Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2020 01 Ran by Owner (administrator) on OFFICEPC (Gigabyte Technology Co., Ltd. Z370 AORUS Ultra Gaming) (24-01-2020 09:24:56) Running from C:\Users\Owner\Desktop Loaded Profiles: Owner (Available Profiles: Owner) Platform: Windows 10 Pro Version 1903 18362.592 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files (x86)\DYMO\DYMO Connect\DYMO.WebApi.Win.Host.exe () [File not signed] C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe (Acronis International GmbH -> ) [File not signed] C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe (Acronis International GmbH -> ) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe (Acronis International GmbH -> ) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe (Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\Home\backup_worker.exe (Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeNotify.exe (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc\AdobeNotificationClient.exe (Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe (Bartels Media GmbH -> Bartels Media GmbH) C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Check Point Software Technologies Ltd. -> ) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe (Corel Corporation -> Mindjet) C:\Program Files\MindManager 2020\MmReminderService.exe (Corsair Components, Inc. -> Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe (Corsair Components, Inc. -> Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe (Degoo Backup AB -> Degoo Backup AB) C:\Users\Owner\AppData\Local\Degoo\Degoo.exe (Degoo Backup AB -> Degoo Backup AB) C:\Users\Owner\AppData\Local\Degoo\DegooHealthCheck.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\89.4.278\QtWebEngineProcess.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\89.4.278\QtWebEngineProcess.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\89.4.278\QtWebEngineProcess.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe (Innovative Solutions Grup SRL -> Innovative Solutions GRUP SRL) C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe (Innovative Solutions Grup SRL -> Innovative Solutions) C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe (Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Logitech, Inc. -> ) C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe (Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (MDL Forum, mod by Ratiborus) [File not signed] C:\ProgramData\KMSAutoS\bin\KMSSS.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\Owner\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Sanford, L.P. -> ) C:\Program Files (x86)\DYMO\DYMO Connect\DYMOConnectLauncher.exe (Sanford, L.P.) [File not signed] C:\Program Files (x86)\DYMO\DYMO Connect\DYMOConnectPnPService.exe (Siber Systems -> ) C:\Program Files\Siber Systems\GoodSync\gs-server.exe (Synology Inc. -> ) [File not signed] C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe (TechSmith Corporation -> TechSmith Corporation) C:\Program Files\TechSmith\Snagit 2020\Snagit32.exe (TechSmith Corporation -> TechSmith Corporation) C:\Program Files\TechSmith\Snagit 2020\SnagitEditor.exe (TechSmith Corporation -> TechSmith Corporation) C:\Program Files\TechSmith\Snagit 2020\SnagPriv.exe (Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-14] (AVAST Software s.r.o. -> AVAST Software) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-11-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [TechSmithSnagit] => C:\Program Files\TechSmith\Snagit 2020\Snagit32.exe [9267168 2019-09-30] (TechSmith Corporation -> TechSmith Corporation) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [824240 2019-11-18] (Acronis International GmbH -> Acronis International GmbH) HKLM\...\Run: [MMReminderService] => C:\Program Files\MindManager 2020\MMReminderService.exe [129696 2019-09-17] (Corel Corporation -> Mindjet) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-12-09] (Apple Inc. -> Apple Inc.) HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft) [File not signed] HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [1971872 2016-08-18] (Shenzhen Yi Xing Investment Co., Ltd. -> ) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [4072376 2018-01-17] (Comodo Security Solutions, Inc. -> COMODO) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech, Inc. -> Logitech Inc.) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Inc.) HKLM-x32\...\Run: [ZaAntiRansomware] => C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe [4226928 2019-02-28] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6261760 2020-01-22] (Dropbox, Inc -> Dropbox, Inc.) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5048456 2019-11-19] (Acronis International GmbH -> ) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe [441448 2019-11-18] (Acronis International GmbH -> Acronis International GmbH) HKLM-x32\...\Run: [DYMOWebApi] => C:\Program Files (x86)\DYMO\DYMO Connect\DYMO.WebApi.Win.Host.exe [5372416 2019-11-11] () [File not signed] HKLM-x32\...\Run: [DymoOfficeHelper] => C:\Program Files (x86)\DYMO\DYMO Connect\DYMO.OfficeHelper.exe [55296 2019-11-11] () [File not signed] HKLM-x32\...\Run: [Q-Dir] => C:\Program Files (x86)\Q-Dir\Q-Dir.exe [1130872 2020-01-11] (Nenad Hrg -> Nenad Hrg (SoftwareOK.com)) HKLM-x32\...\Run: [NETGEAR USB Control Center] => C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe [4114944 2013-07-29] () [File not signed] HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-1839086724-150470103-41202482-1001\...\Run: [CorsairLink4] => C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe [27146448 2018-03-30] (Corsair Components, Inc. -> Corsair Components, Inc.) HKU\S-1-5-21-1839086724-150470103-41202482-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd) HKU\S-1-5-21-1839086724-150470103-41202482-1001\...\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 HKU\S-1-5-21-1839086724-150470103-41202482-1001\...\Run: [] => [X] HKU\S-1-5-21-1839086724-150470103-41202482-1001\...\Run: [DYMOConnectLauncher] => C:\Program Files (x86)\DYMO\DYMO Connect\DYMOConnectLauncher.exe [161976 2019-11-11] (Sanford, L.P. -> ) HKU\S-1-5-21-1839086724-150470103-41202482-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1839086724-150470103-41202482-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-11-26] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-1839086724-150470103-41202482-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) HKU\S-1-5-21-1839086724-150470103-41202482-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3681944 2019-12-17] (Invincea, Inc. -> Sandboxie Holdings, LLC) HKU\S-1-5-21-1839086724-150470103-41202482-1001\...\RunOnce: [Application Restart #1] => C:\Users\Owner\AppData\Local\NoteStation\synology-note-station.exe [1978840 2019-08-06] (Synology Inc. -> Synology) HKU\S-1-5-21-1839086724-150470103-41202482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01242020085807017\...\Run: [CorsairLink4] => C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe [27146448 2018-03-30] (Corsair Components, Inc. -> Corsair Components, Inc.) HKU\S-1-5-21-1839086724-150470103-41202482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01242020085807017\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd) HKU\S-1-5-21-1839086724-150470103-41202482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01242020085807017\...\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 HKU\S-1-5-21-1839086724-150470103-41202482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01242020085807017\...\Run: [] => [X] HKU\S-1-5-21-1839086724-150470103-41202482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01242020085807017\...\Run: [DYMOConnectLauncher] => C:\Program Files (x86)\DYMO\DYMO Connect\DYMOConnectLauncher.exe [161976 2019-11-11] (Sanford, L.P. -> ) HKU\S-1-5-21-1839086724-150470103-41202482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01242020085807017\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1839086724-150470103-41202482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01242020085807017\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-11-26] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-1839086724-150470103-41202482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01242020085807017\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) HKU\S-1-5-21-1839086724-150470103-41202482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01242020085807017\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3681944 2019-12-17] (Invincea, Inc. -> Sandboxie Holdings, LLC) HKU\S-1-5-21-1839086724-150470103-41202482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01242020085807017\...\RunOnce: [Application Restart #1] => C:\Users\Owner\AppData\Local\NoteStation\synology-note-station.exe [1978840 2019-08-06] (Synology Inc. -> Synology) HKU\S-1-5-21-1839086724-150470103-41202482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01242020085807017\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5 --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-17] (Google LLC -> Google LLC) HKLM\Software\Microsoft\Active Setup\Installed Components: [{90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB}] -> C:\Program Files\MindManager 2020\sys\MmInternetExplorerActiveSetup.vbs Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress.lnk [2020-01-22] ShortcutTarget: PhraseExpress.lnk -> C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH -> Bartels Media GmbH) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2018-05-30] ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Degoo .lnk [2019-10-19] ShortcutTarget: Degoo .lnk -> C:\Users\Owner\AppData\Local\Degoo\Degoo.exe (Degoo Backup AB -> Degoo Backup AB) Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lang-Ru-En.dat.lnk [2020-01-22] ShortcutAndArgument: lang-Ru-En.dat.lnk -> C:\WINDOWS\system32\wscript.exe => /E:vbscript "C:\Users\Owner\AppData\Roaming\lang-Ru-En.dat.vbs" Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\langdata.st.lnk [2020-01-22] ShortcutAndArgument: langdata.st.lnk -> C:\WINDOWS\system32\wscript.exe => /E:vbscript "C:\Users\Owner\AppData\Roaming\langdata.st.vbs" GroupPolicy: Restriction ? <==== ATTENTION FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {058A3776-A80B-4090-B952-CF52CDB2BDF8} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [1677600 2019-09-06] (Corel Corporation -> Corel Corporation) Task: {06BE20C6-4C79-4326-A700-C90F91C61E7C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1376144 2020-01-19] (Microsoft Corporation -> Microsoft Corporation) Task: {0E9CC7E1-CC66-4185-8777-AFA61B752C5B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd) Task: {1316DEA4-9638-40A7-A058-B69555D865B4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-20] (Google Inc -> Google Inc.) Task: {136D609D-1C33-4E1F-9BC1-A4D577BE6C6B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115448 2020-01-19] (Microsoft Corporation -> Microsoft Corporation) Task: {16ECC187-E0A0-4101-B43B-711AA0A70B42} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-14] (AVAST Software s.r.o. -> AVAST Software) Task: {20AEE82A-D1DD-400C-855F-D56D86C6ED02} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-10-15] (Dropbox, Inc -> Dropbox, Inc.) Task: {36727BDD-A29E-4701-9911-AD8E08FBA081} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4360000 2020-01-12] (Microsoft Corporation -> Microsoft Corporation) Task: {518FDFAC-62D0-4DB0-B872-759CE016FBB1} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-10-15] (Dropbox, Inc -> Dropbox, Inc.) Task: {6330616A-97FF-44F4-8E70-9F553A5B3A75} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.) Task: {6AF20085-6BA4-4D6B-8601-06A5D33D5E74} - System32\Tasks\MindManagerV20 Notifications Check {S-1-5-21-1839086724-150470103-41202482-1001} => rundll32.exe "C:\Program Files\MindManager 2020\MmProductNotifications.dll",InvokeNotificationsShellable Task: {6C0C79E1-FB13-4AF9-A25F-BBACFE99A37A} - System32\Tasks\Health-Check => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [6639192 2018-08-21] (Innovative Solutions Grup SRL -> Innovative Solutions) Task: {738A634E-0C63-4F9E-8E3F-AB57AE97C51D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4360000 2020-01-12] (Microsoft Corporation -> Microsoft Corporation) Task: {83362E57-2760-4D55-9614-59FDBF76E9B2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems) Task: {88EFF11E-6D15-4D01-B152-66E908BC4478} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-office@michaelkeay.co.uk => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) Task: {8E28FE40-1EC7-495F-A5FF-80D9978FBFA3} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115448 2020-01-19] (Microsoft Corporation -> Microsoft Corporation) Task: {A54FCFB4-250D-4580-88B7-673D987A5294} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2610160 2019-09-05] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) Task: {AFF8C1C1-2369-4060-8467-54BD7E4AF1D9} - System32\Tasks\CorelUpdateHelperTask-EC22897B0AA948E4537D4A7432F2227D => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [1677600 2019-09-06] (Corel Corporation -> Corel Corporation) Task: {B2C033C0-1754-485F-83CE-88237DDACBFD} - System32\Tasks\Health-Check-deep => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [6639192 2018-08-21] (Innovative Solutions Grup SRL -> Innovative Solutions) Task: {C2A91F1B-C0BA-49D7-8EC6-24E8915162F9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24629104 2020-01-08] (Microsoft Corporation -> Microsoft Corporation) Task: {C507EE3A-A1B0-4225-83F7-73418E157A1A} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK Task: {C7A9D37F-C96F-449B-8C4B-34AF71ED0B88} - System32\Tasks\AupAvUpdate => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\updAvTask.exe [1523288 2018-08-21] (Innovative Solutions Grup SRL -> Innovative Solutions) Task: {CA1DE705-DE5E-4006-B071-7638E82AD4BF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-20] (Google Inc -> Google Inc.) Task: {CDDA922C-77A7-4437-BECC-AF145A7BF857} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd) Task: {D367AD07-E96D-4488-92DF-3C9D657D75F3} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-10-14] (AVAST Software s.r.o. -> AVAST Software) Task: {DC693799-19D2-40D6-86EE-940DB93F3191} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24629104 2020-01-08] (Microsoft Corporation -> Microsoft Corporation) Task: {DE7DA7A3-D6C7-4689-BC4E-29D186804E84} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1376144 2020-01-19] (Microsoft Corporation -> Microsoft Corporation) Task: {F0EB3EE4-072B-440B-B295-A8AC3DFFBA50} - System32\Tasks\UninstallMonitor => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe [18938456 2018-08-21] (Innovative Solutions Grup SRL -> Innovative Solutions GRUP SRL) Task: {FF9F549E-1931-4AA9-BF7B-8826D0F86BC0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_303_pepper.exe [1453112 2019-12-16] (Adobe Inc. -> Adobe) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\Health-Check-deep.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe Task: C:\WINDOWS\Tasks\Health-Check.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{95b26c17-dd68-4bee-b7df-695020813f3b}: [DhcpNameServer] 198.18.0.1 198.18.0.2 Tcpip\..\Interfaces\{c9ab8eec-7d41-48ba-8a2c-c4da1cbcbc6c}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{d0ebc6d6-53cf-4ea8-ba02-e0bea547b250}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKU\S-1-5-21-1839086724-150470103-41202482-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP HKU\S-1-5-21-1839086724-150470103-41202482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01242020085807017\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP SearchScopes: HKU\S-1-5-21-1839086724-150470103-41202482-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10454__180520__yaie&p={searchTerms} SearchScopes: HKU\S-1-5-21-1839086724-150470103-41202482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01242020085807017 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10454__180520__yaie&p={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-01-12] (Microsoft Corporation -> Microsoft Corporation) BHO: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files\MindManager 2020\Mm8InternetExplorer.dll [2019-09-17] (Corel Corporation -> Mindjet) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2020-01-12] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: iSkysoft iMedia Converter Deluxe 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-08-18] (Shenzhen Yi Xing Investment Co., Ltd. -> Wondershare) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-1839086724-150470103-41202482-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-1839086724-150470103-41202482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01242020085807017 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) DPF: HKLM-x32 {11BC576E-3A13-4061-ABDE-0F2BC0C3EB47} hxxp://192.168.0.63/cab/NcPlayrt.cab Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-12] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-12] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-12] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-12] (Microsoft Corporation -> Microsoft Corporation) Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File Edge: ====== DownloadDir: C:\Users\Owner\Downloads FireFox: ======== FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2018-02-02] FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com_xpi FF Extension: (iSkysoft iMedia Converter Deluxe) - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com_xpi [2018-05-19] [Legacy] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File] FF Plugin-x32: @google.com/zxwebplugin -> C:\WINDOWS\system32\npzxwebplugin.dll [No File] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-12-06] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-12] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC) FF Plugin-x32: @videolan.org/vlc,version=3.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2018-02-02] (Adobe Systems, Incorporated -> Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File] FF Plugin HKU\S-1-5-21-1839086724-150470103-41202482-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Owner\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-09-29] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FF Plugin HKU\S-1-5-21-1839086724-150470103-41202482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01242020085807017: @zoom.us/ZoomVideoPlugin -> C:\Users\Owner\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-09-29] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://google.co.uk/ CHR StartupUrls: Default -> "hxxps://www.google.co.uk/?gws_rd=ssl","hxxp://www.bbc.co.uk/news/","hxxp://www.google.co.uk/" CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://hypnosistrainingacademy.com; hxxps://mail.protonmail.com; hxxps://toleratedcinematics.com; hxxps://www.elegantthemes.com; hxxps://www.facebook.com; hxxps://www.reddit.com; hxxps://www.youtube.com CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2020-01-24] CHR Extension: (Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-20] CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-20] CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17] CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-20] CHR Extension: (Synology Note Station) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfefcnbolgjjabocpajaplcgpniphdd [2019-11-20] CHR Extension: (Adobe Acrobat) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-10-14] CHR Extension: (PanicButton) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2019-10-16] CHR Extension: (Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-20] CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-15] CHR Extension: (Windowed - floating Youtube/every website) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gibipneadnbflmkebnmcbgjdkngkbklb [2019-10-16] CHR Extension: (YouTube Windowed FullScreen) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkkmiofalnjagdcjheckamobghglpdpm [2019-10-23] CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-01-17] CHR Extension: (IE Tab) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2020-01-15] CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-14] CHR Extension: (Synology Web Clipper) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfbfimijgibligmbglggnbiobgjgmbk [2019-11-20] CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-10-14] CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-17] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [10316304 2019-11-18] (Acronis International GmbH -> ) S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-10-07] (Apple Inc. -> Apple Inc.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2019-12-19] (AVAST Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-14] (AVAST Software s.r.o. -> AVAST Software) R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-10-14] (AVAST Software s.r.o. -> AVAST Software) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11164232 2020-01-07] (Microsoft Corporation -> Microsoft Corporation) R3 CLink4Service; C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe [34512 2018-03-30] (Corsair Components, Inc. -> Corsair Components, Inc.) R2 CPEFR; C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe [2760440 2019-02-28] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) R2 CpSbaCipolla; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [33016 2019-02-17] (Check Point Software Technologies Ltd. -> ) R2 CpSbaUpdater; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [33016 2019-02-17] (Check Point Software Technologies Ltd. -> ) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-10-15] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-10-15] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-01-22] (Dropbox, Inc -> Dropbox, Inc.) R2 DYMOConnectPnPService; C:\Program Files (x86)\DYMO\DYMO Connect\DYMOConnectPnPService.exe [26112 2019-11-11] (Sanford, L.P.) [File not signed] R2 GsServer; C:\Program Files\Siber Systems\GoodSync\gs-server.exe [7952608 2019-12-20] (Siber Systems -> ) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S3 InnovativeSolutions_monitor; C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [1065560 2018-08-21] (Innovative Solutions Grup SRL -> ) R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [1199544 2018-01-17] (Comodo Security Solutions, Inc. -> COMODO) R2 KMSEmulator; C:\ProgramData\KMSAutoS\bin\KMSSS.exe [301056 2015-07-24] (MDL Forum, mod by Ratiborus) [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2019-12-09] (Malwarebytes Inc -> Malwarebytes) R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4808088 2019-11-18] (Acronis International GmbH -> Acronis International GmbH) S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2019-11-18] (Acronis International GmbH -> Acronis International GmbH) S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1916824 2019-11-18] (Acronis International GmbH -> ) R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc) R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc) R2 RemediationService; C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe [18168 2019-01-22] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) R2 Samsung Network Fax Server; C:\WINDOWS\system32\spool\drivers\x64\3\NetFaxServer64.exe [801472 2015-03-10] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [328344 2019-12-17] (Invincea, Inc. -> Sandboxie Holdings, LLC) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-10-15] (Microsoft Windows Publisher -> Microsoft Corporation) S2 SonosLibraryService; C:\Program Files (x86)\Sonos\SonosLibraryService.exe [26624 2018-11-12] () [File not signed] S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182112 2019-07-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644144 2018-07-23] (TeamViewer GmbH -> TeamViewer GmbH) R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3658832 2019-06-28] (TechSmith Corporation -> TechSmith Corporation) R2 TESvc; C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe [319736 2019-02-06] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) R3 Tib Mounter Service; C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe [7095824 2019-11-18] (Acronis International GmbH -> Acronis International GmbH) R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248856 2017-08-08] (Synology Inc. -> ) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-19] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-19] (Microsoft Corporation -> Microsoft Corporation) R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2169800 2018-06-19] (Wacom Technology Corporation -> Wacom Technology, Corp.) R2 ZAARUpdateService; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe [50032 2019-02-28] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) S2 AdobeUpdateService; "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe" [X] R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37616 2019-10-14] (AVAST Software s.r.o. -> AVAST Software) R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2019-10-14] (AVAST Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2019-10-14] (AVAST Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2019-10-14] (AVAST Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2019-10-14] (AVAST Software s.r.o. -> AVAST Software) R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2019-10-14] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software) R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [276952 2019-10-14] (AVAST Software s.r.o. -> AVAST Software) R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2019-10-14] (AVAST Software s.r.o. -> AVAST Software) R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [161544 2019-11-02] (AVAST Software s.r.o. -> AVAST Software) R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2019-10-14] (AVAST Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2019-10-14] (AVAST Software s.r.o. -> AVAST Software) R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2019-10-14] (AVAST Software s.r.o. -> AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2019-10-14] (AVAST Software s.r.o. -> AVAST Software) R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2019-10-14] (AVAST Software s.r.o. -> AVAST Software) R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2019-10-14] (AVAST Software s.r.o. -> AVAST Software) R3 busenum; C:\WINDOWS\System32\drivers\busenum.sys [57824 2012-08-03] (Synology Inc. -> Windows (R) Win 7 DDK provider) R2 cpbak; C:\WINDOWS\System32\DRIVERS\cpbak.sys [64664 2018-07-10] (Check Point Software Technologies Ltd. -> Check Point Software Technologies) R1 CPEPMon; C:\WINDOWS\System32\DRIVERS\CPEPMon.sys [108624 2019-01-27] (Check Point Software Technologies Ltd. -> Check Point Software Technologies) R1 cposfw; C:\WINDOWS\System32\DRIVERS\cposfw.sys [115256 2019-02-26] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) R3 cpuz146; C:\WINDOWS\temp\cpuz146\cpuz146_x64.sys [52824 2020-01-24] (CPUID -> CPUID) R3 dbx; C:\WINDOWS\System32\DRIVERS\dbx.sys [47600 2020-01-22] (Microsoft Windows Hardware Compatibility Publisher -> Dropbox, Inc.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [135520 2019-07-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 e1dexpress; C:\WINDOWS\System32\DriverStore\FileRepository\e1d68x64.inf_amd64_b44028fc7fdf4fca\e1d68x64.sys [599920 2019-09-13] (Intel(R) INTELND1820 -> Intel Corporation) R1 epnetflt; C:\WINDOWS\system32\drivers\epnetflt.sys [118864 2018-12-24] (Check Point Software Technologies Ltd. -> Check Point Software Technologies) R1 epregflt; C:\WINDOWS\system32\drivers\epregflt.sys [110232 2018-06-12] (Check Point Software Technologies Ltd. -> Check Point Software Technologies) R2 file_protector; C:\WINDOWS\System32\DRIVERS\file_protector.sys [687768 2019-12-10] (Acronis International GmbH -> Acronis International GmbH) R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [390592 2019-12-10] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH) S3 gdrv; C:\WINDOWS\gdrv.sys [26192 2018-06-18] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider) R1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [63200 2017-12-13] (Comodo Security Solutions, Inc. -> COMODO) R2 ISWKL; C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\Bin\ISWKL.sys [65264 2018-03-11] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [216544 2019-12-22] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [278344 2020-01-24] (Malwarebytes Inc -> Malwarebytes) R3 MEIx64; C:\WINDOWS\System32\DriverStore\FileRepository\heci.inf_amd64_85021432489d6a1c\x64\TeeDriverW8x64.sys [266128 2019-04-17] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) R3 NetgearUDSMBus; C:\WINDOWS\system32\drivers\netgearUDSMBus.sys [113888 2013-07-25] (KCODES CORPORATION -> Windows (R) Codename Longhorn DDK provider) R3 NetgearUDSMBus; C:\Windows\SysWOW64\drivers\netgearUDSMBus.sys [92160 2012-06-15] (Windows (R) Codename Longhorn DDK provider) [File not signed] R3 NetgearUDSTcpBus; C:\WINDOWS\System32\drivers\netgearUDSTcpBus.sys [193248 2013-07-25] (KCODES CORPORATION -> Windows (R) Codename Longhorn DDK provider) R3 NetgearUDSTcpBus; C:\Windows\SysWOW64\drivers\netgearUDSTcpBus.sys [153600 2012-06-15] (Windows (R) Codename Longhorn DDK provider) [File not signed] R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_db678424d2641c3d\nvlddmkm.sys [22094728 2019-10-04] (NVIDIA Corporation -> NVIDIA Corporation) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [224488 2019-12-16] (Invincea, Inc. -> Sandboxie Holdings, LLC) R3 SIUSBXP; C:\WINDOWS\system32\drivers\SiUSBXp.sys [19456 2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Silicon Laboratories) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166752 2019-07-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43360 2019-07-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S3 tib; C:\WINDOWS\system32\DRIVERS\tib.sys [883256 2019-12-10] (Acronis International GmbH -> Acronis International GmbH) R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [171968 2019-12-10] (Acronis International GmbH -> Acronis International GmbH) S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [693768 2019-12-10] (Acronis International GmbH -> Acronis International GmbH) S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24576 2019-10-15] (Microsoft Windows -> Microsoft Corporation) R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [330176 2019-12-10] (Acronis International GmbH -> Acronis International GmbH) R0 volume_tracker; C:\WINDOWS\System32\DRIVERS\volume_tracker.sys [243472 2019-12-10] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH) S3 WacHidRouterPro; C:\WINDOWS\System32\drivers\wachidrouter.sys [115672 2018-05-30] (Microsoft Windows Hardware Compatibility Publisher -> Wacom Technology, Corp.) S3 wacomrouterfilter; C:\WINDOWS\System32\drivers\wacomrouterfilter.sys [17880 2018-05-30] (Microsoft Windows Hardware Compatibility Publisher -> Wacom Technology, Corp.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-19] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-19] (Microsoft Windows -> Microsoft Corporation) S3 WIMMount; C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys [36864 2018-09-14] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-01-24 09:24 - 2020-01-24 09:25 - 000059079 _____ C:\Users\Owner\Desktop\FRST.txt 2020-01-24 09:22 - 2020-01-24 02:04 - 002580480 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe 2020-01-24 09:19 - 2020-01-24 09:25 - 000000000 ____D C:\FRST 2020-01-24 08:58 - 2020-01-24 08:58 - 000278344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2020-01-24 08:58 - 2020-01-24 08:58 - 000000000 ___SD C:\Users\Public\Documents\ Check PointSystem Directory Don'tRemove 2020-01-24 08:58 - 2020-01-24 08:58 - 000000000 ___SD C:\Users\Owner\Documents\Sandblast Zero-Day_System_DirectoryDon'tDiscard 2020-01-24 08:58 - 2020-01-24 08:58 - 000000000 ___SD C:\ProgramData\Documents\ Check PointSystem Directory Don'tRemove 2020-01-24 08:58 - 2020-01-24 08:58 - 000000000 ___HD C:\OneDriveTemp 2020-01-23 11:39 - 2020-01-23 11:39 - 000117322 _____ C:\Users\Owner\Downloads\SCC_COMUNICADOS_PI_Batch0100151116f6cf9311c96200.pdf 2020-01-23 09:04 - 2020-01-23 09:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2020-01-22 23:24 - 2020-01-22 23:24 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2020-01-22 23:24 - 2020-01-22 23:24 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2020-01-22 23:24 - 2020-01-22 23:24 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2020-01-22 23:24 - 2020-01-22 23:24 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx.sys 2020-01-22 23:24 - 2020-01-22 23:24 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2020-01-22 18:22 - 2013-07-25 15:26 - 000193248 _____ (Windows (R) Codename Longhorn DDK provider) C:\WINDOWS\system32\Drivers\netgearUDSTcpBus.sys 2020-01-22 18:22 - 2013-07-25 15:26 - 000113888 _____ (Windows (R) Codename Longhorn DDK provider) C:\WINDOWS\system32\Drivers\netgearUDSMBus.sys 2020-01-22 18:21 - 2020-01-22 18:21 - 000002202 _____ C:\Users\Public\Desktop\NETGEAR USB Control Center.lnk 2020-01-22 18:21 - 2020-01-22 18:21 - 000002202 _____ C:\ProgramData\Desktop\NETGEAR USB Control Center.lnk 2020-01-22 18:21 - 2020-01-22 18:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR 2020-01-22 18:21 - 2020-01-22 18:21 - 000000000 ____D C:\Program Files (x86)\NETGEAR 2020-01-22 18:20 - 2020-01-22 18:20 - 000000000 ____D C:\Users\Owner\Downloads\ReadySharePrinter_setup_v1.36 (3) 2020-01-22 18:01 - 2020-01-22 18:01 - 009989783 _____ C:\Users\Owner\Downloads\ReadySharePrinter_setup_v1.36 (3).zip 2020-01-22 18:00 - 2020-01-22 18:00 - 000000000 ____D C:\Users\Owner\Downloads\ReadySharePrinter_setup_v1.36 (2) 2020-01-22 17:59 - 2020-01-22 17:59 - 009989783 _____ C:\Users\Owner\Downloads\ReadySharePrinter_setup_v1.36 (2).zip 2020-01-22 13:39 - 2020-01-22 13:39 - 026067360 _____ (Bartels Media GmbH ) C:\Users\Owner\Downloads\PhraseExpressSetup (1).exe 2020-01-21 09:39 - 2020-01-21 09:39 - 000014612 _____ C:\Users\Owner\Downloads\am-login-logo.zip 2020-01-20 11:15 - 2020-01-20 11:13 - 232958400 _____ C:\Users\Owner\Desktop\20200120_111312.mp4 2020-01-20 10:38 - 2020-01-20 10:37 - 1372818056 _____ C:\Users\Owner\Desktop\20200120_103322.mp4 2020-01-20 09:55 - 2020-01-20 09:40 - 2423055310 _____ C:\Users\Owner\Desktop\20200120_093332.mp4 2020-01-18 09:40 - 2020-01-18 09:40 - 000015957 _____ C:\Users\Owner\Downloads\Download (3).CSV 2020-01-16 14:25 - 2020-01-16 14:26 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Toonly 2020-01-16 14:25 - 2020-01-16 14:25 - 000002242 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toonly.lnk 2020-01-16 14:25 - 2020-01-16 14:25 - 000002234 _____ C:\Users\Owner\Desktop\Toonly.lnk 2020-01-16 14:25 - 2020-01-16 14:25 - 000000000 ____D C:\Users\Owner\AppData\Local\toonly-updater 2020-01-16 14:24 - 2020-01-16 14:25 - 135167048 _____ (Bryxen Inc.) C:\Users\Owner\Downloads\Toonly+Setup+1.3.4.exe 2020-01-15 19:02 - 2020-01-15 19:02 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2020-01-15 19:02 - 2020-01-15 19:02 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2020-01-15 19:02 - 2020-01-15 19:02 - 007016448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2020-01-15 19:02 - 2020-01-15 19:02 - 005913600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2020-01-15 19:02 - 2020-01-15 19:02 - 002494464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2020-01-15 19:02 - 2020-01-15 19:02 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll 2020-01-15 19:02 - 2020-01-15 19:02 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2020-01-15 19:02 - 2020-01-15 19:02 - 001106944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll 2020-01-15 19:02 - 2020-01-15 19:02 - 001098720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll 2020-01-15 19:02 - 2020-01-15 19:02 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll 2020-01-15 19:02 - 2020-01-15 19:02 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll 2020-01-15 19:02 - 2020-01-15 19:02 - 000363840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll 2020-01-15 19:02 - 2020-01-15 19:02 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll 2020-01-15 19:01 - 2020-01-15 19:02 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 025900032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 022627840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 009928208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2020-01-15 19:01 - 2020-01-15 19:01 - 008012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 007754752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 006520480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2020-01-15 19:01 - 2020-01-15 19:01 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 003263488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 002870784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 002801152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2020-01-15 19:01 - 2020-01-15 19:01 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2020-01-15 19:01 - 2020-01-15 19:01 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 002473976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 002305536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 001985928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 001655880 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 001399096 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2020-01-15 19:01 - 2020-01-15 19:01 - 001330952 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2020-01-15 19:01 - 2020-01-15 19:01 - 001051664 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 001020032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2020-01-15 19:01 - 2020-01-15 19:01 - 000842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000689664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000678712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2020-01-15 19:01 - 2020-01-15 19:01 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000571392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiaaut.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2020-01-15 19:01 - 2020-01-15 19:01 - 000542496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000432256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2020-01-15 19:01 - 2020-01-15 19:01 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2020-01-15 19:01 - 2020-01-15 19:01 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2020-01-15 19:01 - 2020-01-15 19:01 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2020-01-15 19:01 - 2020-01-15 19:01 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV1.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe 2020-01-15 19:01 - 2020-01-15 19:01 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssrvlic.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe 2020-01-15 19:01 - 2020-01-15 19:01 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti_ci.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000162696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe 2020-01-15 19:01 - 2020-01-15 19:01 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiadss.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tsusbhub.sys 2020-01-15 19:01 - 2020-01-15 19:01 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000127520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiadss.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterpriseresourcemanager.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiarpc.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe 2020-01-15 19:01 - 2020-01-15 19:01 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enterpriseresourcemanager.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\LSCSHostPolicy.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\lstelemetry.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WSDScan.sys 2020-01-15 19:01 - 2020-01-15 19:01 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiatrace.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiatrace.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll 2020-01-15 19:01 - 2020-01-15 19:01 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll 2020-01-15 18:55 - 2019-12-10 05:15 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2020-01-15 18:55 - 2019-12-10 04:59 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2020-01-14 20:31 - 2020-01-14 20:31 - 000119588 _____ C:\Users\Owner\Downloads\order-1046-label.pdf 2020-01-14 14:40 - 2020-01-14 14:40 - 000024450 _____ C:\Users\Owner\Downloads\loa (1).pdf 2020-01-14 14:19 - 2020-01-14 14:19 - 000024450 _____ C:\Users\Owner\Downloads\loa.pdf 2020-01-13 18:13 - 2020-01-13 18:13 - 000000000 ____D C:\Users\Owner\AppData\Local\UXP 2020-01-13 16:42 - 2020-01-13 16:42 - 000001131 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Rush.lnk 2020-01-13 16:41 - 2020-01-13 16:41 - 000001133 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro 2020.lnk 2020-01-13 16:38 - 2020-01-13 16:38 - 000001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Prelude 2020.lnk 2020-01-13 16:37 - 2020-01-13 16:37 - 000001067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2020.lnk 2020-01-13 16:36 - 2020-01-13 16:36 - 000001145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder 2020.lnk 2020-01-13 16:34 - 2020-01-13 16:34 - 000001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom Classic.lnk 2020-01-13 16:26 - 2020-01-13 16:26 - 000002496 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2020.lnk 2020-01-13 16:21 - 2020-01-13 16:21 - 000001091 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver 2020.lnk 2020-01-13 16:18 - 2020-01-13 16:18 - 000001032 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dimension.lnk 2020-01-13 16:17 - 2020-01-13 16:17 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Character Animator 2020.lnk 2020-01-13 16:16 - 2020-01-13 16:16 - 000001029 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge 2020.lnk 2020-01-13 16:15 - 2020-01-13 16:15 - 000001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition 2020.lnk 2020-01-13 16:15 - 2020-01-13 16:15 - 000001041 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Animate 2020.lnk 2020-01-13 16:09 - 2020-01-13 16:09 - 000001253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects 2020.lnk 2020-01-13 16:06 - 2020-01-22 18:27 - 000000175 _____ C:\Users\Owner\AppData\Roaming\lang-Ru-En.dat.vbs 2020-01-13 16:06 - 2019-12-11 14:51 - 000375940 _____ C:\Users\Owner\AppData\Roaming\lang-Ru-En.dat 2020-01-13 16:03 - 2020-01-13 16:03 - 000000000 ____D C:\Users\Owner\Desktop\Adobe EXTRACTED 2020-01-13 15:40 - 2020-01-21 16:24 - 000001740 _____ C:\WINDOWS\Sandboxie.ini 2020-01-13 15:40 - 2020-01-13 15:40 - 006156440 _____ (Sandboxie Holdings, LLC) C:\Users\Owner\Downloads\SandboxieInstall-533-1.exe 2020-01-13 15:40 - 2020-01-13 15:40 - 000000940 _____ C:\Users\Owner\Desktop\Sandboxed Web Browser.lnk 2020-01-13 15:40 - 2020-01-13 15:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie 2020-01-13 15:36 - 2020-01-13 15:36 - 000018179 _____ C:\Users\Owner\Downloads\installer_x86-x64_89006.torrent 2020-01-13 14:57 - 2020-01-16 10:04 - 001819576 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2020-01-13 14:06 - 2020-01-13 14:22 - 000000000 ___RD C:\Users\Owner\Creative Cloud Files 2020-01-13 14:01 - 2020-01-13 14:01 - 000000000 ____D C:\Users\Owner\Downloads\ACCCx5_0_0_354 2020-01-13 12:15 - 2020-01-13 12:15 - 260976783 _____ C:\Users\Owner\Downloads\ACCCx5_0_0_354 (1).zip 2020-01-13 12:03 - 2020-01-13 12:03 - 260976783 _____ C:\Users\Owner\Downloads\ACCCx5_0_0_354.zip 2020-01-11 22:56 - 2020-01-11 22:57 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Q-Dir 2020-01-11 22:56 - 2020-01-11 22:56 - 000001644 _____ C:\Users\Public\Desktop\Q-Dir.lnk 2020-01-11 22:56 - 2020-01-11 22:56 - 000001644 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Q-Dir.lnk 2020-01-11 22:56 - 2020-01-11 22:56 - 000001644 _____ C:\ProgramData\Desktop\Q-Dir.lnk 2020-01-11 22:56 - 2020-01-11 22:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Q-Dir 2020-01-11 22:56 - 2020-01-11 22:56 - 000000000 ____D C:\Program Files (x86)\Q-Dir 2020-01-11 22:55 - 2020-01-11 22:55 - 000697650 _____ C:\Users\Owner\Downloads\Q-Dir_Installer.zip 2020-01-11 18:57 - 2020-01-13 16:32 - 000001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign 2020.lnk 2020-01-11 18:54 - 2020-01-13 16:29 - 000001029 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InCopy 2020.lnk 2020-01-11 18:50 - 2020-01-13 16:24 - 000001912 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Fuse.lnk 2020-01-11 18:46 - 2020-01-11 18:46 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Dimension CC 2020-01-11 18:42 - 2020-01-11 18:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxon 2020-01-11 18:40 - 2020-01-13 16:13 - 000000000 ____D C:\Program Files\Maxon Cinema 4D R21 2020-01-11 18:36 - 2020-01-22 18:27 - 000000172 _____ C:\Users\Owner\AppData\Roaming\langdata.st.vbs 2020-01-11 18:36 - 2019-11-13 12:52 - 000366140 ____R C:\Users\Owner\AppData\Roaming\langdata.st 2020-01-11 18:13 - 2020-01-11 18:13 - 008278072 _____ (Adobe System Incorporated.) C:\Users\Owner\Downloads\AdobeCreativeCloudCleanerTool.exe 2020-01-08 12:27 - 2020-01-08 12:27 - 000180854 _____ C:\Users\Owner\Downloads\CashBook-template-for-non-VAT-business-AccountsTemplate (1).xlsx 2020-01-08 12:02 - 2020-01-08 12:02 - 000007767 _____ C:\Users\Owner\Desktop\Bookkeeping and Accounting All- - Jane E.pdf.xlsx 2020-01-08 11:53 - 2020-01-08 11:53 - 000006489 _____ C:\Users\Owner\Desktop\2020-01-08_11-50-58.xlsx 2020-01-08 11:45 - 2020-01-08 11:45 - 006546299 _____ C:\Users\Owner\Downloads\Bookkeeping and Accounting All-in-One For Dummies - UK - 1st Edition (2015).epub 2020-01-07 20:06 - 2020-01-07 20:06 - 000113398 _____ C:\Users\Owner\Downloads\Order-Label-14496409.pdf 2020-01-07 11:56 - 2020-01-07 11:58 - 000000000 ____D C:\Users\Owner\AppData\Roaming\DYMOConnect 2020-01-07 11:56 - 2020-01-07 11:58 - 000000000 ____D C:\Users\Owner\AppData\Local\DYMO 2020-01-07 11:56 - 2020-01-07 11:56 - 000002769 _____ C:\Users\Public\Desktop\DYMO Connect.lnk 2020-01-07 11:56 - 2020-01-07 11:56 - 000002769 _____ C:\ProgramData\Desktop\DYMO Connect.lnk 2020-01-07 11:56 - 2020-01-07 11:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DYMO 2020-01-07 11:55 - 2020-01-07 11:55 - 000000000 ____D C:\Program Files (x86)\DYMO 2020-01-07 11:54 - 2020-01-07 11:54 - 151705976 _____ (DYMO) C:\Users\Owner\Downloads\DCDSetup1.2.exe 2020-01-07 11:36 - 2020-01-07 11:36 - 000083100 _____ C:\Users\Owner\Desktop\Online Return Center.pdf 2020-01-07 09:39 - 2020-01-07 09:39 - 000018311 _____ C:\Users\Owner\Downloads\Invoice_Dec-01-19_Dec-31-19 (1).csv 2020-01-04 10:37 - 2020-01-04 10:37 - 000000808 _____ C:\Users\Owner\Downloads\Invoice_Jul-01-19_Jul-31-19.csv 2020-01-04 10:36 - 2020-01-04 10:36 - 000007079 _____ C:\Users\Owner\Downloads\Invoice_Sep-01-19_Sep-30-19.csv 2020-01-04 10:35 - 2020-01-04 10:35 - 000012579 _____ C:\Users\Owner\Downloads\Invoice_Oct-01-19_Oct-31-19.csv 2020-01-04 10:34 - 2020-01-04 10:34 - 000015462 _____ C:\Users\Owner\Downloads\Invoice_Nov-01-19_Nov-30-19.csv 2020-01-04 10:32 - 2020-01-04 10:32 - 000018311 _____ C:\Users\Owner\Downloads\Invoice_Dec-01-19_Dec-31-19.csv 2020-01-02 11:44 - 2020-01-02 11:44 - 000000000 ____D C:\Users\Owner\AppData\Local\calibre-ebook.com 2020-01-02 11:32 - 2020-01-02 11:32 - 000007171 _____ C:\Users\Owner\Downloads\orders_from_20191227_to_20201231_20200102_1131.csv 2020-01-02 11:20 - 2020-01-02 11:20 - 000015957 _____ C:\Users\Owner\Downloads\Download (2).CSV ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-01-24 09:04 - 2019-10-19 14:16 - 000000000 ____D C:\Users\Owner\AppData\Local\Degoo 2020-01-24 09:04 - 2019-10-14 20:11 - 000840852 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2020-01-24 09:04 - 2019-03-19 04:50 - 000000000 ____D C:\WINDOWS\INF 2020-01-24 09:01 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\AppReadiness 2020-01-24 09:00 - 2018-05-18 20:10 - 000000000 ____D C:\ProgramData\GoodSync 2020-01-24 08:58 - 2019-03-19 04:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-01-24 08:58 - 2018-08-28 08:58 - 000000000 ____D C:\Users\Owner\AppData\Roaming\WTablet 2020-01-24 08:58 - 2018-07-28 09:15 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2020-01-24 08:58 - 2018-05-19 09:50 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2020-01-24 08:58 - 2018-05-18 15:04 - 000000000 ___RD C:\Users\Owner\OneDrive 2020-01-24 08:57 - 2019-10-14 20:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-01-24 08:57 - 2018-05-18 15:11 - 000000000 ____D C:\ProgramData\NVIDIA 2020-01-23 17:55 - 2019-12-17 15:09 - 000000000 ____D C:\Users\Owner\Documents\PhraseExpress 2020-01-23 17:55 - 2019-03-19 04:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2020-01-23 17:55 - 2018-05-20 10:44 - 000000000 ____D C:\Users\Owner\Documents\Outlook Files 2020-01-23 17:44 - 2019-10-14 20:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2020-01-23 17:39 - 2018-08-24 08:02 - 000000000 ____D C:\Users\Owner\AppData\Local\IPVanish 2020-01-23 10:22 - 2018-05-23 07:44 - 000000000 ____D C:\Users\Owner\AppData\Local\CrashDumps 2020-01-23 09:04 - 2019-10-15 08:32 - 000000000 ____D C:\Program Files (x86)\Dropbox 2020-01-23 00:01 - 2019-03-19 04:52 - 000000000 ___HD C:\Program Files\WindowsApps 2020-01-22 18:21 - 2018-05-18 15:02 - 000000000 __RHD C:\Users\Public\AccountPictures 2020-01-22 13:40 - 2019-12-17 15:09 - 000001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhraseExpress.lnk 2020-01-22 13:40 - 2019-12-17 15:09 - 000000000 ____D C:\Program Files (x86)\PhraseExpress 2020-01-22 13:39 - 2019-12-17 15:09 - 000000000 ____D C:\Users\Owner\AppData\Roaming\PhraseExpress 2020-01-22 13:01 - 2019-10-14 23:59 - 000000000 ___HD C:\SandBlastBackup 2020-01-21 16:35 - 2018-05-18 15:02 - 000000000 ____D C:\Users\Owner\AppData\Local\Packages 2020-01-20 13:23 - 2018-05-23 11:34 - 000000000 ____D C:\Users\Owner\AppData\Roaming\vlc 2020-01-20 13:17 - 2019-10-14 20:07 - 000003322 _____ C:\WINDOWS\system32\Tasks\CorelUpdateHelperTask-EC22897B0AA948E4537D4A7432F2227D 2020-01-20 11:41 - 2019-12-11 14:01 - 000000000 ____D C:\Users\Owner\Documents\Camtasia 2020-01-19 10:49 - 2018-05-19 10:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2020-01-19 10:45 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\NDF 2020-01-17 01:14 - 2019-10-15 08:32 - 000000000 ____D C:\Users\Owner\AppData\Local\Dropbox 2020-01-17 01:14 - 2018-05-20 18:39 - 000002304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-01-17 01:14 - 2018-05-20 18:39 - 000002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2020-01-17 01:14 - 2018-05-20 18:39 - 000002263 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2020-01-15 23:52 - 2019-03-19 04:52 - 000000000 ___SD C:\WINDOWS\system32\UNP 2020-01-15 23:52 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SystemResources 2020-01-15 23:52 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\ShellExperiences 2020-01-15 23:52 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\bcastdvr 2020-01-15 19:08 - 2018-05-18 15:18 - 000000000 ____D C:\WINDOWS\system32\MRT 2020-01-15 19:04 - 2019-03-19 04:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2020-01-15 19:04 - 2018-05-18 15:18 - 120202352 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2020-01-14 23:50 - 2018-05-25 10:21 - 000000000 ____D C:\Users\Owner\Documents\Adobe 2020-01-14 12:50 - 2019-10-15 08:32 - 000000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2020-01-14 12:50 - 2019-10-15 08:32 - 000000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2020-01-14 12:50 - 2018-08-24 09:21 - 000000362 _____ C:\WINDOWS\Tasks\Health-Check-deep.job 2020-01-14 12:50 - 2018-08-24 09:21 - 000000354 _____ C:\WINDOWS\Tasks\Health-Check.job 2020-01-14 09:56 - 2019-12-17 16:08 - 000003272 _____ C:\WINDOWS\system32\Tasks\MindManagerV20 Notifications Check {S-1-5-21-1839086724-150470103-41202482-1001} 2020-01-14 09:56 - 2019-10-23 11:10 - 000002528 _____ C:\WINDOWS\system32\Tasks\SamsungMagician 2020-01-14 09:56 - 2019-10-15 08:32 - 000003438 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA 2020-01-14 09:56 - 2019-10-15 08:32 - 000003214 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore 2020-01-14 09:56 - 2019-10-14 20:07 - 000003758 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier 2020-01-14 09:56 - 2019-10-14 20:07 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2020-01-14 09:56 - 2019-10-14 20:07 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2020-01-14 09:56 - 2019-10-14 20:07 - 000003270 _____ C:\WINDOWS\system32\Tasks\AupAvUpdate 2020-01-14 09:56 - 2019-10-14 20:07 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2020-01-14 09:56 - 2019-10-14 20:07 - 000002988 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2020-01-14 09:56 - 2019-10-14 20:07 - 000002954 _____ C:\WINDOWS\system32\Tasks\UninstallMonitor 2020-01-14 09:56 - 2019-10-14 20:07 - 000002854 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-office@michaelkeay.co.uk 2020-01-14 09:56 - 2019-10-14 20:07 - 000002850 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1839086724-150470103-41202482-1001 2020-01-14 09:56 - 2019-10-14 20:07 - 000002636 _____ C:\WINDOWS\system32\Tasks\Health-Check-deep 2020-01-14 09:56 - 2019-10-14 20:07 - 000002618 _____ C:\WINDOWS\system32\Tasks\Health-Check 2020-01-14 09:56 - 2019-10-14 20:07 - 000002592 _____ C:\WINDOWS\system32\Tasks\CorelUpdateHelperTaskCore 2020-01-14 09:56 - 2019-10-14 20:07 - 000002584 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask 2020-01-14 09:56 - 2019-10-14 20:07 - 000002214 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC 2020-01-14 09:56 - 2019-10-14 20:07 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software 2020-01-14 09:51 - 2018-05-18 15:17 - 000000000 ____D C:\Users\Owner\AppData\Local\D3DSCache 2020-01-13 19:21 - 2018-05-19 11:26 - 000001214 __RSH C:\ProgramData\ntuser.pol 2020-01-13 18:10 - 2018-05-18 15:02 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Adobe 2020-01-13 16:42 - 2018-05-25 10:20 - 000000000 ____D C:\Program Files\Adobe 2020-01-13 16:41 - 2018-05-25 10:34 - 000000000 ____D C:\Users\Public\Documents\Adobe 2020-01-13 16:41 - 2018-05-25 10:34 - 000000000 ____D C:\ProgramData\Documents\Adobe 2020-01-13 16:26 - 2018-06-27 09:25 - 000000000 ____D C:\Program Files\Common Files\Adobe 2020-01-13 16:15 - 2018-05-25 10:15 - 000000000 ____D C:\Users\Owner\AppData\Local\Adobe 2020-01-13 15:46 - 2019-12-17 11:01 - 000000000 ____D C:\Users\Owner\AppData\Roaming\qBittorrent 2020-01-13 15:40 - 2018-05-24 09:31 - 000000000 ____D C:\Program Files\Sandboxie 2020-01-13 14:55 - 2019-10-14 20:02 - 000000000 ____D C:\Users\Owner 2020-01-13 14:54 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2020-01-13 14:37 - 2018-05-25 10:14 - 000000000 ____D C:\ProgramData\Adobe 2020-01-13 14:37 - 2018-05-25 10:14 - 000000000 ____D C:\Program Files (x86)\Adobe 2020-01-13 14:05 - 2018-07-11 11:59 - 000000000 ____D C:\ProgramData\Packages 2020-01-11 18:38 - 2018-05-18 15:11 - 000000000 ____D C:\ProgramData\Package Cache 2020-01-11 18:10 - 2018-08-28 10:50 - 000000033 _____ C:\Users\Owner\AppData\Roaming\AdobeWLCMCache.dat 2020-01-11 17:58 - 2019-10-14 20:02 - 000002362 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2020-01-09 16:26 - 2018-05-20 11:37 - 000000000 ____D C:\Users\Owner\Documents\Calibre Library 2020-01-09 15:43 - 2018-09-10 16:37 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Doodly 2020-01-09 15:42 - 2018-09-10 16:37 - 000002278 _____ C:\Users\Owner\Desktop\Doodly.lnk 2020-01-09 15:42 - 2018-09-10 16:37 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bryxen Software 2020-01-09 15:42 - 2018-09-10 16:37 - 000000000 ____D C:\Users\Owner\AppData\Local\Doodly 2020-01-08 11:47 - 2018-05-20 12:23 - 000000000 ____D C:\Users\Owner\Documents\My Kindle Content 2020-01-05 10:53 - 2018-05-18 15:06 - 000000000 ____D C:\Users\Owner\AppData\Local\PlaceholderTileLogoFolder 2020-01-02 11:44 - 2018-05-20 11:42 - 000000000 ____D C:\Users\Owner\AppData\Local\calibre-cache 2020-01-02 11:44 - 2018-05-20 11:37 - 000000000 ____D C:\Users\Owner\AppData\Roaming\calibre 2019-12-25 11:13 - 2018-05-18 15:11 - 000000000 ____D C:\ProgramData\CLink4 ==================== Files in the root of some directories ======== 2018-08-28 10:50 - 2020-01-11 18:10 - 000000033 _____ () C:\Users\Owner\AppData\Roaming\AdobeWLCMCache.dat 2020-01-13 16:06 - 2019-12-11 14:51 - 000375940 _____ () C:\Users\Owner\AppData\Roaming\lang-Ru-En.dat 2020-01-13 16:06 - 2020-01-22 18:27 - 000000175 _____ () C:\Users\Owner\AppData\Roaming\lang-Ru-En.dat.vbs 2020-01-11 18:36 - 2019-11-13 12:52 - 000366140 ____R () C:\Users\Owner\AppData\Roaming\langdata.st 2020-01-11 18:36 - 2020-01-22 18:27 - 000000172 _____ () C:\Users\Owner\AppData\Roaming\langdata.st.vbs 2018-09-29 09:13 - 2018-09-29 09:13 - 000000000 _____ () C:\Users\Owner\AppData\Local\oobelibMkey.log 2018-07-23 08:52 - 2019-11-20 13:27 - 000000600 _____ () C:\Users\Owner\AppData\Local\PUTTY.RND 2018-09-12 11:14 - 2018-09-12 11:14 - 000003341 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel 2018-05-21 17:57 - 2018-05-21 17:57 - 000000000 _____ () C:\Users\Owner\AppData\Local\{06FD0F8A-D2BC-4E5A-B672-CC003343D325} 2018-05-21 17:53 - 2018-05-21 17:53 - 000000000 _____ () C:\Users\Owner\AppData\Local\{4625F5BA-BC2D-4F84-835D-2F723B2515AF} 2018-05-21 17:09 - 2018-05-21 17:09 - 000000000 _____ () C:\Users\Owner\AppData\Local\{9281B659-D861-46C0-ACC2-15171D7C2AEA} 2018-05-21 17:19 - 2018-05-21 17:19 - 000000000 _____ () C:\Users\Owner\AppData\Local\{E8CCE99A-0572-4317-AC62-C1C7B7893500} 2018-05-21 17:14 - 2018-05-21 17:14 - 000000000 _____ () C:\Users\Owner\AppData\Local\{F58243F0-25E2-42B7-BEDC-B4E49E27A526} ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================