Possible malicious PowerShell scripts? - Virus, Trojan, Spyware, and Malware Removal Help .

PowerShell Coding

59 Views

        

I'm concerned there is something going on with Powershell and maybe fcon.exe. I enabled powershell event logging and I'm seeing several Warning 4104 events - more in the last few weeks than at any point prior. The fcon.exe file I found (can't remember where specifically) in the registry and when I googled it, it didn't have much information but led me to CrowdStrike - the only thing weird about this is that CrowdStrike is something my employer uses. The problem is that this is my personal PC where I do not access any work systems. Not sure if that's even possible for them to do, but it's a weird connection. Should I post the powershell scripts?

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2022
Ran by Jody (administrator) on DESKTOP-B1155F1 (Dell Inc. XPS 8940) (02-03-2022 09:36:43)
Running from C:\Users\Jody\Downloads
Loaded Profiles: Jody & SQLTELEMETRY & MSSQLSERVER
Platform: Microsoft Windows 10 Home Version 20H2 19042.1526 (X64) Language: English (United States)
Default browser: Brave
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(cmd.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\browserhost.exe
(drivers\RivetNetworks\Killer\KAPSService.exe ->) (Rivet Networks LLC -> Rivet Networks LLC) C:\Windows\System32\drivers\RivetNetworks\Killer\KAPS.exe
(drivers\RivetNetworks\Killer\KNDBWMService.exe ->) (Rivet Networks LLC -> Intel Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWM.exe
(drivers\RivetNetworks\Killer\xTendUtilityService.exe ->) (Rivet Networks LLC -> Rivet Networks LLC) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtility.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxEM.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(explorer.exe ->) (Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <30>
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\regedit.exe
(explorer.exe ->) (Proton Technologies AG -> ) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_e99a314c3593d5e7\WavesSvc64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(RuntimeBroker.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.12605.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Dell Inc -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_2ca0a47853f51398\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e0880bf48916d210\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e0880bf48916d210\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_7aa6ca9dbb25bff8\jhi_service.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_68966115f2eef4e5\RstMwService.exe
(services.exe ->) (Logitech Inc -> Logitech) C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlceip.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvdd.inf_amd64_7fcb7d617b36a1bd\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe
(services.exe ->) (Proton Technologies AG -> ) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe
(services.exe ->) (Proton Technologies AG -> ) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.WireGuardService.exe
(services.exe ->) (Proton Technologies AG -> ) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_a1020546271138b9\RtkAudUService64.exe <3>
(services.exe ->) (Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe
(services.exe ->) (Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(services.exe ->) (Rivet Networks LLC -> Rivet Networks, LLC.) C:\Windows\System32\drivers\RivetNetworks\Killer\KAPSService.exe
(services.exe ->) (Rivet Networks LLC -> Rivet Networks, LLC.) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe
(services.exe ->) (Rivet Networks LLC -> Rivet Networks, LLC.) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe
(services.exe ->) (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\IAS\IntelAudioService.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_e99a314c3593d5e7\WavesSysSvc64.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.12605.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_4.2.2.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.2008.2277.0_x64__8wekyb3d8bbwe\ScreenSketch.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_a1020546271138b9\RtkAudUService64.exe [1343072 2021-08-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_e99a314c3593d5e7\WavesSvc64.exe [4175056 2021-06-19] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2014-07-30] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [779440 2021-04-15] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-03-25] (Adobe Inc. -> )
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5819104 2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-06-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\Jody\AppData\Local\Microsoft\Teams\Update.exe [2453728 2021-04-12] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (No File)
HKU\S-1-5-21-495011604-739877659-3503502076-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Jody\AppData\Local\Microsoft\Teams\Update.exe [2453728 2021-04-12] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-495011604-739877659-3503502076-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5407968 2021-12-24] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-495011604-739877659-3503502076-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5407968 2021-12-24] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-495011604-739877659-3503502076-1001\...\Run: [ProtonVPN] => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe [7908968 2022-02-03] (Proton Technologies AG -> )
HKU\S-1-5-21-495011604-739877659-3503502076-1001\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\Microsoft SQL Server Management Studio 18\Common7\IDE\Ssms.exe [698808 2021-10-01] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-495011604-739877659-3503502076-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Microsoft SQL Server Management Studio 18\Common7\IDE\Ssms.exe [698808 2021-10-01] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-495011604-739877659-3503502076-1001\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Microsoft SQL Server Management Studio 18\Common7\IDE\Ssms.exe [698808 2021-10-01] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-495011604-739877659-3503502076-1001\...\RunOnce: [Application Restart #1] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [2471880 2022-02-16] (Brave Software, Inc. -> Brave Software, Inc.)
HKU\S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe /background /setautostart (No File)
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe /background /setautostart (No File)
HKLM\...\Windows x64\Print Processors\Canon MX490 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCK.DLL [30208 2014-09-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [203936 2021-12-24] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX490 series: C:\Windows\system32\CNCALCK.DLL [303104 2014-09-22] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX490 series: C:\Windows\system32\CNMLMCK.DLL [406528 2014-09-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [375296 2014-08-06] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\98.0.4758.102\Installer\chrmstp.exe [2022-02-16] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\98.1.35.103\Installer\chrmstp.exe [2022-02-16] (Brave Software, Inc. -> Brave Software, Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00B2551D-DEAE-44AD-A969-9C53A046A554} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1060384 2021-11-15] (Dell Inc -> Dell Inc.)
Task: {19A735AF-98C0-4049-8FB4-DAC2B4CDAAFA} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1E13D8DA-73B9-4628-A466-6A0FBAAA2F21} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2022-02-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {1ED900C9-9C6F-4B93-9F76-8B8B80D3560A} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {320B59E5-5277-4889-8E7A-BE87D74C2AC6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22880136 2022-02-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {32F9F673-BD03-4DAC-8020-38D1FD731733} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [1145 2021-03-24] () [File not signed]
Task: {4D744621-5325-459D-B7D2-F9F592C051CD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8573352 2022-01-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {622AC08F-423C-4FA7-9E29-AD745EBB680C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3293168 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {67AC7B1E-E1E6-4031-B6D5-AD350CF7B35F} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer.6781075db7ef4f24af233fb705ab615f\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe (No File)
Task: {6D41EB2C-F332-478D-8079-4A03FDEE8C0C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7B130B22-6CED-4C6B-A5AC-ECE41955DB9D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {7E3FE61A-4345-4D69-A548-EAE4B84DD65D} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [850928 2020-03-18] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {92907FA0-B3AC-4C7A-AE80-B89DA2B6208D} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-03-09] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {969534DD-0452-4B07-BD95-4DA058D3D25A} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9C0839D2-0A2E-447E-9A03-7793BA1CE1FA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22880136 2022-02-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {9E55C7D4-4626-4CB8-9427-4173570E6DCA} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A653CA67-B760-49B8-A153-A63747C2C8EE} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AA4FFEB2-E6DC-442C-827F-A113602949FC} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {C555AF8E-C74C-47D1-81B3-1F07E77F6C22} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler => C:\Program Files\RUXIM\PLUGscheduler.exe [369512 2022-01-12] (Microsoft Windows -> Microsoft Corporation)
Task: {C9847BAE-9490-4D4E-B37F-7973CD36A5FA} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-03-09] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {D02EC8C4-A63C-4FC1-A615-59AF70DAA873} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8573352 2022-01-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {DB68CD70-17D9-42F0-AA32-BC4CA8DFABF5} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [850928 2020-03-18] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {DFE1F9EC-EE0C-4D8C-82E9-866F5066AB10} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E8FAA0B9-1FF9-4EA0-BB5D-739E9167B0D4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-03-09] (Google LLC -> Google LLC)
Task: {ED86E20F-D77F-4C8B-BE63-F5261B598F5E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-03-09] (Google LLC -> Google LLC)
Task: {FA139841-3140-48BB-B357-DBDC12797553} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2022-02-26] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{1094143b-f062-408e-9dd7-498d3a68afdf}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{eab2262d-9ab1-5975-7d92-334d06f4972b}: [NameServer] 10.2.0.1
Edge DefaultProfile: Default
Edge Profile: C:\Users\Jody\AppData\Local\Microsoft\Edge\User Data\Default [2022-02-26]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Jody\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-02-21]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-03-05]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @java.com/DTPlugin,version=11.301.2 -> C:\Program Files\Java\jre1.8.0_301\bin\dtplugin\npDeployJava1.dll [2021-08-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.301.2 -> C:\Program Files\Java\jre1.8.0_301\bin\plugin2\npjp2.dll [2021-08-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-01-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-04-15] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2019-07-02] (CANON INC.) [File not signed]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-10-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-10-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-04-15] (Adobe Inc. -> Adobe Systems)
CHR Profile: C:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default [2022-03-01]
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Extension: (Slides) - C:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-03-09]
CHR Extension: (Metadata Browser for Dynamics 365/Power Apps) - C:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahbljnhlfdbecefhilipmpnlfldnplpb [2021-06-12]
CHR Extension: (Docs) - C:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-03-09]
CHR Extension: (Google Drive) - C:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-03-09]
CHR Extension: (DuckDuckGo) - C:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2022-03-01]
CHR Extension: (YouTube) - C:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-09]
CHR Extension: (True Key™ by McAfee) - C:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpaibbcbodhimfnjnakiidgbpiehfgci [2022-01-11]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-02-26]
CHR Extension: (Sheets) - C:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-03-09]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-02-26]
CHR Extension: (Google Docs Offline) - C:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-02-21]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-02-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-09]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2021-08-24]
CHR Extension: (Gmail) - C:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-03-09]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
BRA Profile: C:\Users\Jody\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-03-02]
BRA Notifications: Default -> hxxps://mail.protonmail.com; hxxps://messages.google.com
BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=brave
BRA DefaultSearchKeyword: Default -> :d
BRA DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
BRA Extension: (Google Translate) - C:\Users\Jody\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-02-10]
BRA Extension: (DuckDuckGo) - C:\Users\Jody\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2022-02-28]
BRA Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Jody\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-02-26]
BRA Extension: (McAfee® WebAdvisor) - C:\Users\Jody\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-02-26]
BRA Extension: (Malwarebytes Browser Guard) - C:\Users\Jody\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-02-26]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Jody\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-03-02]
BRA Extension: (Brave NTP background images) - C:\Users\Jody\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2021-12-16]
BRA Extension: (Wallet Data Files Updater) - C:\Users\Jody\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2022-02-26]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Jody\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-03-02]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Jody\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2022-03-02]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\Jody\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-09-16]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Jody\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-03-02]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [842416 2021-04-15] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3849472 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3617024 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AzureAttestService; C:\Program Files\Microsoft\AzureAttestService\AzureAttestService.dll [151288 2019-07-24] (Microsoft Windows -> Microsoft Corporation)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-03-09] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-03-09] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12124536 2022-01-31] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [436256 2021-09-29] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3847712 2021-09-29] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [462880 2021-09-29] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [50888 2021-06-24] (Dell Inc -> )
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe [1024680 2021-09-01] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [19128 2021-09-29] (Dell Inc -> Dell INC.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38600 2021-11-11] (Dell Inc -> )
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2014-05-15] (Canon Inc. -> )
R3 KAPSService; C:\Windows\System32\drivers\RivetNetworks\Killer\KAPSService.exe [73496 2021-05-25] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 Killer Analytics Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [2360616 2021-05-25] (Rivet Networks LLC -> Rivet Networks)
R2 Killer Network Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2756896 2021-05-25] (Rivet Networks LLC -> Rivet Networks)
R3 KNDBWM; C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe [73488 2021-05-25] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7997112 2022-02-26] (Malwarebytes Inc -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [971912 2022-02-10] (McAfee, LLC -> McAfee, LLC)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [626280 2019-09-24] (Microsoft Corporation -> Microsoft Corporation)
R2 nebula; C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [4490376 2020-09-18] (Logitech Inc -> Logitech)
R3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [119912 2022-02-03] (Proton Technologies AG -> )
R3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [65640 2022-02-03] (Proton Technologies AG -> )
R3 ProtonVPN WireGuard; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.WireGuardService.exe [50792 2022-02-03] (Proton Technologies AG -> )
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [695912 2019-09-24] (Microsoft Corporation -> Microsoft Corporation)
R2 SQLTELEMETRY; C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlceip.exe [290648 2019-09-24] (Microsoft Corporation -> Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39968 2021-11-15] (Dell Inc -> Dell Inc.)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 xTendSoftAPService; C:\Windows\System32\drivers\RivetNetworks\Killer\xTendSoftAPService.exe [74016 2021-05-25] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 xTendUtilityService; C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe [74024 2021-05-25] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvdd.inf_amd64_7fcb7d617b36a1bd\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvdd.inf_amd64_7fcb7d617b36a1bd\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2021-02-20] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 CyUcmClient_Device; C:\Windows\System32\drivers\CyUcmClient.sys [149864 2020-06-16] (Cypress Semiconductor Corporation -> Cypress Semiconductor Corporation)
R3 DDDriver; C:\Windows\System32\drivers\dddriver64Dcsa.sys [43400 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Dell Technologies)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [160176 2022-02-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 KfeCoSvc; C:\Windows\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [189336 2021-05-25] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [221096 2022-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2022-02-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [194480 2022-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [69040 2022-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2022-02-20] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [156792 2022-02-27] (Malwarebytes Inc -> Malwarebytes)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [71736 2021-08-30] (Insecure.Com LLC -> Insecure.Com LLC.)
S4 npcap_wifi; C:\Windows\system32\DRIVERS\npcap.sys [71736 2021-08-30] (Insecure.Com LLC -> Insecure.Com LLC.)
R3 ProtonVPNCallout; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win10\ProtonVPN.CalloutDriver.sys [34176 2021-05-28] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
S4 RsFx0600; C:\Windows\System32\DRIVERS\RsFx0600.sys [286976 2019-09-24] (Microsoft Corporation -> Microsoft Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [39920 2021-11-19] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 tapprotonvpn; C:\Windows\System32\drivers\tapprotonvpn.sys [49024 2021-05-28] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 USBPcap; C:\Windows\system32\DRIVERS\USBPcap.sys [52872 2020-05-22] (Tomasz Moń -> USBPcap)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 wintun; C:\Windows\system32\DRIVERS\wintun.sys [29680 2022-02-07] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
R3 WireGuard; C:\Windows\System32\drivers\wireguard.sys [489368 2022-02-07] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-03-02 09:36 - 2022-03-02 09:37 - 000040538 _____ C:\Users\Jody\Downloads\FRST.txt
2022-03-02 09:36 - 2022-03-02 09:36 - 000000000 ____D C:\FRST
2022-03-02 09:35 - 2022-03-02 09:35 - 002312192 _____ (Farbar) C:\Users\Jody\Downloads\FRST64.exe
2022-02-28 17:39 - 2022-02-28 17:39 - 000001232 _____ C:\Users\Public\Desktop\ProtonVPN.lnk
2022-02-28 17:39 - 2022-02-28 17:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProtonVPN
2022-02-28 13:31 - 2022-02-28 13:34 - 000000000 ____D C:\Users\Jody\AppData\Local\Deployment
2022-02-28 13:31 - 2022-02-28 13:33 - 000000000 ____D C:\Users\Jody\AppData\Roaming\Etwok
2022-02-28 13:31 - 2022-02-28 13:31 - 000274816 _____ (Etwok Inc.) C:\Users\Jody\Downloads\NetSpot.exe
2022-02-28 13:31 - 2022-02-28 13:31 - 000000316 _____ C:\Users\Jody\Desktop\NetSpot.appref-ms
2022-02-28 13:31 - 2022-02-28 13:31 - 000000000 ____D C:\Users\Jody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Etwok Inc
2022-02-28 13:31 - 2022-02-28 13:31 - 000000000 ____D C:\Users\Jody\AppData\Local\Apps\2.0
2022-02-27 18:20 - 2022-02-27 18:26 - 824134563 _____ C:\Users\Jody\Desktop\takeout-20220227T195724Z-001.zip
2022-02-27 00:07 - 2022-02-27 00:07 - 000194480 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2022-02-27 00:07 - 2022-02-27 00:07 - 000156792 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2022-02-27 00:07 - 2022-02-27 00:07 - 000069040 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2022-02-26 22:49 - 2022-02-26 22:49 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-02-26 22:27 - 2022-02-26 22:27 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\254294C5.sys
2022-02-26 22:10 - 2022-02-26 22:48 - 000000000 ____D C:\Users\Jody\Desktop\mbar
2022-02-26 22:10 - 2022-02-26 22:48 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2022-02-26 17:39 - 2022-02-26 17:39 - 000000000 ____D C:\Users\Jody\Documents\ps
2022-02-26 17:38 - 2022-03-01 13:14 - 000000258 __RSH C:\ProgramData\ntuser.pol
2022-02-26 16:56 - 2022-03-01 13:09 - 000000396 _____ C:\Users\Jody\Desktop\List.txt
2022-02-26 16:55 - 2022-02-26 16:56 - 000000509 _____ C:\Users\Jody\Desktop\Add Group Policy Editor to Windows 10 Home with PowerShell.zip
2022-02-26 11:46 - 2022-02-26 11:46 - 000000000 ___HD C:\ProgramData\CanonIJETV
2022-02-26 11:18 - 2022-02-26 11:18 - 000000911 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Angry IP Scanner.lnk
2022-02-26 11:18 - 2022-02-26 11:18 - 000000000 ____D C:\Users\Jody\.swt
2022-02-26 11:18 - 2022-02-26 11:18 - 000000000 ____D C:\Program Files\Angry IP Scanner
2022-02-24 08:40 - 2022-02-24 08:40 - 000000017 _____ C:\Users\Jody\AppData\Local\resmon.resmoncfg
2022-02-21 19:25 - 2022-02-27 00:16 - 000000000 ____D C:\Users\Jody\AppData\Roaming\Wireshark
2022-02-21 19:19 - 2022-02-21 19:20 - 000448034 _____ C:\Users\Jody\Desktop\An_Experimental_Analysis_of_Windows_Log_Events_Tri.pdf
2022-02-21 19:18 - 2022-02-21 19:18 - 000001829 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2022-02-21 19:05 - 2022-02-21 19:05 - 000000000 ____D C:\Program Files\USBPcap
2022-02-21 18:58 - 2022-02-21 18:58 - 000003460 _____ C:\Windows\system32\Tasks\npcapwatchdog
2022-02-21 18:58 - 2022-02-21 18:58 - 000000000 ____D C:\Windows\SysWOW64\Npcap
2022-02-21 18:58 - 2022-02-21 18:58 - 000000000 ____D C:\Windows\system32\Npcap
2022-02-21 18:57 - 2022-02-21 19:18 - 000000000 ____D C:\Program Files\Wireshark
2022-02-21 18:57 - 2022-02-21 18:58 - 000000000 ____D C:\Program Files\Npcap
2022-02-21 06:35 - 2022-02-21 06:35 - 000000000 ____D C:\Users\Jody\AppData\Local\ElevatedDiagnostics
2022-02-21 01:30 - 2022-02-21 01:30 - 000002486 _____ C:\Users\Jody\Desktop\Cricut Design Space.lnk
2022-02-20 22:36 - 2022-02-20 22:36 - 000000000 ____D C:\Windows\system32\Tasks\Agent Activation Runtime
2022-02-20 17:18 - 2022-02-20 17:18 - 000000000 ____D C:\Windows\system32\Tasks\Event Viewer Tasks
2022-02-20 07:52 - 2022-02-20 07:52 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2022-02-20 07:51 - 2022-02-20 11:44 - 000568016 _____ C:\Windows\ntbtlog.txt
2022-02-16 00:16 - 2022-02-16 19:45 - 000000000 ____D C:\Program Files\RUXIM
2022-02-10 11:35 - 2022-02-10 11:35 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2022-02-10 11:35 - 2022-02-10 11:35 - 000272384 _____ C:\Windows\system32\TpmTool.exe
2022-02-10 11:35 - 2022-02-10 11:35 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2022-02-10 11:35 - 2022-02-10 11:35 - 000162816 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2022-02-10 11:35 - 2022-02-10 11:35 - 000011813 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-02-10 11:30 - 2022-02-10 11:30 - 000000000 ___HD C:\$WinREAgent
2022-02-07 09:21 - 2022-02-07 09:21 - 000489368 _____ (WireGuard LLC) C:\Windows\system32\Drivers\wireguard.sys
2022-02-06 19:12 - 2022-02-26 22:49 - 000221096 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2022-02-06 19:12 - 2022-02-26 22:49 - 000002035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-02-06 19:12 - 2022-02-26 22:48 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-02-06 19:12 - 2022-02-26 22:48 - 000000000 ____D C:\Program Files\Malwarebytes
2022-02-06 19:12 - 2022-02-20 11:45 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2022-02-06 19:12 - 2022-02-06 19:12 - 000160176 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2022-02-06 19:12 - 2022-02-06 19:12 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2022-02-06 19:12 - 2022-02-06 19:12 - 000000000 ____D C:\Users\Jody\AppData\Local\mbam
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-03-02 08:56 - 2021-03-09 18:07 - 000000000 ____D C:\Program Files (x86)\Google
2022-03-02 07:32 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-03-02 07:03 - 2021-03-25 20:07 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2022-03-02 06:53 - 2021-03-04 22:51 - 000000000 ____D C:\ProgramData\NVIDIA
2022-03-02 06:51 - 2021-03-09 17:49 - 000000000 __SHD C:\Users\Jody\IntelGraphicsProfiles
2022-03-02 06:51 - 2021-02-20 16:09 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-03-02 06:51 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-03-02 06:51 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\AppReadiness
2022-03-02 05:52 - 2021-03-04 22:51 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery Services
2022-03-02 05:39 - 2021-02-20 16:19 - 001013234 _____ C:\Windows\system32\PerfStringBackup.INI
2022-03-02 05:39 - 2019-12-07 04:13 - 000000000 ____D C:\Windows\INF
2022-03-02 05:34 - 2021-03-04 22:45 - 000000000 ____D C:\Intel
2022-03-02 05:34 - 2021-02-20 16:10 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-03-02 05:34 - 2021-02-20 16:09 - 000008192 ___SH C:\DumpStack.log.tmp
2022-03-02 05:34 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\ServiceState
2022-03-01 13:20 - 2019-12-07 04:03 - 000000000 ____D C:\Windows\CbsTemp
2022-03-01 12:49 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\NDF
2022-03-01 12:08 - 2021-03-12 22:57 - 000000000 ____D C:\Users\Jody\AppData\Local\CrashDumps
2022-02-28 17:39 - 2021-08-18 10:30 - 000000000 ____D C:\Users\Jody\AppData\Roaming\Proton Technologies AG
2022-02-28 17:39 - 2021-08-18 10:30 - 000000000 ____D C:\Users\Jody\AppData\Local\ProtonVPN
2022-02-28 17:39 - 2021-08-18 10:30 - 000000000 ____D C:\Program Files (x86)\Proton Technologies
2022-02-28 17:38 - 2021-03-09 17:48 - 000000000 ____D C:\Users\Jody
2022-02-27 19:00 - 2021-08-14 14:15 - 000000000 ____D C:\Users\Jody\.p2
2022-02-27 14:02 - 2021-10-27 09:42 - 000000000 ____D C:\Users\Jody\Documents\New Covenant
2022-02-27 00:07 - 2021-03-04 22:53 - 000000000 ____D C:\ProgramData\McAfee
2022-02-27 00:07 - 2021-03-04 22:53 - 000000000 ____D C:\Program Files\McAfee
2022-02-27 00:07 - 2019-12-07 04:03 - 000524288 _____ C:\Windows\system32\config\BBI
2022-02-27 00:05 - 2019-12-07 04:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2022-02-27 00:05 - 2019-12-07 04:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2022-02-27 00:03 - 2021-03-09 17:49 - 000000000 ____D C:\Users\Jody\AppData\Local\Packages
2022-02-26 21:30 - 2021-03-25 20:05 - 000000000 ____D C:\Users\Jody\AppData\Local\D3DSCache
2022-02-26 17:00 - 2019-12-07 04:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2022-02-26 16:56 - 2021-03-10 20:24 - 000470016 _____ (Microsoft Corporation) C:\Windows\system32\appmgr.dll
2022-02-26 16:56 - 2021-03-10 20:24 - 000404992 _____ (Microsoft Corporation) C:\Windows\system32\AppIdPolicyEngineApi.dll
2022-02-26 16:56 - 2021-03-10 20:24 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\AuditPolicyGPInterop.dll
2022-02-26 16:56 - 2021-02-20 16:23 - 000704000 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2022-02-26 16:56 - 2021-02-20 16:23 - 000553984 _____ (Microsoft Corporation) C:\Windows\system32\scrptadm.dll
2022-02-26 16:56 - 2021-02-20 16:23 - 000542208 _____ (Microsoft Corporation) C:\Windows\system32\AdmTmpl.dll
2022-02-26 16:56 - 2021-02-20 16:23 - 000207360 _____ (Microsoft Corporation) C:\Windows\system32\appmgmts.dll
2022-02-26 16:56 - 2021-02-20 16:23 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2022-02-26 16:56 - 2021-02-20 16:23 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2022-02-26 16:56 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SystemResources
2022-02-26 16:56 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\security
2022-02-26 16:56 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2022-02-26 16:56 - 2019-12-07 04:10 - 000223744 _____ (Microsoft Corporation) C:\Windows\system32\AuditNativeSnapIn.dll
2022-02-26 16:56 - 2019-12-07 04:10 - 000147439 _____ C:\Windows\system32\gpedit.msc
2022-02-26 16:56 - 2019-12-07 04:10 - 000120458 _____ C:\Windows\system32\secpol.msc
2022-02-26 16:56 - 2019-12-07 04:10 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\auditpolmsg.dll
2022-02-26 16:56 - 2019-12-07 04:10 - 000043566 _____ C:\Windows\system32\rsop.msc
2022-02-26 16:56 - 2019-12-07 04:10 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\SrpUxNativeSnapIn.dll
2022-02-26 16:56 - 2019-10-18 08:02 - 000000598 _____ C:\Users\Jody\Desktop\gpedit-enabler.bat
2022-02-26 13:00 - 2021-02-20 16:31 - 000000000 ____D C:\Program Files\Microsoft Office
2022-02-26 11:51 - 2021-03-09 20:37 - 000000000 ____D C:\ProgramData\CanonIJPLM
2022-02-26 11:46 - 2021-03-09 20:15 - 000000000 ____D C:\Program Files (x86)\Canon
2022-02-26 11:13 - 2021-02-20 16:31 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-02-25 20:48 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\Registration
2022-02-24 19:59 - 2021-08-11 16:21 - 000000000 ____D C:\Users\Jody\Documents\VT
2022-02-21 19:24 - 2021-06-16 22:41 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-02-21 18:57 - 2021-03-04 22:51 - 000000000 ____D C:\ProgramData\Package Cache
2022-02-21 06:35 - 2021-02-20 16:59 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-02-21 01:46 - 2021-03-09 17:55 - 000000000 ____D C:\Users\Jody\AppData\Roaming\Cricut Design Space
2022-02-21 01:45 - 2021-03-09 17:55 - 000000000 ____D C:\Users\Jody\.cricut-design-space
2022-02-20 12:05 - 2021-09-23 10:49 - 000000000 ____D C:\Users\Jody\AppData\Roaming\Zoom
2022-02-20 11:50 - 2021-03-09 17:51 - 000000000 ___RD C:\Users\Jody\OneDrive
2022-02-20 11:46 - 2021-08-18 11:18 - 000000000 ____D C:\Users\Jody\AppData\Roaming\discord
2022-02-20 11:46 - 2021-08-18 11:18 - 000000000 ____D C:\Users\Jody\AppData\Local\Discord
2022-02-18 10:35 - 2021-03-10 20:20 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-02-16 19:45 - 2021-03-09 18:07 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-02-16 19:45 - 2021-03-09 17:53 - 000002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2022-02-11 19:23 - 2021-03-09 17:51 - 000000000 ____D C:\Users\Jody\AppData\Local\PlaceholderTileLogoFolder
2022-02-11 14:45 - 2021-03-09 17:49 - 000000000 ____D C:\Users\Jody\AppData\Local\ConnectedDevicesPlatform
2022-02-10 19:45 - 2021-02-20 16:09 - 000457960 _____ C:\Windows\system32\FNTCACHE.DAT
2022-02-10 19:44 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2022-02-10 19:44 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\et-EE
2022-02-10 19:44 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\es-MX
2022-02-10 19:44 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\Dism
2022-02-10 19:44 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\appraiser
2022-02-10 19:44 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\ShellExperiences
2022-02-10 19:44 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\bcastdvr
2022-02-10 19:44 - 2019-12-07 04:03 - 000000000 ____D C:\Windows\servicing
2022-02-10 11:35 - 2021-02-20 16:12 - 002877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2022-02-10 11:30 - 2021-03-10 20:04 - 000000000 ____D C:\Windows\system32\MRT
2022-02-10 11:29 - 2021-03-10 20:04 - 149611728 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-02-07 09:21 - 2021-08-18 10:31 - 000029680 _____ (WireGuard LLC) C:\Windows\system32\Drivers\wintun.sys
2022-02-07 09:21 - 2021-08-18 10:31 - 000000000 ____D C:\ProgramData\ProtonVPN
==================== Files in the root of some directories ========
2021-03-25 20:16 - 2021-03-25 20:16 - 000000000 _____ () C:\Users\Jody\AppData\Local\oobelibMkey.log
2021-12-29 14:31 - 2021-12-29 14:31 - 000000218 _____ () C:\Users\Jody\AppData\Local\recently-used.xbel
2022-02-24 08:40 - 2022-02-24 08:40 - 000000017 _____ () C:\Users\Jody\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2022
Ran by Jody (02-03-2022 09:37:39)
Running from C:\Users\Jody\Downloads
Microsoft Windows 10 Home Version 20H2 19042.1526 (X64) (2021-03-10 00:45:31)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-495011604-739877659-3503502076-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-495011604-739877659-3503502076-503 - Limited - Disabled)
Guest (S-1-5-21-495011604-739877659-3503502076-501 - Limited - Disabled)
Jody (S-1-5-21-495011604-739877659-3503502076-1001 - Administrator - Enabled) => C:\Users\Jody
WDAGUtilityAccount (S-1-5-21-495011604-739877659-3503502076-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Active Directory Authentication Library for SQL Server (HKLM\...\{6BF11ECE-3CE8-4FBA-991A-1F55AA6BE5BF}) (Version: 15.0.1300.359 - