WD's My Cloud NAS Drives Have Been Vulnerable Since 2017 - Tom's Hardware |
| WD's My Cloud NAS Drives Have Been Vulnerable Since 2017 - Tom's Hardware Posted: 20 Sep 2018 12:00 AM PDT
Many people like being able to access their files no matter what device they're using. That's why services like Dropbox, Google Drive, iCloud and OneDrive have become all but ubiquitous. It's also why companies like Western Digital offer connected drives like the My Cloud products, but in that particular case, a security flaw means the person who owns the drive isn't the only one who can access its contents. Securify's Remco Vermeulen and Exploitee.rs independently found and disclosed a major authentication bypass flaw in My Cloud products in 2017. Vermeulen said he disclosed the problem to Western Digital last April but never received a response from the company. Exploitee.rs also said it contacted Western Digital about the problem last year and even publicly discussed it at Def Con 25, but its warnings also fell on deaf ears. The flaw in question allows someone to gain administrator access to a My Cloud drive without a password. Vermeulen said that person could "run commands that would normally require admin privileges and gain complete control of the My Cloud device." He proved this on a My Cloud model WDBCTL0020HWT running firmware version 2.30.172 but said other models likely bear the same flaw because they use the same code. Vermeulen and Exploitee.rs both developed proofs of concept demonstrating the flaw in action. It doesn't appear to be particularly difficult--Vermeulen's demo was presented in a GIF--and could probably be exploited by amateurs now that the flaw has been disclosed to the public. Western Digital hasn't developed a fix yet, either, but a year-and-a-half of silence left the researchers little choice but to go public. We couldn't find public acknowledgement of this vulnerability from Western Digital on its website, blog, or Twitter account. The company has responded directly to some Twitter users, however, and linked to an unlisted blog post it quietly published on September 19. In it, the company said that My Cloud Home devices aren't affected and that it plans to address the vulnerability with a firmware update "within a few weeks." Western Digital also seemed keen on downplaying its slow response to Vermeulen and Exploitee.rs' disclosures. "Western Digital works continuously to improve the capability and security of our products, including with the security research community to address issues they may uncover. We encourage responsible disclosure by customers and researchers to ensure our customers are protected while we address valid vulnerabilities," it said in its blog post. My Cloud device owners are encouraged to enable automatic updates to make sure their devices aren't affected by this flaw as soon as possible. |
| Posted: 20 Apr 2020 12:00 AM PDT  So everything started when I left my computer open for a day then restart it, open a game launcher then it said there was no internet connection while there was clearly one. I tried the basics troubleshooting and then I restart the pc. Then when it booted up I noticed a new chrome shortcut on my desktop and some of my shortcut have been changed or removed. My chrome also seemed like it reinstalled itself, no history no extensions excepts Mcafee that I noticed. Another thing is that my chrome is in Turkish by default. my avast keeps saying you're not protected with a big red cross on it along with malwarebytes and window defender. Sometimes it just reverted back to normal tho, don't know what's up with that. But I tried to troubleshoot avast by starting the service as administrator but It said that access is denied. Anyway here's the log: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-04-2020 Ran by sandoitchi san (administrator) on SANDWICH (Dell Inc. Vostro 3902) (20-04-2020 14:57:39) Running from D:\Desktop Loaded Profiles: sandoitchi san (Available Profiles: Admin-PC & sandoitchi san) Platform: Windows 10 Enterprise Version 1803 17134.1425 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe (Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <2> (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe <2> (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\setup\New_14020961\instup.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\SetupInf.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe (Avast Software s.r.o. -> Avast Software) C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe (CobianSoft, Luis Cobian) [File not signed] C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Famatech Corp. -> Famatech Corp.) C:\Windows\SysWOW64\rserver30\FamItrfc.Exe <2> (Famatech Corp. -> Famatech Corp.) C:\Windows\SysWOW64\rserver30\rserver3.exe (Hewlett-Packard Company -> HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe (Hewlett-Packard Company -> HP) C:\Windows\System32\HPSIsvc.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel® Extreme Tuning Utility -> Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe (Kristjan Skutta -> ) F:\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe (Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (Luis Cobian, CobianSoft) [File not signed] C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2> (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <4> (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Runtime Software, LLC -> Runtime Software) [File not signed] C:\Program Files (x86)\Runtime Software\DriveImage XML\dixml.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [108216 2020-04-15] (Avast Software s.r.o. -> AVAST Software) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18630280 2018-05-07] (Logitech Inc -> Logitech Inc.) HKLM\...\Run: [MRT] => C:\WINDOWS\system32\MRT.exe [121542864 2020-03-12] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3022416 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1851040 2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2084920 2019-09-27] (Adobe Inc. -> Adobe Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft) [File not signed] HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKLM-x32\...\Winlogon: [Shell] explorer.exe, "" HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134306476\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134312315\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134307360\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134312487\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-1800782405-3950550235-2960516043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134311563\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-09-25] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-1800782405-3950550235-2960516043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134311563\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Admin-PC\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" HKU\S-1-5-21-1800782405-3950550235-2960516043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134311563\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Admin-PC\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" HKU\S-1-5-21-1800782405-3950550235-2960516043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134311563\...\RunOnce: [Uninstall 19.174.0902.0013\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Admin-PC\AppData\Local\Microsoft\OneDrive\19.174.0902.0013\amd64" HKU\S-1-5-21-1800782405-3950550235-2960516043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134311563\...