com/downloads/thank-you/free-virus-removal-tool and save to your Desktop.

Select the Windows Key and R Key together, the "Run" box should open.

user posted image

Drag and Drop KVRT.exe into the Run Box.

user posted image

C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box.

user posted image

add -dontcryptsupportinfo Note the space between KVRT.exe and -dontcryptsupportinfo

C:\Users\{your user name}\DESKTOP\KVRT.exe -dontcryptsupportinfo should now show in the Run box.

user posted image

That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file.

Reports are saved here C:\KVRT_data\Reports and look similar to this report_20200727_103821.klr Right click direct onto that report, select > open with > Notepad. Save that file and attach to your reply.

To start the scan select OK in the "Run" box.

user posted image

The Windows Protected your PC window will open, select "More Info"

user posted image

A new Window will open, select "Run anyway"

user posted image

A EULA window will open, tick both confirmation boxes then select "Accept"

user posted image

In the new window select "Change Parameters"

user posted image

In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start...

user posted image

When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue"

user posted image

When complete, or if nothing was found select "Close"

user posted image

Attach the report information as previously instructed....
 
Thanks,
 
Kevin...
Link to post
Share on other sites

KVRT didn't find anything.

======

<Report>
    <Metadata Version="1" PCID="{4203340F-8DB1-2303-E75E-990256958EAD}" LastModification="2020.11.22 22:14:30.140" />
    <EventBlocks>
        <Block0 Type="Scan" Processed="640744" Found="0" Neutralized="0">
            <Event0 Action="Scan" Time="132505806579590911" Object="" Info="Started" />
            <Event1 Action="Scan" Time="132505820701390974" Object="" Info="Finished" />
        </Block0>
    </EventBlocks>
</Report>

Link to post
Share on other sites

Hiya markiejw,

Your logs are not indicating the presence any malware or infection. What is the current status of your system, any issues or concerns...?

Thank you,

Kevin.

Link to post
Share on other sites

I have files all over my computer that are of named XXXXXX.log (the X being a random number) and they appear to be logging what I am doing while on the PC... attached is an example of what I think suggests my PC was being cast across ChromeCast to another IP address on my LAN.

007974.bak.log

Link to post
Share on other sites

What are you doing when these logs you mention appear.. They seem to be related to Chrome, as that is your Default browser do the logs show when using that browser....?

Link to post
Share on other sites

It seems like it attaches to anything with some kind of internet connectivity. I searched for 0*.log and took a snippet so you could see. I sorted by folder just to give an idea of some of the programs that keep getting logged.

Capture.PNG

Link to post
Share on other sites

I followed those steps and one log file attached to Slack created right after boot even tho the program was not running. Once I opened Chrome a bunch of logs created.

I opened Resource Monitor while I was searching for the log files and I saw that "Calculator.exe" was running, well suspended, but I did not open it. I'm sorry if these are silly questions, I'm just trying to figure this out. But I noticed some weird registry keys associated with Calculator.exe and I'm not sure if they're normal or not? I attached a screenshot.

Capture.PNG

Link to post
Share on other sites

Hiya markiejw,

Calculator.exe is a windows application, as far as i`m aware it should only run when selected. The only way I can get Calculator to show (suspended) in Resource Monitor is to select and open the application but not use it... If I start using calculator it will change to running. I only see one entry either "suspended" or "running" depending on calculator status. I never see multiple entries like your image...

When you see the image you have posted is the Calculator application selected and open...?

Try resetting Calculator application to see if that clears the issue...

Select windows flag, scroll to and right click on Calculator > move through More > then select App settings

user posted image

In the new window scroll to and select Reset

user posted image

Does that change entries in Resource Monitor....?
 
Thank you,
Kevin
Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.