Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-09-2020 Ran by ron (administrator) on HAL-RON (02-10-2020 13:41:43) Running from D:\Downloads Loaded Profiles: ron Platform: Windows 8.1 (Update) (X64) Language: English (United Kingdom) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Anaconda\envs\k36\Scripts\jupyter.exe () [File not signed] C:\Anaconda\envs\k36\Scripts\jupyter-lab.exe () [File not signed] C:\cygwin64\bin\bash.exe () [File not signed] C:\Windows\System\HsMgr64.exe () [File not signed] C:\Windows\SysWOW64\HsMgr.exe (ANDREA VACONDIO -> Andrea Vacondio) C:\Program Files\PDFsam Enhanced 4\creator-ws.exe (Andy Koppe / Thomas Wolff) [File not signed] C:\cygwin64\bin\mintty.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\My Image Garden\cnmigmain.exe (Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE (CMedia) [File not signed] C:\Program Files\ASUS Xonar Xense Audio\Customapp\AsusAudioCenter.exe (Deezer -> Deezer) C:\Users\ron\AppData\Local\Programs\deezer.desktop\Deezer.exe <5> (Foxit Software Incorporated -> Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Shell Extensions\FoxitPrevhost.exe (Foxit Software Incorporated -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe (Foxit Software Incorporated -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe (Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe <2> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <152> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe (Manhattan Engineering Incorporated -> Kite) C:\Program Files\Kite\kited.exe (Manhattan Engineering Incorporated -> Kite) C:\Program Files\Kite\KiteService.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\excel.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe <2> (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mspaint.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\prevhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SnippingTool.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <7> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2> (OpenVPN Technologies, Inc. -> The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ownCloud GmbH -> ownCloud) C:\Program Files (x86)\ownCloud\owncloud.exe (PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\12\bin\pg_ctl.exe (PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\12\bin\postgres.exe <8> (Python Software Foundation) [File not signed] C:\Anaconda\envs\k36\python.exe <3> (Realtek Semiconductor Corp -> ) C:\Windows\runSW.exe (Realtek Semiconductor Corp -> Realtek) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe (Realtek Semiconductor Corp -> Realtek) C:\Windows\SwUSB.exe (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe (RStudio, Inc.) [File not signed] C:\Program Files\RStudio\bin\rstudio.exe (RStudio, Inc.) [File not signed] C:\Program Files\RStudio\bin\x64\rsession.exe (Signal Messenger, LLC -> Open Whisper Systems) C:\Users\ron\AppData\Local\Programs\signal-desktop\Signal.exe <5> (Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe <6> (Sony Imaging Products & Solutions Inc. -> Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sync.com Inc. -> ) C:\Users\ron\AppData\Local\Programs\Sync\sync-worker.exe <3> (Sync.com Inc. -> Sync.com Inc.) C:\Users\ron\AppData\Local\Programs\Sync\sync-taskbar.exe (Wondershare software CO., LIMITED -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Cmaudio8788] => C:\WINDOWS\Syswow64\cmicnfgp.dll [12935168 2014-12-28] (C-Media Corporation) [File not signed] HKLM\...\Run: [Cmaudio8788GX] => C:\WINDOWS\syswow64\HsMgr.exe [200704 2014-12-28] () [File not signed] HKLM\...\Run: [Cmaudio8788GX64] => C:\WINDOWS\system\HsMgr64.exe [282112 2014-12-28] () [File not signed] HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed] HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-07-19] (Apple Inc. -> Apple Inc.) HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-06-09] (Canon Inc. -> CANON INC.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (Canon Inc. -> CANON INC.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [868328 2018-12-21] (Sony Imaging Products & Solutions Inc. -> Sony Corporation) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare software CO., LIMITED -> Wondershare) HKU\S-1-5-21-233570897-2198283788-2588358591-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [48737752 2020-09-09] (Google LLC -> ) HKU\S-1-5-21-233570897-2198283788-2588358591-1001\...\Run: [Google Update] => C:\Users\ron\AppData\Local\Google\Update\1.3.35.452\GoogleUpdateCore.exe [217544 2020-04-30] (Google LLC -> Google LLC) HKU\S-1-5-21-233570897-2198283788-2588358591-1001\...\Run: [ownCloud] => C:\Program Files (x86)\ownCloud\owncloud.exe [2374872 2020-06-12] (ownCloud GmbH -> ownCloud) HKU\S-1-5-21-233570897-2198283788-2588358591-1001\...\Run: [Kite] => C:\Program Files\Kite\kited.exe [404060112 2020-06-20] (Manhattan Engineering Incorporated -> Kite) HKU\S-1-5-21-233570897-2198283788-2588358591-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [90951528 2020-09-22] (Skype Software Sarl -> Skype Technologies S.A.) HKU\S-1-5-21-233570897-2198283788-2588358591-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\ron\AppData\Local\Microsoft\Teams\Update.exe [2452112 2020-09-01] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-233570897-2198283788-2588358591-1001\...\Run: [Opera Browser Assistant] => C:\Users\ron\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3085336 2020-09-29] (Opera Software AS -> Opera Software) HKU\S-1-5-21-233570897-2198283788-2588358591-1001\...\MountPoints2: {f6844e0d-f65e-11e9-bea8-3085a98ce5fe} - "G:\WD SmartWare.exe" autoplay=true HKLM\...\Windows x64\Print Processors\Canon MG5600 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCA.DLL [30208 2014-03-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5600 series: C:\WINDOWS\system32\CNMLMCA.DLL [406016 2014-03-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5600 series XPS: C:\WINDOWS\system32\CNMXLMCA.DLL [408576 2014-03-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [375296 2014-03-17] (CANON INC.) [File not signed] HKLM\Software\...\AppCompatFlags\Custom\iisexpress.exe: [{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb] -> IIS Express Application Compatibility Database for x64 HKLM\Software\...\AppCompatFlags\Custom\iisexpress.exe: [{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb] -> IIS Express Application Compatibility Database for x86 HKLM\Software\...\AppCompatFlags\InstalledSDB\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}: [DatabasePath] -> C:\WINDOWS\AppPatch\Custom\Custom64\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb [2012-05-29] HKLM\Software\...\AppCompatFlags\InstalledSDB\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}: [DatabasePath] -> C:\WINDOWS\AppPatch\Custom\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb [2012-05-29] HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /t REG_SZ /d "C:\Program Files\OpenVPN\bin\openvpn-gui.exe" /f HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\85.0.4183.121\Installer\chrmstp.exe [2020-09-24] (Google LLC -> Google LLC) Startup: C:\Users\ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk [2019-09-28] ShortcutTarget: Password Safe.lnk -> C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net) [File not signed] Startup: C:\Users\ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sync.LNK [2018-05-05] ShortcutTarget: Sync.LNK -> C:\Users\ron\AppData\Local\Programs\Sync\sync-taskbar.exe (Sync.com Inc. -> Sync.com Inc.) FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {048B46DC-0BC5-400F-B9A3-423D55FF0CD5} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION Task: {06C14AE8-2154-4138-A74F-27C3C656BD9C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972176 2020-05-12] (Microsoft Corporation -> Microsoft Corporation) Task: {09D3E962-76AD-4E9F-B020-FB971145B57F} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [660688 2020-09-19] (Mozilla Corporation -> Mozilla Foundation) Task: {0DDB73BB-E9A8-48C7-85F5-43E1321ED4B3} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} Task: {1DDA3249-C1D1-4820-AD47-C03939307421} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950128 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {23B0C28A-DDFA-4B0D-9460-E131FF2BFF02} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950128 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {30A7E63F-977E-4AEA-80C5-3015C2B310A4} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3487088 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {3141AAC7-DE44-4B29-9D2D-F58CA6F46ABD} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1} Task: {35CFDE44-C3DA-4B68-B235-5715ED691D10} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [772976 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {3CF8ADEA-046C-42FD-A3F6-40D3C675A450} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [994672 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {492F8726-136B-4E52-BB68-0C7B7E2A4D38} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-16] (Google Inc -> Google Inc.) Task: {4C29320E-56C1-46F6-90C7-CB36865F533F} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1741416 2020-09-18] (Avast Software s.r.o. -> Avast Software) Task: {6343D530-6966-4BD2-8410-B0301EF844BB} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855408 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {671CA532-4BC6-411B-AD05-9D13C19E5F3C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855408 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {6DE83157-DE9E-44B0-9017-16C355449356} - System32\Tasks\Opera scheduled assistant Autoupdate 1582299511 => C:\Users\ron\AppData\Local\Programs\Opera\launcher.exe [1529880 2020-09-15] (Opera Software AS -> Opera Software) Task: {7C0C03ED-4D20-4255-B657-BB8A2195D44E} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E} Task: {7EDA26FF-0346-498C-8286-D5E066AC9D8A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-233570897-2198283788-2588358591-1001Core => C:\Users\ron\AppData\Local\Google\Update\GoogleUpdate.exe [156104 2020-04-30] (Google LLC -> Google LLC) Task: {858AE3F5-2F76-40B4-BD92-CE95B49B19C9} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950128 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {87C4A64E-1CA5-4263-9D9A-BD588DC8B034} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-233570897-2198283788-2588358591-1001UA => C:\Users\ron\AppData\Local\Google\Update\GoogleUpdate.exe [156104 2020-04-30] (Google LLC -> Google LLC) Task: {94CD9053-54E4-4574-ADC3-46C128E1EEF8} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61} Task: {96B756A7-D0E6-4B34-AF94-AFEB2A0C6FD5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-09-16] (Microsoft Corporation -> Microsoft Corporation) Task: {A3D3C8C0-D3F4-4ABB-BE9E-379754139437} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [695664 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {A9CDA4AD-4917-4E49-A214-5568F84183C2} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950128 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {B31C2298-D254-4DF5-8BBC-66A9ECD0520F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972176 2020-05-12] (Microsoft Corporation -> Microsoft Corporation) Task: {BD38628B-32C9-446F-BE3C-C61B99D6A450} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [772976 2018-09-12] (NVIDIA Corporation -> NVIDIA Corporation) Task: {C4DB7967-E171-40B5-9DF5-344B5DD9D062} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-09-16] (Microsoft Corporation -> Microsoft Corporation) Task: {C84E3CE8-99AA-415F-96E6-5822E7C0583D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-16] (Google Inc -> Google Inc.) Task: {CB539B5D-F137-4388-8067-E92F66E9C7CF} - System32\Tasks\MySQL\Installer\ManifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLInstallerConsole.exe [70016 2019-05-14] (Oracle America, Inc. -> Oracle Corporation) Task: {CEB07199-4B4D-42AF-8734-D491FA19CE84} - System32\Tasks\MySQLNotifierTask => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySQLNotifier.exe [754176 2016-07-29] (Oracle Corporation) [File not signed] Task: {D0671856-6416-4154-9D86-53124C5CACB1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-09-16] (Microsoft Corporation -> Microsoft Corporation) Task: {D9F9566B-E3A7-45D2-9EE0-2FA6C98AEB9A} - System32\Tasks\Opera scheduled Autoupdate 1572432817 => C:\Users\ron\AppData\Local\Programs\Opera\launcher.exe [1529880 2020-09-15] (Opera Software AS -> Opera Software) Task: {E1B3B7E4-058A-49F5-A6C9-316DE98EF023} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-09-16] (Microsoft Corporation -> Microsoft Corporation) Task: {F50F9C5A-8AB7-403A-AEC2-E4D19BF05AAA} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.) Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.50.1 Tcpip\..\Interfaces\{68584B7A-0386-43A8-9926-8CFF586B4014}: [DhcpNameServer] 192.168.50.1 Tcpip\..\Interfaces\{76CC638A-02B0-4AF7-848E-FEF893671806}: [DhcpNameServer] 194.168.4.100 194.168.8.100 Edge: ====== Edge DefaultProfile: Default Edge Profile: C:\Users\ron\AppData\Local\Microsoft\Edge\User Data\Default [2020-08-14] FireFox: ======== FF DefaultProfile: ny746aeo.default FF ProfilePath: C:\Users\ron\AppData\Roaming\Mozilla\Firefox\Profiles\ny746aeo.default [2020-01-15] FF ProfilePath: C:\Users\ron\AppData\Roaming\Mozilla\Firefox\Profiles\9tp68gj4.default-release [2020-10-02] FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2015-10-29] (CANON INC.) [File not signed] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-19] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-19] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2017-09-16] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-09-05] (NVIDIA Corporation -> NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-09-05] (NVIDIA Corporation -> NVIDIA Corporation) FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN) FF Plugin-x32: PDFsam Enhanced 4 -> C:\Program Files (x86)\PDFsam Enhanced 4\np-previewer.dll [2017-08-02] (ANDREA VACONDIO -> Andrea Vacondio) Chrome: ======= CHR Profile: C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default [2020-10-02] CHR Notifications: Default -> hxxps://alison.com; hxxps://app.chime.aws; hxxps://app.slack.com; hxxps://calendar.google.com; hxxps://conference.blockdownconf.com; hxxps://mail.google.com; hxxps://meet.google.com; hxxps://support.cloud.google.com; hxxps://www.datacamp.com; hxxps://www.facebook.com; hxxps://www.headmasters.com; hxxps://www.monsterinsights.com; hxxps://www.simplilearn.com CHR HomePage: Default -> hxxp://www.holasearch.com/?affID=121962&tt=gc_&babsrc=HP_ss&mntrId=86603085A98CE5FE CHR StartupUrls: Default -> "hxxp://www.google.co.uk/","hxxps://mail.google.com/","hxxp://www.deezer.com/playlist/1290162447" CHR Extension: (Google Translate) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-03-18] CHR Extension: (Slides) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (Postman Interceptor) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aicmkgpgakddgnaphhhpliifpcfhicfo [2020-05-20] CHR Extension: (Docs) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Google Drive) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-25] CHR Extension: (YouTube) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-16] CHR Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2020-09-15] CHR Extension: (Sheets) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (Postman) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2020-07-02] CHR Extension: (EditThisCookie) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2018-11-30] CHR Extension: (Google Docs Offline) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-09-12] CHR Extension: (AdBlock — best ad blocker) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-09-25] CHR Extension: (Home) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomhhejmlbhdpfjbpgemagmcckjhajgg [2018-05-04] CHR Extension: (Pinterest Save Button) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2020-10-02] CHR Extension: (Grammarly for Chrome) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-10-02] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-10-08] CHR Extension: (Chrome Web Store Payments) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-08] CHR Extension: (Gmail) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30] CHR Extension: (Chrome Media Router) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-09-13] CHR Extension: (HappyPath) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhcklacellfncndpbedjbdbmligjfcn [2017-09-16] CHR Profile: C:\Users\ron\AppData\Local\Google\Chrome\User Data\System Profile [2019-07-20] CHR HKU\S-1-5-21-233570897-2198283788-2588358591-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-04-29] (Apple Inc. -> Apple Inc.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3052944 2020-07-14] (Microsoft Corporation -> Microsoft Corporation) R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-08-25] (Foxit Software Incorporated -> Foxit Software Inc.) S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed] R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2015-02-05] (Microsoft Corporation -> Microsoft Corporation) R2 KiteService; C:\Program Files\Kite\KiteService.exe [141936 2020-09-22] (Manhattan Engineering Incorporated -> Kite) S2 MySQL80; C:\Program Files\MySQL\MySQL Server 8.0\bin\mysqld.exe [46693696 2019-04-13] (Oracle America, Inc. -> ) S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [24192 2018-03-06] (OpenVPN Technologies, Inc. -> ) R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [74712 2019-02-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S3 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [74712 2019-02-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S3 PDFsam Enhanced 4; C:\Program Files\PDFsam Enhanced 4\ws.exe [2005744 2017-08-02] (ANDREA VACONDIO -> Andrea Vacondio) R2 PDFsam Enhanced 4 Creator; C:\Program Files\PDFsam Enhanced 4\creator-ws.exe [757496 2017-08-02] (ANDREA VACONDIO -> Andrea Vacondio) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [493544 2018-12-21] (Sony Imaging Products & Solutions Inc. -> Sony Corporation) R2 postgresql-x64-12; C:\Program Files\PostgreSQL\12\bin\pg_ctl.exe [116736 2020-04-24] (PostgreSQL Global Development Group) [File not signed] R2 RealtekWlanU; C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe [48856 2014-05-19] (Realtek Semiconductor Corp -> Realtek) S2 RTLDHCPService; C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RTLDHCP.exe [262360 2014-04-23] (Realtek Semiconductor Corp -> Realtek) R2 RunSwUSB; C:\Windows\runSW.exe [44760 2014-12-12] (Realtek Semiconductor Corp -> ) S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed] S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation -> Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-09-16] (Microsoft Corporation -> Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-09-16] (Microsoft Corporation -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 cmudaxp; C:\WINDOWS\system32\drivers\cmudaxp.sys [2734080 2014-12-28] (C-MEDIA ELECTRONICS INC. -> C-Media Inc) S3 Netaapl; C:\WINDOWS\system32\DRIVERS\netaapl64.sys [23040 2015-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.) R3 NVHDA; C:\WINDOWS\system32\drivers\nvhda64v.sys [218968 2018-09-17] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation) S3 RtlWlanu; C:\WINDOWS\system32\DRIVERS\rtwlanu.sys [3860224 2015-08-05] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) S3 SensorsSimulatorDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [226304 2014-11-22] (Microsoft Windows -> Microsoft Corporation) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166752 2019-07-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 tap0901; C:\WINDOWS\system32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-09-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-09-16] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-09-16] (Microsoft Windows -> Microsoft Corporation) S3 ALSysIO; \??\C:\Users\ron\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-10-02 13:41 - 2020-10-02 13:42 - 000000000 ____D C:\FRST 2020-09-25 15:02 - 2020-09-25 15:02 - 000000072 _____ C:\Users\ron\Untitled9.ipynb 2020-09-25 00:37 - 2020-09-25 00:37 - 000026895 _____ C:\Users\ron\Downloads\2020_07_GCP (1).pdf 2020-09-24 23:44 - 2020-09-24 23:44 - 000131276 _____ C:\Users\ron\Downloads\2020_07_to_08.pdf 2020-09-24 14:33 - 2020-09-24 14:33 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2020-09-19 22:27 - 2020-09-24 22:36 - 000000000 ____D C:\Program Files\Mozilla Firefox 2020-09-16 09:45 - 2020-09-16 09:45 - 000000000 ____D C:\Users\ron\AppData\Local\ownCloud 2020-09-11 12:05 - 2020-09-29 22:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2020-09-09 10:30 - 2020-09-02 06:52 - 003332608 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2020-09-09 10:30 - 2020-09-02 06:25 - 003641344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2020-09-09 10:30 - 2020-08-29 03:41 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2020-09-09 10:30 - 2020-08-27 06:04 - 004169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2020-09-09 10:30 - 2020-08-20 21:54 - 022382424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2020-09-09 10:30 - 2020-08-20 21:51 - 019805104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2020-09-09 10:30 - 2020-08-15 08:22 - 001370680 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2020-09-09 10:30 - 2020-08-15 08:18 - 007363328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2020-09-09 10:30 - 2020-08-15 08:18 - 002012928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2020-09-09 10:30 - 2020-08-15 08:18 - 000373512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2020-09-09 10:30 - 2020-08-15 06:11 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll 2020-09-09 10:30 - 2020-08-15 05:43 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2020-09-09 10:30 - 2020-08-15 05:39 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll 2020-09-09 10:30 - 2020-08-15 05:33 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOVER.exe 2020-09-09 10:30 - 2020-08-15 05:23 - 001993728 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2020-09-09 10:30 - 2020-08-15 05:17 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFS.exe 2020-09-09 10:30 - 2020-08-15 05:17 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2020-09-09 10:30 - 2020-08-15 05:14 - 001442304 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2020-09-09 10:30 - 2020-08-15 05:14 - 001383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2020-09-09 10:30 - 2020-08-15 05:12 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll 2020-09-09 10:30 - 2020-08-15 05:12 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll 2020-09-09 10:30 - 2020-08-15 05:11 - 000269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll 2020-09-09 10:30 - 2020-08-15 05:11 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll 2020-09-09 10:30 - 2020-08-15 05:04 - 001757184 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2020-09-09 10:30 - 2020-08-15 05:02 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll 2020-09-09 10:30 - 2020-08-15 04:59 - 001088512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2020-09-09 10:30 - 2020-08-15 04:57 - 001559040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2020-09-09 10:30 - 2020-08-15 04:55 - 000292352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll 2020-09-09 10:30 - 2020-08-15 04:55 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll 2020-09-09 10:30 - 2020-08-15 04:55 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll 2020-09-09 10:30 - 2020-08-15 04:55 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll 2020-09-09 10:30 - 2020-08-15 04:50 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2020-09-09 10:30 - 2020-08-13 06:25 - 001308256 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2020-09-09 10:30 - 2020-08-13 06:24 - 000355576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys 2020-09-09 10:30 - 2020-08-13 05:41 - 025756672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2020-09-09 10:30 - 2020-08-13 05:17 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2020-09-09 10:30 - 2020-08-13 05:06 - 020291072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2020-09-09 10:30 - 2020-08-13 05:06 - 005500416 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2020-09-09 10:30 - 2020-08-13 05:06 - 000785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2020-09-09 10:30 - 2020-08-13 04:50 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2020-09-09 10:30 - 2020-08-13 04:40 - 000653824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2020-09-09 10:30 - 2020-08-13 04:37 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2020-09-09 10:30 - 2020-08-13 04:30 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2020-09-09 10:30 - 2020-08-13 04:29 - 015480320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2020-09-09 10:30 - 2020-08-13 04:26 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtutils.dll 2020-09-09 10:30 - 2020-08-13 04:20 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2020-09-09 10:30 - 2020-08-13 04:18 - 004112384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2020-09-09 10:30 - 2020-08-13 04:16 - 004859392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2020-09-09 10:30 - 2020-08-13 04:15 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2020-09-09 10:30 - 2020-08-13 04:15 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2020-09-09 10:30 - 2020-08-13 04:12 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtutils.dll 2020-09-09 10:30 - 2020-08-13 04:11 - 013862400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2020-09-09 10:30 - 2020-08-13 04:04 - 001566720 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2020-09-09 10:30 - 2020-08-13 03:57 - 004387840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2020-09-09 10:30 - 2020-08-13 03:54 - 000801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2020-09-09 10:30 - 2020-08-13 03:53 - 001341952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2020-09-09 10:30 - 2020-08-13 03:52 - 000710656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2020-09-09 10:30 - 2020-08-11 07:19 - 000136824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2020-09-09 10:30 - 2020-08-11 07:17 - 000537632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2020-09-09 10:30 - 2020-08-11 07:16 - 001210112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL 2020-09-09 10:30 - 2020-08-11 07:16 - 000376072 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2020-09-09 10:30 - 2020-08-11 07:12 - 002173376 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2020-09-09 10:30 - 2020-08-11 07:12 - 001665104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2020-09-09 10:30 - 2020-08-11 05:33 - 001037600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL 2020-09-09 10:30 - 2020-08-11 05:33 - 000450312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2020-09-09 10:30 - 2020-08-11 05:33 - 000317176 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2020-09-09 10:30 - 2020-08-11 05:31 - 001561296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2020-09-09 10:30 - 2020-08-11 05:31 - 001215736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2020-09-09 10:30 - 2020-08-11 04:30 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll 2020-09-09 10:30 - 2020-08-11 04:03 - 000367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll 2020-09-09 10:30 - 2020-08-11 04:03 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdSSDP.dll 2020-09-09 10:30 - 2020-08-11 04:00 - 003720192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2020-09-09 10:30 - 2020-08-11 03:57 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll 2020-09-09 10:30 - 2020-08-11 03:56 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWSD.dll 2020-09-09 10:30 - 2020-08-11 03:55 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll 2020-09-09 10:30 - 2020-08-11 03:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdSSDP.dll 2020-09-09 10:30 - 2020-08-11 03:44 - 001099264 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2020-09-09 10:30 - 2020-08-11 03:44 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnphost.dll 2020-09-09 10:30 - 2020-08-11 03:41 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWSD.dll 2020-09-09 10:30 - 2020-08-11 03:32 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnphost.dll 2020-09-09 10:30 - 2020-08-11 01:44 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll 2020-09-09 10:30 - 2020-08-10 10:18 - 000160144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2020-09-09 10:30 - 2020-08-10 01:04 - 003223552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2020-09-09 10:30 - 2020-08-10 01:04 - 001998848 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2020-09-09 10:30 - 2020-08-10 01:04 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2020-09-09 10:30 - 2020-08-10 01:04 - 000700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll 2020-09-09 10:30 - 2020-08-10 01:04 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2020-09-09 10:30 - 2020-08-10 01:04 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2020-09-09 10:30 - 2020-08-10 01:04 - 000577536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2020-09-09 10:30 - 2020-08-10 01:04 - 000475136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2020-09-09 10:30 - 2020-08-10 01:04 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2020-09-09 10:30 - 2020-08-08 14:43 - 001545912 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2020-09-09 10:30 - 2020-08-06 14:37 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2020-09-09 10:30 - 2020-08-06 14:35 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2020-09-07 12:53 - 2020-09-07 12:53 - 000002018 _____ C:\Users\ron\Downloads\invite.ics 2020-09-02 12:42 - 2020-09-02 12:42 - 000000000 ____D C:\Users\ron\.ssh ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-10-02 13:28 - 2018-05-05 00:43 - 000000000 ____D C:\Users\ron\AppData\Local\Sync.Logs 2020-10-02 12:58 - 2017-09-15 19:18 - 000003598 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-233570897-2198283788-2588358591-1001 2020-10-02 12:45 - 2017-09-15 19:27 - 000000000 ____D C:\ProgramData\NVIDIA 2020-10-02 12:42 - 2020-07-02 12:15 - 000002243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2020-10-02 12:42 - 2020-07-02 12:15 - 000002202 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2020-10-02 12:42 - 2020-07-02 12:15 - 000002202 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk 2020-10-02 12:42 - 2017-09-16 13:53 - 000003914 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{53E789E7-A7B5-4F94-960F-DE25B549729B} 2020-10-01 12:46 - 2019-01-24 14:39 - 000000000 ____D C:\Users\ron\AppData\Local\ClassicShell 2020-09-30 10:47 - 2019-08-16 09:35 - 000000000 ____D C:\Users\ron\AppData\Roaming\deezer-desktop 2020-09-30 10:17 - 2020-02-21 16:38 - 000004262 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1582299511 2020-09-26 01:14 - 2018-10-13 10:13 - 000000000 ____D C:\Users\ron\AppData\Roaming\jupyter 2020-09-25 22:47 - 2017-10-08 20:10 - 000002016 _____ C:\Users\Public\Desktop\Google Slides.lnk 2020-09-25 22:47 - 2017-10-08 20:10 - 000002016 _____ C:\ProgramData\Desktop\Google Slides.lnk 2020-09-25 22:47 - 2017-10-08 20:10 - 000002014 _____ C:\Users\Public\Desktop\Google Sheets.lnk 2020-09-25 22:47 - 2017-10-08 20:10 - 000002014 _____ C:\ProgramData\Desktop\Google Sheets.lnk 2020-09-25 22:47 - 2017-10-08 20:10 - 000002004 _____ C:\Users\Public\Desktop\Google Docs.lnk 2020-09-25 22:47 - 2017-10-08 20:10 - 000002004 _____ C:\ProgramData\Desktop\Google Docs.lnk 2020-09-25 22:47 - 2017-10-08 20:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google 2020-09-25 15:02 - 2018-10-13 10:14 - 000000000 ____D C:\Users\ron\.ipynb_checkpoints 2020-09-25 15:02 - 2017-09-16 13:43 - 000000000 ____D C:\Users\ron 2020-09-25 00:15 - 2017-10-08 19:53 - 002369024 ___SH C:\Users\ron\Documents\Thumbs.db 2020-09-25 00:12 - 2018-02-15 00:47 - 000000000 ___HD C:\Users\ron\Documents\.tmp.drivedownload 2020-09-24 23:32 - 2017-10-04 13:29 - 000210944 _____ C:\Users\ron\AppData\Local\WebpageIcons.db 2020-09-24 14:33 - 2020-01-15 23:22 - 000000948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2020-09-24 14:33 - 2020-01-15 23:22 - 000000000 ____D C:\Users\ron\AppData\LocalLow\Mozilla 2020-09-24 14:33 - 2020-01-15 23:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2020-09-24 14:01 - 2014-11-22 02:01 - 000958820 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2020-09-24 14:01 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf 2020-09-24 13:57 - 2019-05-24 14:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2020-09-24 13:56 - 2020-01-21 03:05 - 000000000 ____D C:\Users\ron\AppData\Roaming\ownCloud 2020-09-24 13:56 - 2018-05-04 09:40 - 000000000 __RDO C:\Users\ron\OneDrive 2020-09-24 13:55 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-09-24 13:25 - 2019-08-01 11:40 - 000000000 ____D C:\Users\ron\AppData\Roaming\Slack 2020-09-24 09:42 - 2017-09-16 13:55 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-09-24 09:42 - 2017-09-16 13:55 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2020-09-24 09:42 - 2017-09-16 13:55 - 000002203 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2020-09-22 21:45 - 2020-06-05 21:48 - 000000000 ____D C:\Program Files\Kite 2020-09-21 12:01 - 2020-05-14 21:54 - 000000000 ____D C:\Users\ron\AppData\Roaming\Atom 2020-09-21 12:01 - 2020-05-14 21:54 - 000000000 ____D C:\Users\ron\.atom 2020-09-19 09:21 - 2019-10-30 11:53 - 000004032 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1572432817 2020-09-19 09:21 - 2019-10-30 11:53 - 000001371 _____ C:\Users\ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk 2020-09-18 14:04 - 2019-02-18 13:01 - 000000000 ____D C:\Users\ron\AppData\Local\CrashDumps 2020-09-17 12:56 - 2013-08-22 16:36 - 000000000 ___HD C:\Program Files\WindowsApps 2020-09-17 12:56 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\AppReadiness 2020-09-16 10:51 - 2019-04-28 19:05 - 000017408 ___SH C:\Users\ron\Desktop\Thumbs.db 2020-09-16 10:46 - 2020-05-24 04:15 - 000000000 ____D C:\Users\ron\AppData\Roaming\Signal 2020-09-16 10:41 - 2020-06-02 12:13 - 000000000 ____D C:\Users\ron\AppData\Roaming\Typora 2020-09-16 10:18 - 2017-09-15 19:12 - 000000000 ____D C:\Users\ron\AppData\Local\Packages 2020-09-16 09:46 - 2020-07-10 17:12 - 000000000 ___SD C:\Users\ron\ownCloud 2020-09-16 09:46 - 2020-06-02 11:54 - 000000000 ___SD C:\Users\ron\mesonomics 2020-09-16 09:46 - 2019-09-28 15:05 - 000000000 ____D C:\Users\ron\AppData\Local\PasswordSafe 2020-09-16 09:45 - 2013-08-22 14:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI 2020-09-15 12:39 - 2020-06-18 12:07 - 000000000 ____D C:\Users\ron\AppData\Roaming\obs-studio 2020-09-15 01:02 - 2018-09-25 07:00 - 000078336 ___SH C:\Users\ron\Downloads\Thumbs.db 2020-09-14 23:01 - 2020-06-18 12:45 - 000000000 ____D C:\Users\ron\AppData\Roaming\vlc 2020-09-14 22:23 - 2020-06-18 12:59 - 000000000 ____D C:\ProgramData\Wondershare Filmora Scrn 2020-09-14 18:15 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\NDF 2020-09-14 17:53 - 2017-10-04 13:29 - 000000000 ____D C:\Users\ron\AppData\Local\RStudio-Desktop 2020-09-14 14:08 - 2018-04-24 22:08 - 000000000 ___HD C:\Users\ron\Desktop\.tmp.drivedownload 2020-09-14 13:53 - 2019-11-07 07:43 - 000000000 ____D C:\Users\ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc 2020-09-14 13:53 - 2019-08-09 13:19 - 000000000 ____D C:\Users\ron\AppData\Local\slack 2020-09-14 13:53 - 2019-08-01 11:40 - 000002159 _____ C:\Users\ron\Desktop\Slack.lnk 2020-09-14 13:53 - 2019-08-01 11:40 - 000000000 ____D C:\Users\ron\AppData\Local\SquirrelTemp 2020-09-13 00:06 - 2020-09-01 11:38 - 000001221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2020-09-12 23:15 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\rescache 2020-09-12 22:54 - 2013-08-22 15:44 - 000400056 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2020-09-12 22:52 - 2017-09-19 22:37 - 000000000 ____D C:\WINDOWS\system32\appraiser 2020-09-12 22:52 - 2014-11-22 06:25 - 000000000 ___SD C:\WINDOWS\system32\CompatTel 2020-09-12 22:52 - 2013-08-22 16:36 - 000000000 ___RD C:\WINDOWS\ToastData 2020-09-12 22:51 - 2019-01-24 14:32 - 000000000 ____D C:\Users\ron\AppData\Roaming\glogg 2020-09-12 22:37 - 2020-05-24 04:15 - 000002470 _____ C:\Users\ron\Desktop\Signal.lnk 2020-09-11 00:35 - 2019-01-07 12:47 - 000002329 _____ C:\Users\ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk 2020-09-11 00:35 - 2017-09-17 20:40 - 000003168 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-233570897-2198283788-2588358591-1001 2020-09-09 14:24 - 2020-05-14 21:54 - 000002139 _____ C:\Users\ron\Desktop\Atom.lnk 2020-09-09 14:24 - 2020-05-14 21:54 - 000000000 ____D C:\Users\ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc 2020-09-09 14:24 - 2020-05-14 21:53 - 000000000 ____D C:\Users\ron\AppData\Local\atom 2020-09-09 11:52 - 2012-07-26 08:59 - 000000000 ____D C:\WINDOWS\CbsTemp 2020-09-09 11:50 - 2017-09-15 20:40 - 000000000 ____D C:\WINDOWS\system32\MRT 2020-09-09 11:40 - 2017-09-15 20:40 - 129170736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe ==================== Files in the root of some directories ======== 2020-04-04 16:46 - 2020-04-04 16:46 - 000000000 _____ () C:\Users\ron\.mongorc.js 2020-05-04 16:29 - 2020-05-04 16:29 - 017761912 _____ (EnterpriseDB) C:\Users\ron\edb_psqlodbc.exe 2020-05-04 16:29 - 2020-05-04 16:29 - 175035688 _____ (PostgreSQL Global Development Group) C:\Users\ron\postgresql_96.exe 2020-08-30 14:44 - 2020-08-30 14:45 - 000000000 ____D () C:\Users\ron\reveal.js 2020-06-08 12:46 - 2020-09-18 14:04 - 000000000 _____ () C:\Users\ron\AppData\Roaming\git-cola.launch.pyw.log 2018-04-12 09:50 - 2020-07-20 16:04 - 000000600 _____ () C:\Users\ron\AppData\Local\PUTTY.RND 2018-05-05 00:42 - 2018-05-05 00:42 - 015750144 _____ () C:\Users\ron\AppData\Local\Sync-1525477359.msi 2018-05-05 00:42 - 2018-05-05 00:43 - 000188154 _____ () C:\Users\ron\AppData\Local\Sync-1525477359.msi.log 2017-10-04 13:29 - 2020-09-24 23:32 - 000210944 _____ () C:\Users\ron\AppData\Local\WebpageIcons.db 2019-09-06 10:53 - 2019-09-06 10:53 - 000000000 _____ () C:\Users\ron\AppData\Local\{B5FBF800-A313-42EC-9DE2-26EAC6AE9D30} ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) LastRegBack: 2020-09-29 22:09 ==================== End of FRST.txt ========================