Jump to content

Repeatedly blocking medosinger.top FTP attempt


Recommended Posts

Hi, 

MWB keeps blocking, as the title suggests, an outbound connection with IP address 8.208.22.227 / domain medosinger.top, going after C:\Windows\SysWOW64\ftp.exe.

I can't seem to find any other reference to this online... Ran the root toolkit and it found/removed something else seemingly unrelated; ran MWB scan several times to no avail.
 

What is this?

Link to post
Share on other sites

Hello owenflass and welcome to Malwarebytes,

Run the following:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status... Right click on FRST and rename FRSTEnglish
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Thank you,

Kevin
Link to post
Share on other sites

Hey Kevin,
 

Thanks for jumping in. Here's the FRST text:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-01-2021
Ran by Owen_Laptop (administrator) on OWEN-LAPTOP (LENOVO 20FN002JUS) (20-01-2021 14:58:56)
Running from C:\Users\Owen_Laptop\Downloads
Loaded Profiles: Owen_Laptop
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(%CFullName%) [File not signed] C:\Program Files\Lenovo\Fingerprint Manager Pro\opvapp.exe
(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <4>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe <2>
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Cisco WebEx LLC -> Cisco Webex LLC) C:\Users\Owen_Laptop\AppData\Local\WebEx\ciscowebexstart.exe
(Cisco WebEx LLC -> Cisco Webex LLC) C:\Users\Owen_Laptop\AppData\Local\WebEx\WebEx\Meetings\atmgr.exe
(Corel Corporation -> WinZip Computing) C:\Program Files\WinZip\WzPreloader.exe
(Corel Corporation -> WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\113.4.507\QtWebEngineProcess.exe <2>
(Global Media (Thailand) Co., Ltd -> Global Media (Thailand) Co., Ltd) C:\Program Files (x86)\MaskVPN\mask_svc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <47>
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Wireless Display -> Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(LENOVO (UNITED STATES) INC. -> Lenovo) C:\Users\Owen_Laptop\AppData\Local\Apps\2.0\8TND9YDE.LT0\A2JV6A34.32M\lsb...tion_2d7b41b05b24775e_0001.0006_3b0a905c8de4f74a\LSB.exe
(LENOVO -> Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo -> Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo -> Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo -> Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo -> Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(LENOVO -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(LENOVO -> Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(LENOVO -> Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(LENOVO -> Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo -> Lenovo.) C:\Windows\System32\TpShocks.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <8>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\ftp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Nok Nok Labs, Inc. -> Nok Nok Labs Inc.) C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe
(Nok Nok Labs, Inc. -> Nok Nok Labs, Inc.) C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\mfac.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Robert McNeel and Associates -> Robert McNeel & Associates) [File not signed] C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
(Slack Technologies, Inc. -> Slack Technologies Inc.) C:\Users\Owen_Laptop\AppData\Local\slack\app-4.12.2\slack.exe <6>
(Softex Incorporated -> Lenovo) [File not signed] C:\Program Files\Lenovo\Fingerprint Manager Pro\CoreService.exe
(Synaptics Inc. -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated -> Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(TEFINCOM S.A. -> TEFINCOM S.A.) C:\Program Files\NordVPN\NordVPN.exe
(TEFINCOM S.A. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [296664 2017-05-12] (Lenovo -> Lenovo Group Limited)
HKLM\...\Run: [MFACApp] => C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\mfac.exe [5449544 2014-10-16] (Nok Nok Labs, Inc. -> Nok Nok Labs, Inc.)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7953504 2018-05-16] (Intel Corporation -> Motorola Solutions, Inc.)
HKLM\...\Run: [AutoKMS] => C:\windows\AutoKMS.exe
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436704 2020-09-25] (Corel Corporation -> WinZip Computing, S.L.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-10-07] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL [6422696 2016-04-14] (LENOVO -> Lenovo Group Limited)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-06-29] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [766464 2016-02-29] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2091064 2020-07-17] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-09-14] (Adobe Inc. -> )
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7992336 2021-01-13] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [285544 2020-12-07] (IDSA Production signing key -> Intel)
HKLM\...\RunOnce: [NCInstallQueue] => C:\windows\system32\netman.dll [360448 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3411232 2020-12-20] (Valve -> Valve Corporation)
HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\Run: [Spotify] => C:\Users\Owen_Laptop\AppData\Roaming\Spotify\Spotify.exe [23592304 2020-12-14] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91701608 2020-07-07] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Owen_Laptop\AppData\Local\Microsoft\Teams\Update.exe [2452664 2021-01-18] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [718208 2010-03-16] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\Run: [com.squirrel.slack.slack] => C:\Users\Owen_Laptop\AppData\Local\slack\slack.exe [306856 2021-01-12] (Slack Technologies, Inc. -> Slack Technologies Inc.)
HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [274176 2020-10-16] (TEFINCOM S.A. -> TEFINCOM S.A.)
HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\Run: [utweb] => C:\Users\Owen_Laptop\AppData\Roaming\uTorrent Web\utweb.exe [5643392 2020-12-18] (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\Run: [AdvancedTimer] => rundll32.exe "C:\Users\Owen_Laptop\AppData\Roaming\AdvancedTimer\bdwtmr.dll",bdwtmr 7R-10-1 <==== ATTENTION
HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\Run: [CiscoMeetingDaemon] => C:\Users\Owen_Laptop\AppData\Local\WebEx\ciscowebexstart.exe [2395968 2020-12-11] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\RunOnce: [b75426da614240b28394bef43a17be45] => cmd /C copy /Y "C:\Users\Owen_Laptop\AppData\Local\Autodesk\webdeploy\production\1c390f736d162708dcf21ff0d9d996bd09400ac2\FusionLauncher.exe" "C:\Users\Owen_Laptop\AppData\Local\Autodesk\webdeploy\pro (the data entry has 60 more characters).
HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\RunOnce: [BPInstaller.exe_3244134] => C:\Program Files\Bitdefender Antivirus Free\kitinstaller\BPInstaller.exe [1751160 2020-11-26] (Bitdefender SRL -> Bitdefender) <==== ATTENTION
HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\MountPoints2: {075927d2-9115-11e6-af2a-a434d9c3147c} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\MountPoints2: {1b60b5f5-cdef-11e8-be87-a434d9c3147c} - V:\SETUP.EXE
HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\MountPoints2: {31232113-10f7-4f16-b618-49f581460b89} - Q:\LenovoQDrive.cmd
HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\MountPoints2: {c7b39a8c-d570-11e9-9119-507b9da3dbb0} - D:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\MountPoints2: {e02bbddc-c75f-11ea-9f23-507b9da3dbb0} - D:\TP-LINK_Gigabit_Ethernet_USB_Adapter.exe
HKU\S-1-5-21-1237113960-3301161054-180056513-1000\...\Winlogon: [Shell] explorer.exe,C:\Users\Owen_Laptop\Documents\update_z\z-cloude.exe, <==== ATTENTION
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-11] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniPassCredProv.dll [2017-10-11] (Softex Incorporated -> Softex Inc..) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniPassCredProv.dll [2017-10-11] (Softex Incorporated -> Softex Inc..) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2021-01-19]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing)
InternetURL: C:\Users\Owen_Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gUsSwOIyGF.url -> URL: "C:\Users\Owen_Laptop\AppData\Roaming\FDAMEtjSLj\OKdip.js"
Startup: C:\Users\Owen_Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2020-08-30]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction - Windows Defender <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\Users\Owen_Laptop\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {038C34E1-62BB-491F-840F-84B10391DBF3} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {0696AAA6-2C2D-4BD2-8929-91AC6C8E817E} - System32\Tasks\Lenovo\Lenovo PowerENGAGE => C:\Program Files (x86)\Lenovo Registration\lenovoreg.exe [552992 2015-01-09] (Leader Technologies Inc -> Aviata Inc)
Task: {0A52C39F-896A-4417-884C-FD07BF748439} - System32\Tasks\Nok Nok LabsMFACUpdaterTaskMachineCore => C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [148224 2016-03-11] (Nok Nok Labs, Inc. -> Nok Nok Labs Inc.)
Task: {0F6BA421-5D12-4CDA-9128-E2F731BABEFB} - System32\Tasks\Lenovo\Lenovo PowerENGAGE Update => C:\Program Files (x86)\Lenovo Registration\lenovoreg.exe [552992 2015-01-09] (Leader Technologies Inc -> Aviata Inc)
Task: {0FD3718A-C323-45CB-91E8-B59679A39EA0} - System32\Tasks\RGxYjFwHxEIKfk => rundll32 "C:\Program Files (x86)\iZzTXVUzpkLU2\qOmNEllaOyjXg.dll",#1
Task: {1240D21F-28DD-45E8-9285-E073496C38E9} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-26] (Dropbox, Inc -> Dropbox, Inc.)
Task: {182D7016-47EE-491B-AFAE-8924EF6B2218} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [9944400 2016-06-02] (LENOVO -> Lenovo)
Task: {21AB821B-FA19-42EC-A0EC-0CAC0D5A7645} - System32\Tasks\Nok Nok LabsMFACUpdaterTaskMachineUA => C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [148224 2016-03-11] (Nok Nok Labs, Inc. -> Nok Nok Labs Inc.)
Task: {2DA13F42-42BD-4B92-A6A3-09D7B6465D4C} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758648 2020-09-08] (Lenovo -> )
Task: {31F9181D-9272-4F8A-AD3A-FACE90CC9C5E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {3DE5926A-2B7D-473F-B523-E1ED3CAB5D9D} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758648 2020-09-08] (Lenovo -> )
Task: {3E770A1D-078E-4039-921B-872F22B80E28} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-1237113960-3301161054-180056513-1000 => "C:\windows\system32\rundll32.exe" dfshim.dll,ShOpenVerbShortcut C:\Users\Owen_Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {458BC213-B3C9-47B3-91F2-FF59B43A5052} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-24] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {4C111FDB-E9A8-47EF-ABB6-1A5321360F5B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24612232 2021-01-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {4DC2ABDA-94A1-4442-AEF5-E3F6FD9476D6} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-24] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {4EC1ABA5-2F76-4F1B-95DF-0DB41C2B24FF} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115048 2021-01-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {50A3E893-48A6-4ABA-B476-FC8E82FC4D0B} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {53D16E4C-BB16-49B2-B7B8-B09317E99C73} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-01] (Google Inc -> Google Inc.)
Task: {5C4AE0AD-56AB-4FCD-8783-0E0867448640} - System32\Tasks\G2MUploadTask-S-1-5-21-1237113960-3301161054-180056513-1000 => C:\Users\Owen_Laptop\AppData\Local\GoToMeeting\19228\g2mupload.exe [31320 2020-12-23] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {68640350-8582-4444-8523-59D3BA7F7857} - System32\Tasks\TVT\LaunchFR => C:\Program Files (x86)\Lenovo\Factory Recovery\FRReminder.exe [641024 2015-12-23] (TODO: <Company name>) [File not signed]
Task: {6A713D03-96DD-43DA-B4E8-08AA72B4AE37} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {6E6B6E6B-AF1A-49DC-B321-82F92852C9E6} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618088 2020-07-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {6EFFB3E1-DCDD-4131-9B62-30A4EA8F42DE} - System32\Tasks\jKWAiJPrCvRiPvBmI2 => rundll32 "C:\Program Files (x86)\JZkvhlsaTPvVqBWGjRR\UaexdgB.dll",#1
Task: {6FBF38D0-4BB2-4ABA-90C3-A94377A2840F} - System32\Tasks\Lenovo Active Protection System => C:\windows\system32\TpShUI.exe [120424 2017-03-21] (Lenovo -> Lenovo.)
Task: {70FAEBC2-66C3-463D-BEB0-C43FE819F5B0} - System32\Tasks\G2MUpdateTask-S-1-5-21-1237113960-3301161054-180056513-1000 => C:\Users\Owen_Laptop\AppData\Local\GoToMeeting\19228\g2mupdate.exe [31320 2020-12-23] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {7154CDD3-BF33-45B0-B1D2-F35636735C0C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1443736 2021-01-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {7B968493-C808-453C-AB08-A6440EF76EB0} - System32\Tasks\UzmKUqQhrGyANHq2 => rundll32 "C:\Program Files (x86)\QugXxQbwU\ONlayX.dll",#1
Task: {81B2632C-3273-4ECF-B04D-36E198D07443} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-01] (Google Inc -> Google Inc.)
Task: {81B9185B-ADA9-48FE-8763-8F544126F2FD} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {8AA933C7-5082-4A3C-96DB-07B26B5F41B2} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3098912 2020-11-05] (Intel(R) System Usage Report -> Intel Corporation)
Task: {933D4A8E-A501-4B58-8260-6E00B0CFB785} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3098912 2020-11-05] (Intel(R) System Usage Report -> Intel Corporation)
Task: {99E44EF0-8595-4D4E-AF5F-D17E3860E0C3} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1321296 2016-06-02] (LENOVO -> Lenovo)
Task: {9A9C5F07-B0A9-49B2-B7B5-5D72D648850A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115048 2021-01-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {A60D256B-39AB-4B68-8D67-ADC7D7D4A3FF} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {B00900D1-39C0-4BB3-BA53-F74CF7E975C6} - System32\Tasks\Intel\Intel® Management and Security Status => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\\IMSS\PIconStartup.exe [232536 2020-06-08] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) -> "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\\IMSS\PrivacyIconClient.exe" 60
Task: {B0E5112A-38D2-47B9-A86C-8FD07196A859} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [895080 2020-10-28] (Bitdefender SRL -> Bitdefender)
Task: {C361693A-F229-4B99-A448-4E058C1AF819} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [868 2019-01-22] () [File not signed]
Task: {C38F725D-91FB-4A6B-B646-093F653FFE42} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [9944400 2016-06-02] (LENOVO -> Lenovo)
Task: {C57C9A4D-3EFE-48E3-9F93-D27B7DAC37C6} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {C5B860C1-DCA2-4BEC-8E5C-1DA75D363502} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618088 2020-07-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {C765356E-7E3B-4CF8-8BDA-3112EFF3CCF5} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [3649704 2016-04-14] (LENOVO -> Lenovo Group Limited)
Task: {CB7D403A-E6F6-4189-9255-2D27E8AB7269} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [263504 2016-06-02] (LENOVO -> )
Task: {DEFF96E3-62E9-4907-ACF8-C6B580E11124} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24612232 2021-01-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {E54C0D84-8B8F-42B6-8127-BE3C559F3DD6} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-26] (Dropbox, Inc -> Dropbox, Inc.)
Task: {E7890444-FCE2-4613-A99E-AE2509CDCEAE} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {EDEC8AFB-1AA7-4BA8-9ACF-3B151AE87870} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [1698000 2015-06-05] (Intel(R) Software -> Intel Corporation)
Task: {F90DB0B5-ED4C-4E90-A92D-2826EB14F3EE} - System32\Tasks\JcGMxmGFDydOUFycSnE2 => rundll32 "C:\Program Files (x86)\wdOFiWGfYwbQC\zczignd.dll",#1

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-1237113960-3301161054-180056513-1000.job => C:\Users\Owen_Laptop\AppData\Local\GoToMeeting\19228\g2mupdate.exe
Task: C:\windows\Tasks\G2MUploadTask-S-1-5-21-1237113960-3301161054-180056513-1000.job => C:\Users\Owen_Laptop\AppData\Local\GoToMeeting\19228\g2mupload.exe
Task: C:\windows\Tasks\Lenovo Active Protection System.job => C:\windows\system32\TpShUI.exe
Task: C:\windows\Tasks\Nok Nok LabsMFACUpdaterTaskMachineCore.job => C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe
Task: C:\windows\Tasks\Nok Nok LabsMFACUpdaterTaskMachineUA.job => C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{5C78E93E-5B44-4529-9B23-3D0393962E5F}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Owen_Laptop\AppData\Local\Microsoft\Edge\User Data\Default [2020-11-15]
Edge Notifications: Default -> hxxps://www.zdnet.com
Edge Session Restore: Default -> is enabled.
Edge HKLM-x32\...\Edge\Extension: [eofogjfkadmolbbmnlbohhbkhbodcjjm]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [FIDOaddon@noknok.com] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon
FF Extension: (MFAC Extension) - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon [2016-03-11] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [FIDOaddon@noknok.com] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-11-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-11-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-07-17] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.noknok.com/Nok Nok Labs MFACUpdater;version=3 -> C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\1.3.27.0\npGoogleUpdate3.dll [2016-03-11] (Nok Nok Labs, Inc. -> Nok Nok Labs Inc.)
FF Plugin-x32: @update.noknok.com/Nok Nok Labs MFACUpdater;version=9 -> C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\1.3.27.0\npGoogleUpdate3.dll [2016-03-11] (Nok Nok Labs, Inc. -> Nok Nok Labs Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-07-17] (Adobe Inc. -> Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Users\Owen_Laptop\AppData\Roaming\mozilla\plugins\npatgpc.dll [2019-07-19]

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default [2020-11-19]
CHR StartupUrls: Default -> "hxxps://www.facebook.com/","hxxp://www.reddit.com/"
CHR Extension: (Slides) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Entanglement Web App) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2016-09-30]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2016-09-30]
CHR Extension: (reddit companion) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe [2016-09-30]
CHR Extension: (Docs) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-15]
CHR Extension: (Audiotool) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2016-09-30]
CHR Extension: (YouTube) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-30]
CHR Extension: (Realm of the Mad God) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp [2016-09-30]
CHR Extension: (Bomomo) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnalbhgkcocoepphagnnlaiomnnngeln [2016-09-30]
CHR Extension: (Sheets) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Google Docs Offline) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-15]
CHR Extension: (Pastebin.com) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghipmampnddcpdlppkkamoankmkmcbmh [2018-05-20]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-11-15]
CHR Extension: (Cisco Webex Extension) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2020-06-22]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2020-10-07]
CHR Extension: (Steambirds: Survival) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcdhpokmalcfjnfkjlfncgekebcojinn [2016-09-30]
CHR Extension: (MFAC) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbgbpjganndfjjmlamggkkkjafblbahl [2016-10-01]
CHR Extension: (Poppit!) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2016-09-30]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2020-04-30]
CHR Extension: (Frontline Defense 2 HD) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nincmkjomngcmklpdkmdkioemlhdieim [2016-09-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-06]
CHR Extension: (Chess) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\npgkocgbnkibjgifkbgnepoebjgcamap [2018-06-25]
CHR Extension: (Gmail) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-15]
CHR Extension: (Chrome Media Router) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-15]
CHR Extension: (Canvas Rider) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2016-09-30]
CHR Profile: C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-01-20]
CHR Notifications: Profile 1 -> hxxps://calendar.google.com; hxxps://meet.google.com; hxxps://www.netflix.com
CHR Extension: (Slides) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-09-16]
CHR Extension: (Easy Image Downloader) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\agckcglooaipjmbeipibmbffnogjfdfb [2021-01-19]
CHR Extension: (Docs) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-09-16]
CHR Extension: (Google Drive) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-27]
CHR Extension: (YouTube) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-09-16]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-12-16]
CHR Extension: (Pushbullet) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2020-12-01]
CHR Extension: (Sheets) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-09-16]
CHR Extension: (Google Docs Offline) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-09-16]
CHR Extension: (Gmail) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-27]
CHR Extension: (Chrome Media Router) - C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-16]
CHR Profile: C:\Users\Owen_Laptop\AppData\Local\Google\Chrome\User Data\System Profile [2020-10-03]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [mbgbpjganndfjjmlamggkkkjafblbahl] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\Chrome\x86\FidoExtension.crx [2014-10-16]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088 2015-06-29] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [844856 2020-06-20] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11137416 2021-01-07] (Microsoft Corporation -> Microsoft Corporation)
R2 CoreService; C:\Program Files\Lenovo\Fingerprint Manager Pro\CoreService.exe [858896 2017-10-11] (Softex Incorporated -> Lenovo) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-26] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-26] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\windows\system32\DbxSvc.exe [44064 2021-01-13] (Dropbox, Inc -> Dropbox, Inc.)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-21] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [326160 2016-04-14] (LENOVO -> Lenovo.)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [532968 2018-05-19] (Intel Corporation -> Intel Corporation)
S3 Intel(R) WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-24] (Intel(R) Software Asset Manager -> Intel Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [395744 2015-01-14] (Intel(R) Wireless Display -> Intel)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [169176 2017-05-12] (Lenovo -> Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [114632 2015-07-13] (LENOVO -> Lenovo Group Limited)
S3 LenovoProdRegManager; C:\Program Files (x86)\Lenovo Registration\EngageService.exe [293416 2015-01-09] (Leader Technologies Inc -> Aviata, Inc.)
S2 LPlatSvc; C:\windows\system32\LPlatSvc.exe [892760 2018-12-25] (Lenovo -> Lenovo.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (LENOVO -> Lenovo)
R2 MaskVPNService; C:\Program Files (x86)\MaskVPN\mask_svc.exe [7493560 2020-08-06] (Global Media (Thailand) Co., Ltd -> Global Media (Thailand) Co., Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-19] (Malwarebytes Inc -> Malwarebytes)
R2 McNeelUpdate; C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [68192 2002-02-02] (Robert McNeel and Associates -> Robert McNeel & Associates) [File not signed]
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [275200 2020-10-16] (TEFINCOM S.A. -> TEFINCOM S.A.)
S2 omaha; C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [148224 2016-03-11] (Nok Nok Labs, Inc. -> Nok Nok Labs Inc.)
S3 omaham; C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [148224 2016-03-11] (Nok Nok Labs, Inc. -> Nok Nok Labs Inc.)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1355768 2020-10-28] (Bitdefender SRL -> Bitdefender)
R2 valWBFPolicyService; C:\windows\system32\valWBFPolicyService.exe [95016 2016-08-01] (Synaptics Inc. -> Synaptics Incorporated)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 3dxhid; C:\windows\System32\DRIVERS\3dxhid.sys [50032 2019-09-03] (3Dconnexion SAM -> 3Dconnexion SAM)
S3 btmaudio; C:\windows\System32\drivers\btmaud.sys [99272 2018-05-16] (Intel Corporation -> Motorola Solutions, Inc.)
S3 btmaux; C:\windows\System32\DRIVERS\btmaux.sys [156616 2018-05-16] (Intel Corporation -> Motorola Solutions, Inc.)
S3 btmhsf; C:\windows\System32\DRIVERS\btmhsf.sys [1566152 2018-05-16] (Intel Corporation -> Motorola Solutions, Inc.)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [153312 2021-01-19] (Malwarebytes Corporation -> Malwarebytes)
S3 FiioE17; C:\windows\System32\drivers\FiioE17.sys [64464 2012-11-26] (Galaxy Far East Corp. -> Windows (R) Win 7 DDK provider)
S3 KMJHidMini; C:\windows\System32\DRIVERS\3dxkmj.sys [18944 2019-09-03] (3Dconnextion Inc.) [File not signed]
S3 KMJShim; C:\windows\System32\DRIVERS\3dxshim.sys [7168 2019-09-03] (3Dconnextion Inc.) [File not signed]
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [220160 2021-01-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [197792 2021-01-20] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [77496 2021-01-20] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\mbamswissarmy.sys [248992 2021-01-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\windows\System32\DRIVERS\mwac.sys [129648 2021-01-20] (Malwarebytes Inc -> Malwarebytes)
S2 NDivert; C:\windows\System32\DRIVERS\NDivert.sys [92360 2020-12-29] (TEFINCOM S.A. -> )
R3 nlwt; C:\windows\System32\DRIVERS\nlwt.sys [29888 2020-06-10] (TEFINCOM S.A. -> WireGuard LLC)
R1 nordlwf; C:\windows\System32\DRIVERS\nordlwf.sys [29384 2020-12-14] (TEFINCOM S.A. -> TEFINCOM S.A.)
R1 npcap; C:\windows\System32\DRIVERS\npcap.sys [74040 2019-03-24] (Insecure.Com LLC -> Insecure.Com LLC.)
R1 OMNISMI; C:\windows\SysWOW64\drivers\omnismi.sys [14776 2015-03-04] (Softex Incorporated -> )
R1 pefndis; C:\windows\System32\DRIVERS\pefndis.sys [72408 2016-10-21] (Microsoft Corporation -> Microsoft Corporation)
R0 PMDRVS; C:\windows\System32\DRIVERS\pmdrvs.sys [44160 2018-12-25] (Lenovo -> Lenovo.)
S3 rtux64w7; C:\windows\System32\DRIVERS\rtux64w7.sys [275200 2015-10-20] (Realtek Semiconductor Corp -> Realtek)
R3 SPUVCbv; C:\windows\System32\Drivers\SPUVCbv_x64.sys [700008 2015-10-05] (Sunplus Innovation Technology Inc. -> Sunplus)
R3 tap0901; C:\windows\System32\DRIVERS\tap0901.sys [27136 2018-08-29] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapnordvpn; C:\windows\System32\DRIVERS\tapnordvpn.sys [35592 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
R3 usb3Hub; C:\windows\System32\DRIVERS\usb3Hub.sys [212056 2015-01-14] (Intel(R) Wireless Display -> Windows (R) Win 7 DDK provider)
S3 vpnva; C:\windows\System32\DRIVERS\vpnva64-6.sys [52592 2016-02-29] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S3 wfpcapture; C:\windows\System32\Drivers\wfpcapture.sys [64728 2016-10-21] (Microsoft Corporation -> Microsoft Corporation)
S3 xb1usb; C:\windows\System32\DRIVERS\xb1usb.sys [42760 2016-02-21] (Windows Central Build Account - X -> Microsoft Corporation)
S3 mfeaack01; \Device\mfeaack01.sys [X]
U4 npcap_wifi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-20 14:58 - 2021-01-20 14:59 - 000047946 _____ C:\Users\Owen_Laptop\Downloads\FRST.txt
2021-01-20 14:58 - 2021-01-20 14:59 - 000000000 ____D C:\FRST
2021-01-20 14:57 - 2021-01-20 14:58 - 002295808 _____ (Farbar) C:\Users\Owen_Laptop\Downloads\FRST64.exe
2021-01-20 14:35 - 2021-01-20 14:35 - 000000000 ____D C:\Users\Owen_Laptop\AppData\LocalLow\IGDump
2021-01-20 11:54 - 2021-01-20 11:54 - 000000575 _____ C:\Users\Owen_Laptop\Desktop\medosinger.zip
2021-01-20 11:52 - 2021-01-20 11:52 - 000000665 _____ C:\Users\Owen_Laptop\Desktop\medosinger.txt
2021-01-20 11:09 - 2021-01-20 11:09 - 000003648 _____ C:\windows\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2021-01-20 11:09 - 2021-01-20 11:09 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2021-01-20 11:07 - 2021-01-20 11:20 - 000000000 ____D C:\Program Files\Bitdefender Agent
2021-01-20 11:07 - 2021-01-20 11:07 - 000116132 _____ C:\ProgramData\agent.1611158834.bdinstall.v2.bin
2021-01-20 11:07 - 2021-01-20 11:07 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2021-01-20 11:05 - 2021-01-20 11:06 - 013543384 _____ C:\Users\Owen_Laptop\Downloads\bitdefender_online.exe
2021-01-20 10:23 - 2021-01-20 10:23 - 000077496 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2021-01-20 10:22 - 2021-01-20 10:22 - 000197792 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2021-01-20 10:22 - 2021-01-20 10:22 - 000129648 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2021-01-20 10:04 - 2021-01-20 10:22 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2021-01-20 10:04 - 2021-01-20 10:19 - 000000000 ____D C:\Users\Owen_Laptop\Desktop\mbar
2021-01-20 10:04 - 2021-01-20 10:04 - 000255928 _____ (Malwarebytes) C:\windows\system32\Drivers\65C75250.sys
2021-01-20 10:03 - 2021-01-20 10:03 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Owen_Laptop\Downloads\mbar-1.10.3.1001.exe
2021-01-20 09:48 - 2021-01-20 09:48 - 000036525 _____ C:\Users\Owen_Laptop\Documents\*****.txt
2021-01-20 09:35 - 2021-01-20 09:36 - 061483296 _____ (Wireshark development team) C:\Users\Owen_Laptop\Downloads\Wireshark-win64-3.4.2.exe
2021-01-20 09:26 - 2021-01-20 11:14 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\CrashDumps
2021-01-19 16:37 - 2021-01-19 16:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-01-19 14:10 - 2021-01-19 14:10 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2021-01-19 14:10 - 2021-01-19 14:10 - 000000000 ___HD C:\ProgramData\Documents\AdobeGC
2021-01-19 13:44 - 2021-01-19 13:44 - 000248992 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2021-01-19 13:44 - 2021-01-19 13:44 - 000220160 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2021-01-19 13:44 - 2021-01-19 13:44 - 000001971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-01-19 13:44 - 2021-01-19 13:44 - 000001959 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-01-19 13:44 - 2021-01-19 13:44 - 000001959 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-01-19 13:44 - 2021-01-19 13:44 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\mbam
2021-01-19 13:43 - 2021-01-20 10:04 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-19 13:43 - 2021-01-19 13:43 - 002086424 _____ (Malwarebytes) C:\Users\Owen_Laptop\Downloads\MBSetup.exe
2021-01-19 13:43 - 2021-01-19 13:43 - 000153312 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2021-01-19 13:43 - 2021-01-19 13:43 - 000000000 ____D C:\Program Files\Malwarebytes
2021-01-19 13:39 - 2021-01-19 13:39 - 000000000 _____ C:\PECED.tmp
2021-01-19 12:57 - 2021-01-20 09:43 - 000000000 ____D C:\Program Files (x86)\fHUWuxXUrIE
2021-01-19 12:57 - 2021-01-19 12:57 - 000003202 _____ C:\windows\system32\Tasks\RGxYjFwHxEIKfk
2021-01-19 12:57 - 2021-01-19 12:57 - 000002872 _____ C:\windows\system32\Tasks\jKWAiJPrCvRiPvBmI2
2021-01-19 12:57 - 2021-01-19 12:57 - 000002860 _____ C:\windows\system32\Tasks\JcGMxmGFDydOUFycSnE2
2021-01-19 12:57 - 2021-01-19 12:57 - 000002850 _____ C:\windows\system32\Tasks\UzmKUqQhrGyANHq2
2021-01-19 12:56 - 2021-01-19 12:56 - 001564823 _____ C:\ProgramData\6071
2021-01-19 12:56 - 2021-01-19 12:56 - 001564823 _____ C:\ProgramData\5360
2021-01-19 12:56 - 2021-01-19 12:56 - 000253960 _____ (Cisco Webex LLC) C:\Users\Owen_Laptop\Downloads\webex.exe
2021-01-19 12:56 - 2021-01-19 12:56 - 000000000 ____D C:\ProgramData\60
2021-01-19 12:56 - 2021-01-19 12:56 - 000000000 ____D C:\ProgramData\53
2021-01-19 12:15 - 2021-01-19 12:33 - 000000000 ____D C:\Users\Owen_Laptop\Downloads\Autodesk Revit 2019 Patched Multilanguage
2021-01-19 12:13 - 2021-01-19 14:14 - 000000000 ____D C:\Users\Owen_Laptop\Documents\update_z
2021-01-19 12:07 - 2021-01-19 12:07 - 001564823 _____ C:\ProgramData\6273
2021-01-19 12:07 - 2021-01-19 12:07 - 001564823 _____ C:\ProgramData\5765
2021-01-19 12:07 - 2021-01-19 12:07 - 000000000 ____D C:\ProgramData\7GVM7R9GJGA542MVRG1DEUYXA
2021-01-19 12:07 - 2021-01-19 12:07 - 000000000 ____D C:\ProgramData\62
2021-01-19 12:07 - 2021-01-19 12:07 - 000000000 ____D C:\ProgramData\57
2021-01-19 11:59 - 2021-01-19 11:59 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\Xxu
2021-01-19 11:58 - 2021-01-20 09:44 - 000000000 ____D C:\Program Files (x86)\wdOFiWGfYwbQC
2021-01-19 11:58 - 2021-01-20 09:44 - 000000000 ____D C:\Program Files (x86)\JZkvhlsaTPvVqBWGjRR
2021-01-19 11:58 - 2021-01-20 09:43 - 000000000 ____D C:\Program Files (x86)\QugXxQbwU
2021-01-19 11:58 - 2021-01-20 09:43 - 000000000 ____D C:\Program Files (x86)\DRNUeEkNNVUn
2021-01-19 11:58 - 2021-01-19 14:15 - 000000000 ____D C:\Program Files (x86)\iZzTXVUzpkLU2
2021-01-19 11:58 - 2021-01-19 11:58 - 000040960 _____ (Microsoft Corporation) C:\windows\system32\rfxvmt.dll
2021-01-19 11:57 - 2021-01-19 12:59 - 000000000 ____D C:\Users\Owen_Laptop\AppData\LocalLow\pF2qC1gG7yH8hI1o
2021-01-19 11:57 - 2021-01-19 12:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MarginTrade
2021-01-19 11:57 - 2021-01-19 12:55 - 000000258 __RSH C:\Users\Owen_Laptop\ntuser.pol
2021-01-19 11:57 - 2021-01-19 11:57 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Roaming\FDAMEtjSLj
2021-01-19 11:56 - 2021-01-19 14:15 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Roaming\AdvancedTimer
2021-01-19 11:56 - 2021-01-19 12:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alex
2021-01-19 11:56 - 2021-01-19 12:57 - 000000000 ____D C:\Program Files (x86)\Alex
2021-01-19 11:56 - 2021-01-19 11:56 - 000000000 ____D C:\Program Files (x86)\CryptoSignalPro_3
2021-01-19 11:55 - 2021-01-19 12:56 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll
2021-01-19 11:55 - 2021-01-19 11:56 - 000000000 ____D C:\Program Files (x86)\MaskVPN
2021-01-19 11:55 - 2021-01-19 11:55 - 000003562 _____ C:\windows\system32\Tasks\WinZip Update Notifier 2
2021-01-19 11:55 - 2021-01-19 11:55 - 000003560 _____ C:\windows\system32\Tasks\WinZip Update Notifier 3
2021-01-19 11:55 - 2021-01-19 11:55 - 000003560 _____ C:\windows\system32\Tasks\WinZip Update Notifier 1
2021-01-19 11:55 - 2018-08-29 15:48 - 000027136 _____ (The OpenVPN Project) C:\windows\system32\Drivers\tap0901.sys
2021-01-19 11:54 - 2021-01-20 11:54 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\WinZip
2021-01-19 11:54 - 2021-01-20 11:54 - 000000000 ____D C:\ProgramData\WinZip
2021-01-19 11:54 - 2021-01-19 12:56 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll
2021-01-19 11:54 - 2021-01-19 12:56 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2021-01-19 11:54 - 2021-01-19 12:56 - 000000000 ____D C:\ProgramData\CP8Z9ZN3KMVU03RJRFJ2Y5TWZ
2021-01-19 11:54 - 2021-01-19 12:56 - 000000000 ____D C:\Program Files (x86)\Versium Research
2021-01-19 11:54 - 2021-01-19 12:55 - 000000000 ____D C:\Program Files (x86)\Vict1
2021-01-19 11:54 - 2021-01-19 12:06 - 000000000 ____D C:\Users\Owen_Laptop\AppData\LocalLow\eE8sF0yG2eQ6fT7
2021-01-19 11:54 - 2021-01-19 11:54 - 001564823 _____ C:\ProgramData\6578
2021-01-19 11:54 - 2021-01-19 11:54 - 001564823 _____ C:\ProgramData\4751
2021-01-19 11:54 - 2021-01-19 11:54 - 000002029 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip.lnk
2021-01-19 11:54 - 2021-01-19 11:54 - 000001929 _____ C:\Users\Public\Desktop\WinZip.lnk
2021-01-19 11:54 - 2021-01-19 11:54 - 000001929 _____ C:\ProgramData\Desktop\WinZip.lnk
2021-01-19 11:54 - 2021-01-19 11:54 - 000000000 ____D C:\ProgramData\UniqueId
2021-01-19 11:54 - 2021-01-19 11:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2021-01-19 11:54 - 2021-01-19 11:54 - 000000000 ____D C:\ProgramData\65
2021-01-19 11:54 - 2021-01-19 11:54 - 000000000 ____D C:\ProgramData\47
2021-01-19 11:54 - 2021-01-19 11:54 - 000000000 ____D C:\Program Files\WinZip
2021-01-19 11:53 - 2021-01-19 12:55 - 000000000 ____D C:\Program Files (x86)\TakeMyFile
2021-01-19 11:53 - 2021-01-19 11:53 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\AdvinstAnalytics
2021-01-19 11:53 - 2019-05-22 19:10 - 000967720 _____ (NVIDIA Corporation) C:\windows\NvPluginAbHubClient32.dll
2021-01-19 11:52 - 2021-01-19 12:56 - 000000000 ____D C:\Program Files (x86)\1I_6BR0W53I3
2021-01-19 10:45 - 2021-01-19 11:12 - 000000000 ____D C:\Users\Owen_Laptop\Downloads\Autodesk Revit 2019 19.0.2 v5864 + Patch + Multi
2021-01-19 10:44 - 2021-01-19 10:44 - 000000000 ____D C:\ProgramData\Lavasoft
2021-01-19 08:14 - 2021-01-19 08:14 - 015664226 _____ C:\Users\Owen_Laptop\Downloads\TD CAD Files.zip
2021-01-18 15:02 - 2021-01-18 15:02 - 000004485 _____ C:\Users\Owen_Laptop\Downloads\invite (1).ics
2021-01-18 14:57 - 2021-01-18 14:57 - 000004464 _____ C:\Users\Owen_Laptop\Downloads\invite.ics
2021-01-18 10:51 - 2021-01-18 10:51 - 000336843 _____ C:\Users\Owen_Laptop\Downloads\Byrne Specification Sheet for Product BE02520-2-2-Z-Z353-U1-72.pdf
2021-01-15 18:59 - 2021-01-15 18:59 - 000000000 ____D C:\Users\Owen_Laptop\Downloads\221997215849-architecture_wood_fine-wood_dark-wood_burl-walnut-dark-wood-texture-seamless-04265
2021-01-15 18:58 - 2021-01-15 18:59 - 000000000 ____D C:\Users\Owen_Laptop\Downloads\221997215917-architecture_wood_fine-wood_medium-wood_walnut-wood-fine-medium-color-texture-seamless-04495
2021-01-15 18:58 - 2021-01-15 18:58 - 001187549 _____ C:\Users\Owen_Laptop\Downloads\221997215917-architecture_wood_fine-wood_medium-wood_walnut-wood-fine-medium-color-texture-seamless-04495.zip
2021-01-15 18:57 - 2021-01-15 18:57 - 000905046 _____ C:\Users\Owen_Laptop\Downloads\221997215849-architecture_wood_fine-wood_dark-wood_burl-walnut-dark-wood-texture-seamless-04265.zip
2021-01-15 08:57 - 2021-01-20 10:23 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\BitTorrentHelper
2021-01-15 08:39 - 2021-01-20 10:25 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Roaming\uTorrent Web
2021-01-15 08:39 - 2021-01-19 12:03 - 000001879 _____ C:\Users\Owen_Laptop\Desktop\uTorrent Web.lnk
2021-01-15 08:39 - 2021-01-19 12:03 - 000001865 _____ C:\Users\Owen_Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk
2021-01-15 08:37 - 2021-01-15 08:40 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\NordVPN
2021-01-15 08:37 - 2021-01-15 08:37 - 000001770 _____ C:\Users\Owen_Laptop\Desktop\NordVPN.lnk
2021-01-15 08:37 - 2021-01-15 08:37 - 000000000 ____D C:\ProgramData\NordVPN
2021-01-15 08:37 - 2021-01-15 08:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2021-01-15 08:37 - 2021-01-15 08:37 - 000000000 ____D C:\Program Files\NordVPN network TUN
2021-01-15 08:37 - 2021-01-15 08:37 - 000000000 ____D C:\Program Files\NordVPN
2021-01-15 08:37 - 2021-01-15 08:37 - 000000000 ____D C:\Program Files (x86)\NordVPN network TAP
2021-01-15 08:37 - 2020-12-29 17:02 - 000092360 _____ C:\windows\system32\Drivers\NDivert.sys
2021-01-15 08:37 - 2020-12-14 10:21 - 000029384 _____ (TEFINCOM S.A.) C:\windows\system32\Drivers\nordlwf.sys
2021-01-15 08:35 - 2021-01-15 08:36 - 020707128 _____ (TEFINCOM S.A. ) C:\Users\Owen_Laptop\Downloads\NordVPNSetup.exe
2021-01-14 09:18 - 2021-01-14 09:29 - 000212288 _____ C:\Users\Owen_Laptop\Desktop\MFA_filebar_updated1-14.pdf
2021-01-13 21:43 - 2021-01-13 21:43 - 000047600 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-stable.sys
2021-01-13 21:43 - 2021-01-13 21:43 - 000047600 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-dev.sys
2021-01-13 21:43 - 2021-01-13 21:43 - 000047600 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-canary.sys
2021-01-13 21:43 - 2021-01-13 21:43 - 000047600 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx.sys
2021-01-13 21:43 - 2021-01-13 21:43 - 000044064 _____ (Dropbox, Inc.) C:\windows\system32\DbxSvc.exe
2021-01-13 14:56 - 2021-01-13 14:56 - 000023684 _____ C:\Users\Owen_Laptop\Desktop\MFA_console_1inch_sheet1.nc
2021-01-13 14:54 - 2021-01-13 14:54 - 000023681 _____ C:\Users\Owen_Laptop\Desktop\MFA_console_3-4_sheet3.nc
2021-01-13 14:34 - 2021-01-13 14:36 - 000113963 _____ C:\Users\Owen_Laptop\Desktop\MFA_console_3-4_sheet2.nc
2021-01-13 14:33 - 2021-01-13 14:33 - 000114384 _____ C:\Users\Owen_Laptop\Desktop\MFA_console_3-4_sheet1.nc
2021-01-13 10:32 - 2021-01-13 10:32 - 000001314 _____ C:\Users\Owen_Laptop\Desktop\ADI_BRT_panels_sheet4.nc
2021-01-13 10:28 - 2021-01-13 10:28 - 000001211 _____ C:\Users\Owen_Laptop\Desktop\ADI_BRT_panels_sheet3.nc
2021-01-13 10:27 - 2021-01-13 10:27 - 000002787 _____ C:\Users\Owen_Laptop\Desktop\ADI_BRT_panels_sheet2.nc
2021-01-13 10:22 - 2021-01-13 10:22 - 000004124 _____ C:\Users\Owen_Laptop\Desktop\ADI_BRT_panels_sheet1.nc
2021-01-13 10:04 - 2021-01-13 10:04 - 000070658 _____ C:\Users\Owen_Laptop\Desktop\ADI_BRT_panels.dxf
2021-01-13 09:12 - 2021-01-13 09:12 - 020096430 _____ C:\Users\Owen_Laptop\Downloads\19 12 23_ANALOG DEVICES_BLDG 7- 3RD FLOOR_OVERALL (1).dwg
2021-01-12 14:37 - 2021-01-15 18:58 - 000000000 ____D C:\Users\Owen_Laptop\Downloads\218272923732-architecture_wood_fine-wood_light-wood_ash-fine-wood-texture-seamless-16836
2021-01-12 14:36 - 2021-01-12 14:37 - 001022468 _____ C:\Users\Owen_Laptop\Downloads\218272923732-architecture_wood_fine-wood_light-wood_ash-fine-wood-texture-seamless-16836.zip
2021-01-12 13:56 - 2021-01-12 13:56 - 038751697 _____ C:\Users\Owen_Laptop\Desktop\ERDL Skketchup Template.skp
2021-01-12 10:56 - 2021-01-12 10:56 - 000013695 _____ C:\Users\Owen_Laptop\Desktop\ADI_BRT_Berm_lattice-extras2.nc
2021-01-12 10:03 - 2021-01-12 10:03 - 000186043 _____ C:\Users\Owen_Laptop\Desktop\MFA_Console_parts.dwg.dxf
2021-01-12 10:01 - 2021-01-12 10:01 - 000062160 _____ C:\Users\Owen_Laptop\Desktop\MFA_Console_parts.dwg
2021-01-12 08:42 - 2021-01-12 08:42 - 000003204 _____ C:\Users\Owen_Laptop\Desktop\ADI_BRT_Berm_lattice-extras.nc
2021-01-11 17:00 - 2021-01-11 17:00 - 000016141 _____ C:\Users\Owen_Laptop\Desktop\ADI_Berm_nosing_FINAL CUT.nc
2021-01-11 16:20 - 2021-01-11 16:20 - 000061428 _____ C:\Users\Owen_Laptop\Desktop\ADI_BRT_Berm_lattice.nc
2021-01-11 15:55 - 2021-01-11 15:55 - 000147557 _____ C:\Users\Owen_Laptop\Desktop\ADI_BRT_Berm_lattice.dxf
2021-01-11 15:24 - 2021-01-11 15:24 - 000005408 _____ C:\Users\Owen_Laptop\Downloads\ADI_aluminum_recuts.dxf
2021-01-11 14:30 - 2021-01-11 14:30 - 000000791 _____ C:\Users\Owen_Laptop\Desktop\frequency_banquette_template-2.nc
2021-01-11 14:28 - 2021-01-11 14:28 - 000018265 _____ C:\Users\Owen_Laptop\Desktop\frequency_banquette_template-1.nc
2021-01-11 14:23 - 2021-01-11 14:23 - 000082420 _____ C:\Users\Owen_Laptop\Desktop\Frequency_banquette_template.dxf
2021-01-11 13:23 - 2021-01-11 13:23 - 000479125 _____ C:\Users\Owen_Laptop\Desktop\ADI_Berm_nosing_2.nc
2021-01-11 10:53 - 2021-01-11 10:53 - 000011040 _____ C:\Users\Owen_Laptop\Downloads\ADI_alum_profile_Curves.dxf
2021-01-11 08:36 - 2021-01-11 08:36 - 001153979 _____ C:\Users\Owen_Laptop\Desktop\ADI_Berm_nosing.nc
2021-01-08 16:22 - 2021-01-08 16:22 - 000058460 _____ C:\Users\Owen_Laptop\Desktop\adi_berm_nosing_outline.dwg.dxf
2021-01-08 16:22 - 2021-01-08 16:22 - 000025117 _____ C:\Users\Owen_Laptop\Desktop\adi_berm_nosing_outline.dwg
2021-01-08 15:55 - 2021-01-08 16:06 - 000060514 _____ C:\Users\Owen_Laptop\Desktop\ADI_Berm_Nosing2.obj
2021-01-08 15:55 - 2021-01-08 16:06 - 000000334 _____ C:\Users\Owen_Laptop\Desktop\ADI_Berm_Nosing2.mtl
2021-01-08 15:01 - 2021-01-08 15:01 - 000057995 _____ C:\Users\Owen_Laptop\Desktop\ADI_Berm_Nosing.obj
2021-01-08 15:01 - 2021-01-08 15:01 - 000000334 _____ C:\Users\Owen_Laptop\Desktop\ADI_Berm_Nosing.mtl
2021-01-08 12:44 - 2021-01-08 12:44 - 020096430 _____ C:\Users\Owen_Laptop\Downloads\19 12 23_ANALOG DEVICES_BLDG 7- 3RD FLOOR_OVERALL.dwg
2021-01-08 10:03 - 2021-01-08 10:03 - 000005536 _____ C:\Users\Owen_Laptop\Downloads\MFA_console_steel_top.dxf
2021-01-08 08:37 - 2021-01-08 08:52 - 000005536 _____ C:\Users\Owen_Laptop\Desktop\MFA_console_steel_top.dxf
2021-01-07 15:02 - 2021-01-07 15:02 - 000001374 _____ C:\Users\Owen_Laptop\Desktop\Vitrine_doorblocks_lastpass_recut.nc
2021-01-07 14:27 - 2021-01-07 14:28 - 108802048 _____ C:\Users\Owen_Laptop\Downloads\17004_AddisonSt_Struct_v2018_NEW0319.rvt
2021-01-07 10:24 - 2021-01-07 10:25 - 000052479 _____ C:\Users\Owen_Laptop\Desktop\adi_angledsurround_kick_assembly.pdf
2021-01-07 10:07 - 2021-01-07 14:27 - 051079294 _____ C:\Users\Owen_Laptop\Desktop\ADI_angledsurround_kick.layout
2021-01-07 10:07 - 2021-01-07 10:07 - 051014920 _____ C:\Users\Owen_Laptop\Desktop\Backup of ADI_angledsurround_kick.layout
2021-01-07 10:04 - 2021-01-07 10:04 - 000006459 _____ C:\Users\Owen_Laptop\Desktop\ADI_angledsurround_kick.nc
2021-01-07 09:43 - 2021-01-07 09:43 - 000056168 _____ C:\Users\Owen_Laptop\Desktop\ADI_angled_kick_interior.dxf
2021-01-06 16:06 - 2021-01-06 16:06 - 000124916 _____ C:\Users\Owen_Laptop\Desktop\Vitrine_doorblocks.nc
2021-01-06 12:59 - 2020-12-26 11:11 - 000932329 _____ C:\Users\Owen_Laptop\Documents\144Addison.skb
2021-01-06 12:48 - 2021-01-06 12:48 - 000163233 _____ C:\Users\Owen_Laptop\Downloads\Landmark Vitrine deadbolt mockup.skp
2021-01-05 15:25 - 2021-01-05 15:25 - 000007677 _____ C:\Users\Owen_Laptop\Desktop\ADI_AdminSurround_Panel34.nc
2021-01-05 15:25 - 2021-01-05 15:25 - 000004230 _____ C:\Users\Owen_Laptop\Desktop\ADI_AdminSurround_Panel2.nc
2021-01-05 15:24 - 2021-01-05 15:24 - 000004232 _____ C:\Users\Owen_Laptop\Desktop\ADI_AdminSurround_Panel1.nc
2021-01-05 14:07 - 2021-01-05 14:07 - 000007613 _____ C:\Users\Owen_Laptop\Desktop\ADI_AngledSurround_Panel34.nc
2021-01-05 13:28 - 2021-01-05 13:28 - 000007638 _____ C:\Users\Owen_Laptop\Desktop\ADI_AngledSurrounds_Panel34.nc
2021-01-05 13:05 - 2021-01-05 14:07 - 000004240 _____ C:\Users\Owen_Laptop\Desktop\ADI_AngledSurround_Panel2.nc
2021-01-05 13:04 - 2021-01-05 14:07 - 000004201 _____ C:\Users\Owen_Laptop\Desktop\ADI_AngledSurround_Panel1.nc
2021-01-04 14:30 - 2021-01-04 14:30 - 000017861 _____ C:\Users\Owen_Laptop\Desktop\ADI_surrounds_ENDCAP-RECUT5.nc
2021-01-04 14:27 - 2021-01-04 14:39 - 000042514 _____ C:\Users\Owen_Laptop\Desktop\ADI_surrounds_ENDCAP-RECUT12.nc
2021-01-04 11:36 - 2021-01-04 11:36 - 000024997 _____ C:\Users\Owen_Laptop\Desktop\ADI_surrounds_ENDCAP-RECUT_final7.nc
2021-01-04 11:16 - 2021-01-04 11:16 - 118932633 _____ C:\Users\Owen_Laptop\Downloads\REFERENCE 144 Addison_Architecture_100 DD CD SET (1).pdf
2021-01-04 10:55 - 2021-01-04 10:55 - 000042948 _____ C:\Users\Owen_Laptop\Desktop\ADI_surrounds_ENDCAP-RECUT_FULLSHEET.nc
2021-01-04 09:40 - 2021-01-04 09:40 - 000014604 _____ C:\Users\Owen_Laptop\Desktop\ADI_surrounds_ENDCAP-RECUT.nc
2020-12-31 15:06 - 2020-12-31 15:21 - 000000000 ____D C:\Users\Owen_Laptop\Downloads\Grubstreet Pics
2020-12-31 15:05 - 2020-12-31 15:05 - 001664817 _____ C:\Users\Owen_Laptop\Downloads\IMG_0469.jpeg
2020-12-31 15:04 - 2020-12-31 15:04 - 001972874 _____ C:\Users\Owen_Laptop\Downloads\IMG_8141.jpeg
2020-12-31 15:03 - 2020-12-31 15:04 - 073800673 _____ C:\Users\Owen_Laptop\Downloads\iCloud Photos (3).zip
2020-12-29 14:58 - 2020-12-29 14:58 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\GameAnalytics
2020-12-29 11:26 - 2020-12-29 11:26 - 000005427 _____ C:\Users\Owen_Laptop\Downloads\ERDL.tools
2020-12-29 09:51 - 2020-12-29 09:51 - 000462756 _____ C:\Users\Owen_Laptop\Downloads\A-102_ LEVEL 2 PLAN Rev.0 markup (2).pdf
2020-12-29 09:23 - 2020-12-29 09:23 - 000000000 ____D C:\Users\Owen_Laptop\Downloads\engagementPics
2020-12-29 09:17 - 2020-12-29 09:19 - 156911369 _____ C:\Users\Owen_Laptop\Downloads\iCloud Photos (2).zip
2020-12-28 11:42 - 2020-12-28 11:42 - 000000223 _____ C:\Users\Owen_Laptop\Desktop\Hades.url
2020-12-28 11:09 - 2020-12-28 11:10 - 000262230 _____ C:\Users\Owen_Laptop\Desktop\MFA_EA-Pods_REVISED28DEC2020.pdf
2020-12-28 11:05 - 2020-12-28 11:16 - 007357744 _____ C:\Users\Owen_Laptop\Desktop\MFA_EA-Pods_REVISED28DEC2020.layout
2020-12-28 11:05 - 2020-12-28 11:10 - 007357744 _____ C:\Users\Owen_Laptop\Desktop\Backup of MFA_EA-Pods_REVISED28DEC2020.layout
2020-12-26 21:09 - 2020-12-26 21:09 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Roaming\paradox-launcher-v2
2020-12-26 21:03 - 2020-12-26 21:03 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Roaming\Paradox Interactive
2020-12-26 20:59 - 2020-12-26 20:59 - 000000000 ____D C:\Users\Owen_Laptop\Documents\Paradox Interactive
2020-12-26 20:59 - 2020-12-26 20:59 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\Paradox Interactive
2020-12-26 18:01 - 2020-12-26 18:01 - 000000222 _____ C:\Users\Owen_Laptop\Desktop\Stellaris.url
2020-12-26 16:24 - 2020-12-26 16:24 - 000003616 _____ C:\windows\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2020-12-26 16:24 - 2020-12-26 16:24 - 000003370 _____ C:\windows\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2020-12-26 16:23 - 2020-12-26 16:23 - 004986456 _____ (Intel) C:\Users\Owen_Laptop\Downloads\Intel-Driver-and-Support-Assistant-Installer.exe
2020-12-26 16:23 - 2020-12-26 16:23 - 000001532 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk
2020-12-26 12:26 - 2020-12-26 12:26 - 000000000 ____D C:\Users\Owen_Laptop\AppData\LocalLow\IronOak Games
2020-12-26 12:20 - 2020-12-26 12:20 - 000000222 _____ C:\Users\Owen_Laptop\Desktop\For The King.url
2020-12-26 11:11 - 2021-01-06 12:59 - 000975979 _____ C:\Users\Owen_Laptop\Documents\144Addison.skp
2020-12-23 09:11 - 2020-12-23 09:11 - 000001194 _____ C:\Users\Owen_Laptop\Desktop\MFA_filebar_stonetop.nc
2020-12-22 16:17 - 2020-12-22 16:18 - 092154565 _____ C:\Users\Owen_Laptop\Downloads\Addendum 2 _ 144 Addison_Architecture_100 DD.pdf
2020-12-22 15:32 - 2020-12-22 15:32 - 000613240 _____ C:\Users\Owen_Laptop\Downloads\Erik Rueda - 144 Addison Final Scope 7OCT20.pdf
2020-12-22 11:21 - 2020-12-22 11:22 - 118932633 _____ C:\Users\Owen_Laptop\Downloads\REFERENCE 144 Addison_Architecture_100 DD CD SET.pdf
2020-12-21 13:06 - 2020-12-21 13:06 - 000036869 _____ C:\Users\Owen_Laptop\Downloads\59df2d96-d618-4f4b-bb6c-d513efb30911 (1).pdf
2020-12-21 13:03 - 2020-12-21 13:03 - 000036869 _____ C:\Users\Owen_Laptop\Downloads\59df2d96-d618-4f4b-bb6c-d513efb30911.pdf
2020-12-21 13:02 - 2020-12-21 13:02 - 000098761 _____ C:\Users\Owen_Laptop\Downloads\6e1c8650-4827-44d6-9e58-6702de99130c.pdf
2020-12-21 13:02 - 2020-12-21 13:02 - 000061607 _____ C:\Users\Owen_Laptop\Downloads\8912c6fe-4910-476e-9083-1d3d2d36ca8f.pdf
2020-12-21 12:16 - 2020-12-21 12:16 - 005832855 _____ (UserBenchmark.com) C:\Users\Owen_Laptop\Downloads\UserBenchMark.exe
2020-12-21 10:54 - 2020-12-21 10:54 - 012486266 _____ C:\Users\Owen_Laptop\Downloads\Flass_dental.pdf
2020-12-21 10:54 - 2020-12-21 10:54 - 000000000 ____D C:\Users\Owen_Laptop\Downloads\iCloud Photos
2020-12-21 10:52 - 2020-12-21 10:52 - 012480999 _____ C:\Users\Owen_Laptop\Downloads\IMG_0339-converted.pdf
2020-12-21 10:43 - 2020-12-21 10:43 - 000000000 ____D C:\Users\Owen_Laptop\Downloads\iCloud Photos (1)
2020-12-21 10:37 - 2020-12-21 10:38 - 012545968 _____ C:\Users\Owen_Laptop\Downloads\iCloud Photos (1).zip
2020-12-21 10:35 - 2020-12-21 10:35 - 003225540 _____ C:\Users\Owen_Laptop\Downloads\iCloud Photos.zip

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-20 14:56 - 2020-11-04 11:29 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Roaming\Slack
2021-01-20 14:52 - 2020-10-26 12:40 - 000000918 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2021-01-20 14:42 - 2020-03-28 13:27 - 000000574 _____ C:\windows\Tasks\G2MUpdateTask-S-1-5-21-1237113960-3301161054-180056513-1000.job
2021-01-20 14:38 - 2016-03-11 17:29 - 000000952 _____ C:\windows\Tasks\Nok Nok LabsMFACUpdaterTaskMachineUA.job
2021-01-20 14:34 - 2016-03-11 17:29 - 000000948 _____ C:\windows\Tasks\Nok Nok LabsMFACUpdaterTaskMachineCore.job
2021-01-20 14:06 - 2020-03-28 13:27 - 000000670 _____ C:\windows\Tasks\G2MUploadTask-S-1-5-21-1237113960-3301161054-180056513-1000.job
2021-01-20 10:30 - 2009-07-14 00:13 - 001251482 _____ C:\windows\system32\PerfStringBackup.INI
2021-01-20 10:30 - 2009-07-13 23:45 - 000035744 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-01-20 10:30 - 2009-07-13 23:45 - 000035744 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-01-20 10:25 - 2017-07-04 10:18 - 000000000 ____D C:\Program Files (x86)\Steam
2021-01-20 10:24 - 2016-09-30 14:45 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\Spotify
2021-01-20 10:22 - 2020-10-26 12:40 - 000000914 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2021-01-20 10:22 - 2018-02-15 16:50 - 000000000 ____D C:\ProgramData\Synaptics
2021-01-20 10:22 - 2017-04-17 10:16 - 000000222 _____ C:\windows\Tasks\Lenovo Active Protection System.job
2021-01-20 10:22 - 2016-10-01 03:21 - 000000180 _____ C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-01-20 10:22 - 2016-10-01 03:21 - 000000000 __SHD C:\Users\Owen_Laptop\IntelGraphicsProfiles
2021-01-20 10:22 - 2016-09-30 14:45 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Roaming\Spotify
2021-01-20 10:22 - 2009-07-14 00:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2021-01-20 10:21 - 2019-07-19 12:45 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\WebEx
2021-01-20 09:44 - 2019-05-18 09:57 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Roaming\Wireshark
2021-01-20 09:44 - 2009-07-13 22:20 - 000000000 ____D C:\windows\Branding
2021-01-20 09:22 - 2017-01-17 16:50 - 000004968 __RSH C:\ProgramData\ntuser.pol
2021-01-20 08:16 - 2020-05-18 12:21 - 000003380 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-20 08:16 - 2020-05-18 12:21 - 000003252 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-19 16:37 - 2020-10-26 12:40 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-01-19 13:01 - 2019-07-19 12:45 - 000000000 ____D C:\Users\Owen_Laptop\AppData\LocalLow\WebEx
2021-01-19 12:58 - 2016-12-20 18:38 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Roaming\uTorrent
2021-01-19 12:55 - 2016-10-01 03:21 - 000000000 ____D C:\Users\Owen_Laptop
2021-01-19 12:05 - 2016-10-01 03:22 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\Deployment
2021-01-19 12:04 - 2020-10-20 10:28 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Roaming\Code
2021-01-19 12:01 - 2009-07-13 23:45 - 000436632 _____ C:\windows\system32\FNTCACHE.DAT
2021-01-19 11:58 - 2009-07-13 22:20 - 000000000 ___HD C:\windows\system32\GroupPolicy
2021-01-19 11:55 - 2009-07-13 22:20 - 000000000 ____D C:\windows\inf
2021-01-19 10:43 - 2016-12-20 18:42 - 000000872 _____ C:\Users\Owen_Laptop\Desktop\µTorrent.lnk
2021-01-19 10:43 - 2016-12-20 18:42 - 000000852 _____ C:\Users\Owen_Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2021-01-18 14:58 - 2020-01-30 15:24 - 000002332 _____ C:\Users\Owen_Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-01-18 14:58 - 2019-08-16 11:10 - 000002324 _____ C:\Users\Owen_Laptop\Desktop\Microsoft Teams.lnk
2021-01-18 14:58 - 2019-08-16 11:10 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\SquirrelTemp
2021-01-15 18:55 - 2020-07-19 12:42 - 000000000 __RHD C:\Users\Owen_Laptop\Creative Cloud Files
2021-01-15 13:56 - 2016-03-11 17:31 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-15 13:55 - 2016-03-11 17:31 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-01-15 08:05 - 2020-07-19 12:36 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-01-15 08:05 - 2020-07-19 12:36 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2021-01-13 10:04 - 2020-12-01 11:36 - 000000000 _____ C:\Users\Owen_Laptop\Desktop\Audit report.txt
2021-01-12 14:18 - 2020-11-30 10:38 - 000000000 ___HD C:\adobeTemp
2021-01-12 09:08 - 2020-11-04 11:29 - 000002171 _____ C:\Users\Owen_Laptop\Desktop\Slack.lnk
2021-01-12 09:08 - 2020-11-04 11:29 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc
2021-01-12 09:08 - 2020-11-04 11:29 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\slack
2021-01-11 14:51 - 2016-10-01 03:23 - 000002235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-11 14:51 - 2016-10-01 03:23 - 000002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-11 14:51 - 2016-10-01 03:23 - 000002194 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-01-10 12:54 - 2020-05-18 12:22 - 000002234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-10 12:54 - 2020-05-18 12:22 - 000002193 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-01-10 12:54 - 2020-05-18 12:22 - 000002193 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-01-06 08:44 - 2016-09-30 14:54 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Roaming\Autodesk
2020-12-28 11:42 - 2020-02-10 20:56 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2020-12-26 16:24 - 2016-03-11 17:17 - 000000000 ____D C:\ProgramData\Package Cache
2020-12-26 16:23 - 2016-03-11 17:16 - 000000000 ____D C:\ProgramData\Intel
2020-12-26 16:23 - 2016-03-11 17:16 - 000000000 ____D C:\Program Files\Intel
2020-12-26 16:23 - 2016-03-11 17:16 - 000000000 ____D C:\Program Files (x86)\Intel
2020-12-23 10:53 - 2020-03-28 13:27 - 000003714 _____ C:\windows\system32\Tasks\G2MUploadTask-S-1-5-21-1237113960-3301161054-180056513-1000
2020-12-23 10:53 - 2020-03-28 13:27 - 000003618 _____ C:\windows\system32\Tasks\G2MUpdateTask-S-1-5-21-1237113960-3301161054-180056513-1000
2020-12-23 10:53 - 2020-03-28 13:27 - 000000000 ____D C:\Users\Owen_Laptop\AppData\Local\GoToMeeting

==================== Files in the root of some directories ========

2021-01-19 11:54 - 2021-01-19 12:56 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll
2021-01-19 11:54 - 2021-01-19 12:56 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2021-01-19 11:55 - 2021-01-19 12:56 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
2021-01-19 11:55 - 2021-01-19 12:56 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll
2021-01-19 11:55 - 2021-01-19 12:56 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
2020-07-19 17:42 - 2020-07-19 17:42 - 000000000 _____ () C:\Users\Owen_Laptop\AppData\Local\oobelibMkey.log
2017-01-08 15:33 - 2017-01-08 15:33 - 000007609 _____ () C:\Users\Owen_Laptop\AppData\Local\Resmon.ResmonCfg
2016-12-31 01:46 - 2016-12-31 01:46 - 000000000 _____ () C:\Users\Owen_Laptop\AppData\Local\{868F2A3A-3028-4B71-A7F2-58BE3407864A}
2017-01-07 18:58 - 2017-01-07 18:58 - 000000000 _____ () C:\Users\Owen_Laptop\AppData\Local\{8BAF8997-9911-4EDC-9507-FC83D8469D35}
2019-12-06 08:48 - 2019-12-06 08:48 - 000000000 _____ () C:\Users\Owen_Laptop\AppData\Local\{A6E1AC67-6BCA-4923-93D6-D7CA0B061713}
2017-01-13 12:23 - 2017-01-13 12:23 - 000000000 _____ () C:\Users\Owen_Laptop\AppData\Local\{F2ABD796-9629-42CF-9DA9-32EADF1FA43B}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-01-12 16:59
==================== End of FRST.txt ========================


And attached is the addition.txt.

Addition.txt

Link to post
Share on other sites

Hiya owenflass,

Thanks for those logs, continue:

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

The following directories are emptied:
 
  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin


Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

user posted image

The system will be rebooted after the fix has run.

Next,

Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Clsoe out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply



Next,

Download "Microsoft's Safety Scanner" and save direct to the desktop

Ensure to get the correct version for your system....

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download


Right click on the Tool, select Run as Administrator the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\msert.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Thanks,

Kevin...

fixlist.txt

Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.