\RunOnce: [Uninstall 19.174.0902.0013] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Admin-PC\AppData\Local\Microsoft\OneDrive\19.174.0902.0013" HKU\S-1-5-21-1800782405-3950550235-2960516043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134315042\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-09-25] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-1800782405-3950550235-2960516043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134315042\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Admin-PC\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" HKU\S-1-5-21-1800782405-3950550235-2960516043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134315042\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Admin-PC\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" HKU\S-1-5-21-1800782405-3950550235-2960516043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134315042\...\RunOnce: [Uninstall 19.174.0902.0013\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Admin-PC\AppData\Local\Microsoft\OneDrive\19.174.0902.0013\amd64" HKU\S-1-5-21-1800782405-3950550235-2960516043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134315042\...\RunOnce: [Uninstall 19.174.0902.0013] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Admin-PC\AppData\Local\Microsoft\OneDrive\19.174.0902.0013" HKU\S-1-5-21-1800782405-3950550235-2960516043-1002\...\Run: [OneDrive] => "C:\Users\piemp\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background HKU\S-1-5-21-1800782405-3950550235-2960516043-1002\...\Run: [Steam] => F:\Steam\steam.exe [3371296 2020-04-04] (Valve -> Valve Corporation) HKU\S-1-5-21-1800782405-3950550235-2960516043-1002\...\Run: [Discord] => C:\Users\piemp\AppData\Local\Discord\app-0.0.306\Discord.exe HKU\S-1-5-21-1800782405-3950550235-2960516043-1002\...\Run: [EpicGamesLauncher] => D:\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [31736720 2020-04-11] (Epic Games Inc. -> Epic Games, Inc.) HKU\S-1-5-21-1800782405-3950550235-2960516043-1002\...\Run: [T1813733TT4] => C:\WINDOWS\system32\673843201528l.exe HKU\S-1-5-21-1800782405-3950550235-2960516043-1002\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [867488 2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) HKU\S-1-5-21-1800782405-3950550235-2960516043-1002\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-09-25] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-1800782405-3950550235-2960516043-1002\...\Run: [WallpaperEngine] => F:\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe [2578936 2020-02-17] (Kristjan Skutta -> ) HKU\S-1-5-21-1800782405-3950550235-2960516043-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134308185\...\Run: [OneDrive] => "C:\Users\piemp\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background HKU\S-1-5-21-1800782405-3950550235-2960516043-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134308185\...\Run: [Steam] => F:\Steam\steam.exe [3371296 2020-04-04] (Valve -> Valve Corporation) HKU\S-1-5-21-1800782405-3950550235-2960516043-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134308185\...\Run: [Discord] => C:\Users\piemp\AppData\Local\Discord\app-0.0.306\Discord.exe HKU\S-1-5-21-1800782405-3950550235-2960516043-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134308185\...\Run: [EpicGamesLauncher] => D:\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [31736720 2020-04-11] (Epic Games Inc. -> Epic Games, Inc.) HKU\S-1-5-21-1800782405-3950550235-2960516043-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134308185\...\Run: [T1813733TT4] => C:\WINDOWS\system32\673843201528l.exe HKU\S-1-5-21-1800782405-3950550235-2960516043-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134308185\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [867488 2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) HKU\S-1-5-21-1800782405-3950550235-2960516043-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134308185\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-09-25] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-1800782405-3950550235-2960516043-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134308185\...\Run: [WallpaperEngine] => F:\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe [2578936 2020-02-17] (Kristjan Skutta -> ) HKU\S-1-5-21-1800782405-3950550235-2960516043-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134308185\...\RunOnce: [Application Restart #0] => C:\Windows\HelpPane.exe [1060864 2019-08-13] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-1800782405-3950550235-2960516043-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134312661\...\Run: [OneDrive] => "C:\Users\piemp\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background HKU\S-1-5-21-1800782405-3950550235-2960516043-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134312661\...\Run: [Steam] => F:\Steam\steam.exe [3371296 2020-04-04] (Valve -> Valve Corporation) HKU\S-1-5-21-1800782405-3950550235-2960516043-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134312661\...\Run: [Discord] => C:\Users\piemp\AppData\Local\Discord\app-0.0.306\Discord.exe HKU\S-1-5-21-1800782405-3950550235-2960516043-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134312661\...\Run: [EpicGamesLauncher] => D:\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [31736720 2020-04-11] (Epic Games Inc. -> Epic Games, Inc.) HKU\S-1-5-21-1800782405-3950550235-2960516043-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134312661\...\Run: [T1813733TT4] => C:\WINDOWS\system32\673843201528l.exe HKU\S-1-5-21-1800782405-3950550235-2960516043-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134312661\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [867488 2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) HKU\S-1-5-21-1800782405-3950550235-2960516043-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134312661\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-09-25] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-1800782405-3950550235-2960516043-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134312661\...\Run: [WallpaperEngine] => F:\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe [2578936 2020-02-17] (Kristjan Skutta -> ) HKU\S-1-5-21-1800782405-3950550235-2960516043-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134312661\...\RunOnce: [Application Restart #0] => C:\Windows\HelpPane.exe [1060864 2019-08-13] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.163\Installer\chrmstp.exe [2020-04-08] (Google LLC -> Google LLC) AlternateShell: 673843201528l.exe GroupPolicy: Restriction ? <==== ATTENTION FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {043A24D7-FA41-4DE8-ABD0-166FDCFD811F} - System32\Tasks\CAM => C:\Program Files (x86)\NZXT\CAM\CAM_V3.exe Task: {05324492-4668-423E-94C8-4A6EC9FF65BD} - System32\Tasks\{B2FD6EAF-853E-4288-8254-8E96F8AECBD5} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\GarenaLoLLCUTH\uninst.exe" Task: {0ABE1D44-E605-482C-A02B-4919AC813F5B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {0BEC29DF-DFEF-466B-8459-6674AE7046DB} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-06] (NVIDIA Corporation -> NVIDIA Corporation) Task: {0F1D208C-9304-4FFD-8858-E5E16C8A6BF1} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {0FCEE000-DEFC-423C-ABF7-9AD9432412D6} - System32\Tasks\AutoPico Daily Restart => C:\Users\Admin-PC\Desktop\New [Argument = folder\KSco10.1.5_MWTSoft\KMSpico Portable\AutoPico.exe /silent] Task: {1A76FC45-602A-42BF-8BE1-F205C1CDE331} - System32\Tasks\SafeZone scheduled Autoupdate 1478261200 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe Task: {2E274A54-CC6E-4BB0-B920-3613D3BA2F35} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1660520 2020-02-27] (Avast Software s.r.o. -> Avast Software) Task: {39E4D78C-81BD-4F24-8C29-832AC9DC1349} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {43FBA8EB-D6ED-4775-8692-7745F286ACDF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {471C510B-6B33-410E-B913-33A932145762} - System32\Tasks\{04A47E8B-6BC2-490E-B798-10F2C9345CC9} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.30.80.105/th/abandoninstall?page=tsMain Task: {4A1337C7-737E-4BE9-BBE2-0EA7807F71E0} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor) Task: {4B7F0F1C-70E5-44E3-9800-1BE753629FBD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.) Task: {4C6ADD85-EC5F-4F1D-B637-E2E2BEE4A2A2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {5B548397-5D73-4ADD-BE49-7EBD087632DE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems) Task: {5FEBF33C-3E57-472C-AE90-6BF0E61CBD9F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: {70B78117-7A37-4087-B5F9-5ED383D6E152} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302880 2019-12-09] (NVIDIA Corporation -> NVIDIA Corporation) Task: {8547ED73-3A0F-4149-9368-69091492D8C1} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {8B839AD1-EE32-4D50-B0C3-EDF0489F6363} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {8E658610-E657-4C43-8055-C9A8F96E5081} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-03-02] (Google Inc -> Google Inc.) Task: {928FC85F-F4D4-4DDB-8D2A-501DCA463EE1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {94325EB9-08D6-4B0D-BAB7-003CA1932EEA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: {9EF46141-E906-4E5A-B80A-4F36300152C6} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653848 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {A62E59BC-C69E-4AFC-8790-7C020A269D58} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3325032 2020-04-15] (Avast Software s.r.o. -> AVAST Software) Task: {A87F42C3-F808-462A-8B2C-497A7BB96AA1} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-piempiti_rex@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {B38A487E-0271-42A2-8BC4-A6C66FECDEBB} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1800782405-3950550235-2960516043-1002 => C:\Users\piemp\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {B990E9D5-A0E5-4135-AA18-66910B6FE81B} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {BD787A80-98E9-4347-9FB1-915CA9B9AC1D} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation) Task: {C60E74EE-F573-4BB8-A866-D5F3B0459BAE} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3022416 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {CF3D46D0-8D04-4543-B6B8-44057597C582} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {E536DFFA-24C1-4B04-A341-7CB72AD2C1E3} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1800782405-3950550235-2960516043-1001 => C:\Users\piemp\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {F828EFE6-D78A-4196-9F6A-DEDA199C176C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-03-02] (Google Inc -> Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{71dfbb84-d61b-4ebe-b6aa-63be24c01131}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{737b8f74-03a3-48a6-95ac-62e6eb8489eb}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{a702624b-c480-47df-a4dd-90543635112d}: [DhcpNameServer] 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{d97ce5af-b71a-4f39-b7cb-c3ef5d0cac80}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKU\S-1-5-21-1800782405-3950550235-2960516043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134311563\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.msn.com/?OCID=IE11FREDHP&PC=UF01 HKU\S-1-5-21-1800782405-3950550235-2960516043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134315042\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.msn.com/?OCID=IE11FREDHP&PC=UF01 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1800782405-3950550235-2960516043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134311563 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&PC=UF03 SearchScopes: HKU\S-1-5-21-1800782405-3950550235-2960516043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134311563 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&PC=UF03 SearchScopes: HKU\S-1-5-21-1800782405-3950550235-2960516043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134311563 -> {C790D2A1-58D3-490F-A7A2-787DB3EE16B4} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-1800782405-3950550235-2960516043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134315042 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&PC=UF03 SearchScopes: HKU\S-1-5-21-1800782405-3950550235-2960516043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134315042 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&PC=UF03 SearchScopes: HKU\S-1-5-21-1800782405-3950550235-2960516043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134315042 -> {C790D2A1-58D3-490F-A7A2-787DB3EE16B4} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-1800782405-3950550235-2960516043-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 SearchScopes: HKU\S-1-5-21-1800782405-3950550235-2960516043-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 SearchScopes: HKU\S-1-5-21-1800782405-3950550235-2960516043-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134308185 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 SearchScopes: HKU\S-1-5-21-1800782405-3950550235-2960516043-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134308185 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 SearchScopes: HKU\S-1-5-21-1800782405-3950550235-2960516043-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134312661 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 SearchScopes: HKU\S-1-5-21-1800782405-3950550235-2960516043-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134312661 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_221\bin\ssv.dll [2019-08-24] (Oracle America, Inc. -> Oracle Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-08-24] (Oracle America, Inc. -> Oracle Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-08-24] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-08-24] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-1800782405-3950550235-2960516043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134311563 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-1800782405-3950550235-2960516043-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134315042 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation) Edge HomeButtonPage: HKU\S-1-5-21-1800782405-3950550235-2960516043-1002 -> hxxp://www.youtube.com/ Edge Session Restore: HKU\S-1-5-21-1800782405-3950550235-2960516043-1002 -> is enabled. Edge Extension: (Translator For Microsoft Edge) -> MicrosoftTranslate_MicrosoftTranslatorforMicrosoftEdge_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.TranslatorforMicrosoftEdge_0.91.51.0_neutral__8wekyb3d8bbwe [2019-02-02] FF DefaultProfile: 100ojyeo.default FF ProfilePath: C:\Users\piemp\AppData\Roaming\Mozilla\Firefox\Profiles\100ojyeo.default [2019-11-15] FF ProfilePath: C:\Users\piemp\AppData\Roaming\Mozilla\Firefox\Profiles\n1tklitr.default-release [2020-03-02] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-03-02] [Legacy] [not signed] FF Plugin: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-08-24] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-08-24] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-09-27] (Adobe Inc. -> Adobe Systems) FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-08-24] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-08-24] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena\TalkTalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File] FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-09-27] (Adobe Inc. -> Adobe Systems) FF Plugin HKU\S-1-5-21-1800782405-3950550235-2960516043-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2020-03-27] (Ubisoft Entertainment Sweden AB -> ) FF Plugin HKU\S-1-5-21-1800782405-3950550235-2960516043-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134308185: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2020-03-27] (Ubisoft Entertainment Sweden AB -> ) FF Plugin HKU\S-1-5-21-1800782405-3950550235-2960516043-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202020134312661: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2020-03-27] (Ubisoft Entertainment Sweden AB -> ) CHR Profile: C:\Users\piemp\AppData\Local\Google\Chrome\User Data\Default [2020-04-20] CHR DownloadDir: D:\Desktop CHR Extension: (Slides) - C:\Users\piemp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-19] CHR Extension: (Docs) - C:\Users\piemp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-19] CHR Extension: (Google Drive) - C:\Users\piemp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-04-19] CHR Extension: (Adobe Acrobat) - C:\Users\piemp\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-04-19] CHR Extension: (Google Docs Offline) - C:\Users\piemp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-19] CHR Extension: (Chrome Web Store Payments) - C:\Users\piemp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-19] CHR Extension: (Chrome Media Router) - C:\Users\piemp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-20] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [823352 2019-09-27] (Adobe Inc. -> Adobe Inc.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3374160 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3103824 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-08-23] (Apple Inc. -> Apple Inc.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5504928 2020-04-15] (Avast Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [345384 2020-04-15] (Avast Software s.r.o. -> AVAST Software) R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [58048 2020-04-15] (Avast Software s.r.o. -> AVAST Software) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8567960 2020-03-25] (BattlEye Innovations e.K. -> ) R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed] R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-02-26] (Dropbox, Inc -> Dropbox, Inc.) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2020-02-28] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [361888 2012-07-25] (Hewlett-Packard Company -> HP) R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [126856 2012-11-08] (Hewlett-Packard Company -> HP) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-05-07] (Logitech Inc -> Logitech Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-04-19] (Malwarebytes Inc -> Malwarebytes) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-06] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-06] (NVIDIA Corporation -> NVIDIA Corporation) S3 Origin Client Service; F:\Origin\OriginClientService.exe [2495792 2020-04-08] (Electronic Arts, Inc. -> Electronic Arts) S2 Origin Web Helper Service; F:\Origin\OriginWebHelperService.exe [3447608 2020-04-08] (Electronic Arts, Inc. -> Electronic Arts) R2 RServer3; C:\Windows\SysWOW64\rserver30\RServer3.exe [1154752 2012-12-19] (Famatech Corp. -> Famatech Corp.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5327168 2020-03-31] (Microsoft Windows Publisher -> Microsoft Corporation) S0 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [604672 2020-03-31] (Microsoft Windows -> Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13216272 2020-03-20] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2020-02-27] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2020-02-27] (Microsoft Windows Publisher -> Microsoft Corporation) R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [18264 2017-09-27] (Intel® Extreme Tuning Utility -> Intel® Corporation) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37856 2020-04-15] (Avast Software s.r.o. -> AVAST Software) R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [206120 2020-04-15] (Avast Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [234776 2020-04-15] (Avast Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [178968 2020-04-15] (Avast Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [60696 2020-04-15] (Avast Software s.r.o. -> AVAST Software) R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2020-02-26] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software) R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42984 2020-04-15] (Avast Software s.r.o. -> AVAST Software) R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [175920 2020-04-15] (Avast Software s.r.o. -> AVAST Software) R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [492144 2020-04-15] (Avast Software s.r.o. -> AVAST Software) R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [109480 2020-04-15] (Avast Software s.r.o. -> AVAST Software) R0 AswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85056 2020-04-15] (Avast Software s.r.o. -> AVAST Software) R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851808 2020-04-15] (Avast Software s.r.o. -> AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [459408 2020-04-16] (Avast Software s.r.o. -> AVAST Software) R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [235696 2020-04-15] (Avast Software s.r.o. -> AVAST Software) R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [317280 2020-04-15] (Avast Software s.r.o. -> AVAST Software) S3 athur; C:\WINDOWS\System32\drivers\athuwbx.sys [2702336 2013-11-20] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-04-19] (Malwarebytes Corporation -> Malwarebytes) S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-04-05] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.) S3 HP1210FAX; C:\WINDOWS\System32\Drivers\HPM1210FAX.sys [16896 2012-11-08] (Microsoft Windows Hardware Compatibility Publisher -> ) R2 iocbios2; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [38424 2017-09-15] (Intel Corporation -> Intel Corporation) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-22] (Logitech -> Logitech) R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2018-05-07] (Logitech Inc -> Logitech Inc.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-04-19] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-04-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [195432 2020-04-20] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2020-04-20] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-04-20] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [124560 2020-04-20] (Malwarebytes Inc -> Malwarebytes) R1 mirrorv3; C:\WINDOWS\System32\drivers\rminiv3.sys [5632 2012-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Famatech International Corp.) S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.) R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [38216 2016-03-14] (SoftEther Corporation -> SoftEther Corporation) S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2014-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5ef913e2bcf39373\nvlddmkm.sys [23287696 2020-03-06] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-12-07] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-08-23] (NVIDIA Corporation -> NVIDIA Corporation) R1 raddrvv3; C:\Windows\SysWOW64\rserver30\raddrvv3.sys [71576 2012-12-19] (Famatech Corp. -> Famatech Corp.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-12] (Microsoft Windows -> Realtek ) R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [5707264 2018-04-12] (Microsoft Windows -> Realtek Semiconductor Corporation ) R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [51024 2016-05-06] (SoftEther Corporation -> SoftEther Corporation) S3 UniFairy; C:\WINDOWS\system32\UniFairy.sys [885224 2020-01-15] (Tencent Technology(Shenzhen) Company Limited -> TENCENT) S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) R3 VBAudioVACMME; C:\WINDOWS\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows ® Win 7 DDK provider) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2020-02-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2020-02-27] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2020-02-27] (Microsoft Windows -> Microsoft Corporation) S3 xhunter1; C:\WINDOWS\xhunter1.sys [2719256 2020-04-19] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) S3 xspirit; C:\WINDOWS\xspirit.sys [22912 2017-04-24] (Wellbia.com Co., Ltd. -> ) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-04-20 14:58 - 2020-04-20 14:58 - 472139789 _____ C:\Users\piemp\Documents\Drive_C.021 2020-04-20 14:55 - 2020-04-20 15:00 - 000000000 ____D C:\FRST 2020-04-20 14:54 - 2020-04-20 14:54 - 688128000 _____ C:\Users\piemp\Documents\Drive_C.020 2020-04-20 14:51 - 2020-04-20 14:51 - 688128000 _____ C:\Users\piemp\Documents\Drive_C.019 2020-04-20 14:50 - 2020-04-20 14:50 - 688128000 _____ C:\Users\piemp\Documents\Drive_C.018 2020-04-20 14:49 - 2020-04-20 14:49 - 688128000 _____ C:\Users\piemp\Documents\Drive_C.017 2020-04-20 14:48 - 2020-04-20 14:48 - 688128000 _____ C:\Users\piemp\Documents\Drive_C.016 2020-04-20 14:46 - 2020-04-20 14:46 - 688128000 _____ C:\Users\piemp\Documents\Drive_C.015 2020-04-20 14:45 - 2020-04-20 14:45 - 688128000 _____ C:\Users\piemp\Documents\Drive_C.014 2020-04-20 14:44 - 2020-04-20 14:44 - 688128000 _____ C:\Users\piemp\Documents\Drive_C.013 2020-04-20 14:42 - 2020-04-20 14:42 - 688128000 _____ C:\Users\piemp\Documents\Drive_C.012 2020-04-20 14:41 - 2020-04-20 14:41 - 688128000 _____ C:\Users\piemp\Documents\Drive_C.011 2020-04-20 14:40 - 2020-04-20 14:40 - 688128000 _____ C:\Users\piemp\Documents\Drive_C.010 2020-04-20 14:38 - 2020-04-20 14:38 - 688128000 _____ C:\Users\piemp\Documents\Drive_C.009 2020-04-20 14:36 - 2020-04-20 14:36 - 688128000 _____ C:\Users\piemp\Documents\Drive_C.008 2020-04-20 14:35 - 2020-04-20 14:35 - 688128000 _____ C:\Users\piemp\Documents\Drive_C.007 2020-04-20 14:34 - 2020-04-20 14:34 - 688128000 _____ C:\Users\piemp\Documents\Drive_C.006 2020-04-20 14:32 - 2020-04-20 14:32 - 688128000 _____ C:\Users\piemp\Documents\Drive_C.005 2020-04-20 14:31 - 2020-04-20 14:31 - 688128000 _____ C:\Users\piemp\Documents\Drive_C.004 2020-04-20 14:30 - 2020-04-20 14:30 - 688128000 _____ C:\Users\piemp\Documents\Drive_C.003 2020-04-20 14:27 - 2020-04-20 14:27 - 688128000 _____ C:\Users\piemp\Documents\Drive_C.002 2020-04-20 14:25 - 2020-04-20 14:25 - 688128000 _____ C:\Users\piemp\Documents\Drive_C.001 2020-04-20 14:23 - 2020-04-20 14:23 - 688128000 _____ C:\Users\piemp\Documents\Drive_C.dat 2020-04-20 14:23 - 2020-04-20 14:23 - 004038656 _____ C:\Users\piemp\Documents\Drive_C.xml 2020-04-20 14:18 - 2020-04-20 14:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software 2020-04-20 14:18 - 2020-04-20 14:18 - 000000000 ____D C:\Program Files (x86)\Runtime Software 2020-04-20 14:14 - 2020-04-15 02:31 - 000337048 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2020-04-20 14:13 - 2020-04-20 14:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11 2020-04-20 14:03 - 2020-04-20 14:13 - 000000000 ____D C:\Program Files (x86)\Cobian Backup 11 2020-04-20 13:58 - 2020-04-20 14:00 - 019709440 _____ (Luis Cobian, CobianSoft) C:\Users\piemp\Downloads\cbSetup.exe 2020-04-20 13:50 - 2020-04-20 14:11 - 000000000 ____D C:\Users\piemp\AppData\LocalLow\IGDump 2020-04-20 13:43 - 2020-04-20 13:43 - 000195432 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2020-04-20 13:43 - 2020-04-20 13:43 - 000124560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2020-04-20 13:43 - 2020-04-20 13:43 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2020-04-20 13:42 - 2020-04-20 13:42 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2020-04-20 02:05 - 2020-04-20 02:05 - 000000000 ____D C:\Users\piemp\AppData\Local\PeerDistRepub 2020-04-20 02:04 - 2020-04-20 13:38 - 000296922 _____ C:\WINDOWS\ntbtlog.txt 2020-04-20 02:04 - 2020-04-20 02:04 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2020-04-19 22:34 - 2020-04-19 22:44 - 000000000 ____D C:\Users\piemp\AppData\Local\CrashDumps 2020-04-19 22:23 - 2020-04-19 22:23 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2020-04-19 22:23 - 2020-04-19 22:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2020-04-19 22:22 - 2020-04-19 22:22 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2020-04-19 22:22 - 2020-04-19 22:22 - 000000000 ____D C:\ProgramData\Malwarebytes 2020-04-19 22:21 - 2020-04-19 22:21 - 001965536 _____ (Malwarebytes) C:\Users\piemp\Downloads\MBSetup (1).exe 2020-04-19 22:08 - 2020-04-19 22:13 - 000858912 _____ (Malwarebytes) C:\Users\piemp\Downloads\mb-clean-3.1.0.1035.exe 2020-04-19 22:05 - 2020-04-19 22:05 - 001965536 _____ (Malwarebytes) C:\Users\piemp\Downloads\MBSetup.exe 2020-04-19 22:03 - 2020-04-19 22:03 - 000000000 ____D C:\Users\piemp\AppData\Local\DBG 2020-04-19 21:35 - 2020-04-20 13:44 - 000000000 ____D C:\Users\piemp\AppData\Local\Adobe 2020-04-19 21:14 - 2020-04-19 22:02 - 000000000 ____D C:\Users\piemp\AppData\Local\D3DSCache 2020-04-19 21:14 - 2020-04-19 21:14 - 000000000 ____D C:\Users\piemp\AppData\Local\cache 2020-04-19 21:13 - 2020-04-19 21:13 - 000000000 ____D C:\Users\piemp\AppData\Local\mbam 2020-04-19 21:11 - 2020-04-19 21:11 - 000000000 ____D C:\Users\piemp\AppData\Local\mbamtray 2020-04-19 21:09 - 2020-04-19 21:09 - 000000000 ____D C:\Users\piemp\AppData\Local\VirtualStore 2020-04-19 21:07 - 2020-04-20 13:58 - 000000000 ____D C:\Users\piemp\AppData\Local\Google 2020-04-19 21:07 - 2020-04-19 21:07 - 000002400 _____ C:\Users\piemp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-04-19 20:55 - 2020-04-19 20:55 - 000000000 ____D C:\Users\piemp\AppData\Local\Comms 2020-04-19 20:51 - 2020-04-19 20:51 - 000002372 _____ C:\Users\piemp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2020-04-15 10:32 - 2020-03-31 17:00 - 002203448 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll 2020-04-15 10:32 - 2020-03-31 16:57 - 001639352 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2020-04-15 10:32 - 2020-03-31 16:57 - 001631600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2020-04-15 10:32 - 2020-03-31 16:57 - 000790720 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2020-04-15 10:32 - 2020-03-31 16:57 - 000489832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll 2020-04-15 10:32 - 2020-03-31 16:57 - 000396088 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2020-04-15 10:32 - 2020-03-31 16:55 - 000720000 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2020-04-15 10:32 - 2020-03-31 16:44 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2020-04-15 10:32 - 2020-03-31 16:44 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2020-04-15 10:32 - 2020-03-31 16:44 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll 2020-04-15 10:32 - 2020-03-31 16:40 - 003613184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2020-04-15 10:32 - 2020-03-31 16:39 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll 2020-04-15 10:32 - 2020-03-31 16:38 - 002823168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe 2020-04-15 10:32 - 2020-03-31 16:38 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2020-04-15 10:32 - 2020-03-31 16:37 - 000375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSATAPI.dll 2020-04-15 10:32 - 2020-03-31 16:37 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll 2020-04-15 10:32 - 2020-03-31 16:05 - 001452600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2020-04-15 10:32 - 2020-03-31 16:03 - 000662624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2020-04-15 10:32 - 2020-03-31 16:03 - 000322376 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2020-04-15 10:32 - 2020-03-31 16:02 - 001627168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2020-04-15 10:32 - 2020-03-31 15:57 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2020-04-15 10:32 - 2020-03-31 15:53 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2020-04-15 10:32 - 2020-03-31 15:53 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2020-04-15 10:32 - 2020-03-31 15:53 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll 2020-04-15 10:32 - 2020-03-31 15:46 - 000307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSATAPI.dll 2020-04-15 10:32 - 2020-03-31 15:45 - 002881024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2020-04-15 10:32 - 2020-03-31 15:45 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2020-04-15 10:32 - 2020-03-31 11:35 - 000076104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2020-04-15 10:32 - 2020-03-31 11:34 - 001224520 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2020-04-15 10:32 - 2020-03-31 11:34 - 001027400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2020-04-15 10:32 - 2020-03-31 11:34 - 000568112 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2020-04-15 10:32 - 2020-03-31 11:34 - 000362056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll 2020-04-15 10:32 - 2020-03-31 11:33 - 009080632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2020-04-15 10:32 - 2020-03-31 11:33 - 007519904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2020-04-15 10:32 - 2020-03-31 11:33 - 002809672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2020-04-15 10:32 - 2020-03-31 11:33 - 002571336 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2020-04-15 10:32 - 2020-03-31 11:33 - 002551984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2020-04-15 10:32 - 2020-03-31 11:33 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2020-04-15 10:32 - 2020-03-31 11:33 - 001766400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2020-04-15 10:32 - 2020-03-31 11:33 - 001459128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2020-04-15 10:32 - 2020-03-31 11:33 - 001288728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2020-04-15 10:32 - 2020-03-31 11:33 - 001260792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2020-04-15 10:32 - 2020-03-31 11:33 - 001141512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2020-04-15 10:32 - 2020-03-31 11:33 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2020-04-15 10:32 - 2020-03-31 11:33 - 000983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2020-04-15 10:32 - 2020-03-31 11:33 - 000899736 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2020-04-15 10:32 - 2020-03-31 11:33 - 000790344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2020-04-15 10:32 - 2020-03-31 11:33 - 000413000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2020-04-15 10:32 - 2020-03-31 11:33 - 000287376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll 2020-04-15 10:32 - 2020-03-31 11:32 - 006569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2020-04-15 10:32 - 2020-03-31 11:32 - 002520704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2020-04-15 10:32 - 2020-03-31 11:32 - 001979200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2020-04-15 10:32 - 2020-03-31 11:32 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2020-04-15 10:32 - 2020-03-31 11:32 - 001513048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2020-04-15 10:32 - 2020-03-31 11:32 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2020-04-15 10:32 - 2020-03-31 11:32 - 001020064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2020-04-15 10:32 - 2020-03-31 11:32 - 000720688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll 2020-04-15 10:32 - 2020-03-31 11:16 - 019394048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2020-04-15 10:32 - 2020-03-31 11:12 - 005769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2020-04-15 10:32 - 2020-03-31 11:12 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll 2020-04-15 10:32 - 2020-03-31 11:12 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll 2020-04-15 10:32 - 2020-03-31 11:12 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll 2020-04-15 10:32 - 2020-03-31 11:12 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe 2020-04-15 10:32 - 2020-03-31 11:11 - 022745600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2020-04-15 10:32 - 2020-03-31 11:11 - 001444864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll 2020-04-15 10:32 - 2020-03-31 11:11 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll 2020-04-15 10:32 - 2020-03-31 11:11 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll 2020-04-15 10:32 - 2020-03-31 11:09 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll 2020-04-15 10:32 - 2020-03-31 11:09 - 000053248 _____ C:\WINDOWS\system32\runexehelper.exe 2020-04-15 10:32 - 2020-03-31 11:08 - 001143808 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll 2020-04-15 10:32 - 2020-03-31 11:08 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll 2020-04-15 10:32 - 2020-03-31 11:08 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll 2020-04-15 10:32 - 2020-03-31 11:08 - 000670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2020-04-15 10:32 - 2020-03-31 11:08 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2020-04-15 10:32 - 2020-03-31 11:08 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll 2020-04-15 10:32 - 2020-03-31 11:08 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll 2020-04-15 10:32 - 2020-03-31 11:07 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll 2020-04-15 10:32 - 2020-03-31 11:07 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll 2020-04-15 10:32 - 2020-03-31 11:06 - 007571968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2020-04-15 10:32 - 2020-03-31 11:06 - 003098624 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2020-04-15 10:32 - 2020-03-31 11:06 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll 2020-04-15 10:32 - 2020-03-31 11:06 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll 2020-04-15 10:32 - 2020-03-31 11:05 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll 2020-04-15 10:32 - 2020-03-31 11:04 - 002920960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2020-04-15 10:32 - 2020-03-31 11:04 - 002158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2020-04-15 10:32 - 2020-03-31 11:04 - 001806848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2020-04-15 10:32 - 2020-03-31 11:04 - 001459712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2020-04-15 10:32 - 2020-03-31 11:04 - 000604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll 2020-04-15 10:32 - 2020-03-31 11:03 - 001217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll 2020-04-15 10:32 - 2020-03-31 11:03 - 000961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2020-04-15 10:32 - 2020-03-31 11:03 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2020-04-15 10:32 - 2020-03-31 11:03 - 000546304 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2020-04-15 10:32 - 2020-03-31 09:46 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim 2020-04-15 10:32 - 2020-03-27 04:24 - 001616608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2020-04-15 10:32 - 2020-03-26 23:20 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll 2020-04-15 10:32 - 2020-03-26 22:33 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll 2020-04-15 10:32 - 2020-03-26 21:04 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2020-04-15 10:32 - 2020-03-26 20:54 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2020-04-15 10:32 - 2020-03-26 20:34 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll 2020-04-15 10:32 - 2020-03-26 20:32 - 004516864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2020-04-15 10:32 - 2020-03-26 20:31 - 004937216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2020-04-15 10:32 - 2020-03-24 23:24 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2020-04-15 10:32 - 2020-03-24 23:24 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2020-04-15 10:32 - 2020-03-24 23:24 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2020-04-15 10:32 - 2020-03-24 23:24 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll 2020-04-15 10:32 - 2020-03-04 19:25 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2020-04-15 10:32 - 2020-03-04 19:25 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2020-04-15 10:32 - 2020-03-04 19:25 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2020-04-15 10:32 - 2020-03-04 19:25 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2020-04-15 10:32 - 2020-03-04 19:25 - 000638264 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2020-04-15 10:32 - 2020-03-04 19:25 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2020-04-15 10:32 - 2020-03-04 19:25 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2020-04-15 10:32 - 2020-03-04 19:25 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2020-04-15 10:32 - 2020-03-04 19:25 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll 2020-04-15 10:32 - 2020-03-04 19:12 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2020-04-15 10:32 - 2020-03-04 19:11 - 004127808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2020-04-15 10:32 - 2020-03-04 18:46 - 000738304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll 2020-04-15 10:32 - 2020-03-04 18:45 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys 2020-04-15 10:32 - 2020-03-04 18:44 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe 2020-04-15 10:32 - 2020-03-04 18:42 - 000464896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe 2020-04-15 10:32 - 2020-03-04 18:01 - 003770408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2020-04-15 10:32 - 2020-03-04 17:46 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll 2020-04-15 10:32 - 2020-03-04 14:28 - 000515384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2020-04-15 10:32 - 2020-03-04 14:28 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2020-04-15 10:32 - 2020-03-04 14:28 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2020-04-15 10:32 - 2020-03-04 14:25 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2020-04-15 10:32 - 2020-03-04 14:24 - 000275008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe 2020-04-15 10:32 - 2020-03-04 14:23 - 000769072 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll 2020-04-15 10:32 - 2020-03-04 14:23 - 000500536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2020-04-15 10:32 - 2020-03-04 14:23 - 000433168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2020-04-15 10:32 - 2020-03-04 14:23 - 000228152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2020-04-15 10:32 - 2020-03-04 14:22 - 001030672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2020-04-15 10:32 - 2020-03-04 14:22 - 000150536 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll 2020-04-15 10:32 - 2020-03-04 14:19 - 000526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll 2020-04-15 10:32 - 2020-03-04 14:17 - 000124688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll 2020-04-15 10:32 - 2020-03-04 13:59 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll 2020-04-15 10:32 - 2020-03-04 13:59 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll 2020-04-15 10:32 - 2020-03-04 13:59 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys 2020-04-15 10:32 - 2020-03-04 13:58 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2020-04-15 10:32 - 2020-03-04 13:58 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2020-04-15 10:32 - 2020-03-04 13:57 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2020-04-15 10:32 - 2020-03-04 13:56 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll 2020-04-15 10:32 - 2020-03-04 13:55 - 000858624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll 2020-04-15 10:32 - 2020-03-04 13:55 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2020-04-15 10:32 - 2020-03-04 13:54 - 001419776 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2020-04-15 10:32 - 2020-03-04 13:54 - 001410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2020-04-15 10:32 - 2020-03-04 13:54 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2020-04-15 10:32 - 2020-03-04 13:54 - 000783872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2020-04-15 10:32 - 2020-03-04 13:53 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2020-04-15 02:31 - 2020-04-15 02:32 - 000492144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys 2020-04-15 02:31 - 2020-04-15 02:31 - 000235696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2020-04-15 02:31 - 2020-04-15 02:31 - 000175920 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2020-04-07 15:27 - 2020-04-07 15:27 - 000493205 _____ C:\Users\piemp\Downloads\Final ICFS 171 Web 6180223.xlsx 2020-04-07 13:31 - 2020-04-07 13:31 - 002232783 _____ C:\Users\piemp\Downloads\ICFS171 Final Exam Vogue (1).pdf 2020-04-05 13:57 - 2020-04-05 13:57 - 000022832 _____ (EasyAntiCheat Oy) C:\WINDOWS\system32\eac_usermode_25389007058524.dll 2020-04-04 18:43 - 2020-04-04 18:43 - 000000000 ____D C:\Users\piemp\AppData\Roaming\EasyAntiCheat 2020-04-04 15:54 - 2020-04-04 15:54 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller 2020-03-29 20:08 - 2020-04-03 08:13 - 000000000 ____D C:\Users\Admin-PC\AppData\Roaming\AnyDesk 2020-03-29 18:21 - 2020-04-02 09:53 - 000000000 ____D C:\Users\piemp\AppData\Roaming\Zoom ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-04-20 14:56 - 2016-03-08 17:24 - 000000000 ____D C:\Users\piemp\AppData\Local\ElevatedDiagnostics 2020-04-20 14:47 - 2018-06-07 18:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2020-04-20 14:18 - 2018-06-07 19:08 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update 2020-04-20 14:14 - 2018-04-12 06:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2020-04-20 13:46 - 2018-03-15 13:22 - 000000000 ____D C:\ProgramData\NVIDIA 2020-04-20 13:44 - 2018-04-12 06:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-04-20 13:42 - 2016-03-02 15:38 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2020-04-20 13:41 - 2018-06-07 19:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-04-20 13:39 - 2018-04-12 04:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2020-04-19 23:14 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2020-04-19 22:14 - 2016-11-04 18:48 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk 2020-04-19 22:07 - 2019-09-14 23:11 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2020-04-19 21:56 - 2018-03-20 12:11 - 000000000 ____D C:\Users\piemp\AppData\Local\Packages 2020-04-19 21:41 - 2016-08-21 15:21 - 000000000 ____D C:\ProgramData\KMSAutoS 2020-04-19 21:15 - 2018-03-15 13:24 - 000000000 ____D C:\Users\piemp\AppData\Local\NVIDIA Corporation 2020-04-19 21:10 - 2017-04-06 11:29 - 000000000 ____D C:\Users\piemp\AppData\Local\ConnectedDevicesPlatform 2020-04-19 20:56 - 2019-12-16 18:31 - 000000000 ____D C:\Users\piemp\AppData\Local\TeamViewer 2020-04-19 20:56 - 2016-03-08 13:22 - 000000000 ____D C:\Users\piemp\AppData\Local\Steam 2020-04-19 20:53 - 2020-03-02 15:15 - 000000000 ____D C:\Users\piemp\AppData\Local\NVIDIA 2020-04-19 20:53 - 2018-04-12 06:36 - 000000000 ____D C:\WINDOWS\INF 2020-04-19 20:53 - 2016-03-08 17:20 - 000000000 ____D C:\Users\piemp\AppData\Local\MicrosoftEdge 2020-04-19 20:51 - 2016-03-08 13:06 - 000000000 ___RD C:\Users\piemp\OneDrive 2020-04-19 20:50 - 2018-09-15 14:19 - 000000000 ____D C:\Users\piemp\AppData\Local\AVAST Software 2020-04-19 20:50 - 2016-03-02 11:52 - 000744808 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2020-04-19 20:42 - 2019-10-03 17:53 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData 2020-04-19 20:42 - 2019-10-03 17:53 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData 2020-04-19 20:38 - 2018-06-07 18:58 - 000838564 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2020-04-19 20:33 - 2018-06-07 18:37 - 005159880 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2020-04-19 20:32 - 2016-08-17 19:09 - 000000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2020-04-19 20:30 - 2018-04-12 16:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2020-04-19 20:30 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\TextInput 2020-04-19 20:30 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\ShellExperiences 2020-04-19 20:30 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\Provisioning 2020-04-19 20:30 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2020-04-19 20:30 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\bcastdvr 2020-04-19 20:24 - 2019-01-27 15:16 - 000000000 ____D C:\Users\piemp\AppData\Roaming\discord 2020-04-19 20:18 - 2020-03-02 15:15 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2020-04-19 20:18 - 2020-03-02 15:15 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2020-04-19 20:18 - 2020-03-02 15:14 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2020-04-19 20:18 - 2020-03-02 15:14 - 000003196 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2020-04-19 20:18 - 2020-03-02 15:14 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2020-04-19 20:18 - 2020-03-02 15:14 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2020-04-19 20:18 - 2020-03-02 15:14 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2020-04-19 20:18 - 2020-03-02 15:14 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2020-04-19 20:18 - 2020-03-02 15:14 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2020-04-19 20:18 - 2020-03-02 15:14 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2020-04-19 20:18 - 2019-10-03 17:53 - 000002608 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0 2020-04-19 20:18 - 2018-06-07 19:08 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2020-04-19 20:18 - 2018-06-07 19:08 - 000003438 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA 2020-04-19 20:18 - 2018-06-07 19:08 - 000003354 _____ C:\WINDOWS\system32\Tasks\SafeZone scheduled Autoupdate 1478261200 2020-04-19 20:18 - 2018-06-07 19:08 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2020-04-19 20:18 - 2018-06-07 19:08 - 000003316 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{C666A76B-F6F7-4864-8FEE-31410CF6C3EC} 2020-04-19 20:18 - 2018-06-07 19:08 - 000003296 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{26E48B54-E945-4BA4-B565-759A807DDB8C} 2020-04-19 20:18 - 2018-06-07 19:08 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2020-04-19 20:18 - 2018-06-07 19:08 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1800782405-3950550235-2960516043-1002 2020-04-19 20:18 - 2018-06-07 19:08 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1800782405-3950550235-2960516043-1001 2020-04-19 20:18 - 2018-06-07 19:08 - 000002814 _____ C:\WINDOWS\system32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-piempiti_rex@hotmail.com 2020-04-19 20:18 - 2018-06-07 19:08 - 000002646 _____ C:\WINDOWS\system32\Tasks\AutoPico Daily Restart 2020-04-19 20:18 - 2018-06-07 19:08 - 000002484 _____ C:\WINDOWS\system32\Tasks\CAM 2020-04-19 20:18 - 2018-06-07 19:08 - 000002304 _____ C:\WINDOWS\system32\Tasks\RtHDVBg_PushButton 2020-04-19 20:18 - 2018-06-07 19:08 - 000002246 _____ C:\WINDOWS\system32\Tasks\{04A47E8B-6BC2-490E-B798-10F2C9345CC9} 2020-04-19 20:18 - 2018-06-07 19:08 - 000002244 _____ C:\WINDOWS\system32\Tasks\{B2FD6EAF-853E-4288-8254-8E96F8AECBD5} 2020-04-19 20:18 - 2018-06-07 19:08 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software 2020-04-19 14:52 - 2017-03-08 16:59 - 002719256 _____ (Wellbia.com Co., Ltd.) C:\WINDOWS\xhunter1.sys 2020-04-17 16:34 - 2018-04-12 06:38 - 000000000 ___HD C:\Program Files\WindowsApps 2020-04-16 21:46 - 2018-06-07 18:43 - 000000000 ____D C:\Users\Admin-PC 2020-04-16 21:15 - 2019-01-25 17:49 - 000000000 ____D C:\Users\piemp\AppData\Roaming\StardewValley 2020-04-16 18:33 - 2018-03-20 11:16 - 000459408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2020-04-15 10:42 - 2018-04-12 06:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2020-04-15 10:31 - 2016-03-02 11:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2020-04-15 10:29 - 2015-10-30 14:24 - 000000167 _____ C:\WINDOWS\win.ini 2020-04-15 02:31 - 2019-01-15 21:15 - 000234776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys 2020-04-15 02:31 - 2019-01-06 10:40 - 000178968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys 2020-04-15 02:31 - 2019-01-06 10:40 - 000060696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys 2020-04-15 02:31 - 2019-01-06 10:40 - 000037856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys 2020-04-15 02:31 - 2018-10-21 15:02 - 000042984 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2020-04-15 02:31 - 2018-03-20 11:16 - 000851808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2020-04-15 02:31 - 2018-03-20 11:16 - 000317280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2020-04-15 02:31 - 2018-03-20 11:16 - 000206120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys 2020-04-15 02:31 - 2018-03-20 11:16 - 000109480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2020-04-15 02:31 - 2018-03-20 11:16 - 000085056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2020-04-14 22:28 - 2019-03-22 13:27 - 000000000 ____D C:\Users\piemp\AppData\Roaming\.minecraft 2020-04-12 01:52 - 2019-02-13 19:27 - 000000000 ____D C:\Users\piemp\AppData\Roaming\Origin 2020-04-12 01:52 - 2016-03-08 13:33 - 000000000 ____D C:\ProgramData\Origin 2020-04-10 22:40 - 2016-03-09 20:34 - 000000000 ____D C:\Users\piemp\Documents\My Games 2020-04-05 21:51 - 2018-06-07 18:43 - 000000000 ____D C:\Users\piemp 2020-04-03 13:20 - 2018-06-07 18:43 - 000002381 _____ C:\Users\Admin-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2020-04-03 13:20 - 2016-03-02 11:21 - 000000000 ___RD C:\Users\Admin-PC\OneDrive 2020-04-03 07:59 - 2019-12-19 18:42 - 000000000 ____D C:\Users\Admin-PC\AppData\Local\TeamViewer 2020-03-29 20:12 - 2018-03-20 12:12 - 000000000 ____D C:\Users\Admin-PC\AppData\Local\Packages 2020-03-29 20:06 - 2018-03-21 19:50 - 000000000 ___RD C:\Users\Admin-PC\3D Objects 2020-03-29 20:06 - 2016-11-21 01:54 - 000000000 __RHD C:\Users\Public\AccountPictures 2020-03-26 12:00 - 2019-12-04 11:39 - 000000000 ____D C:\Users\piemp\Documents\Project CARS 2 2020-03-24 14:54 - 2016-11-04 18:35 - 000000000 ____D C:\ProgramData\AVAST Software 2020-03-21 10:18 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\system32\NDF ==================== Files in the root of some directories ======== 2019-02-16 14:42 - 2019-07-17 22:20 - 000000033 _____ () C:\Users\piemp\AppData\Roaming\AdobeWLCMCache.dat ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Thanks for taking your time helping me! |
| You are subscribed to email updates from "google nvidia,wd my cloud" - Google News. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
Comments
Post a Comment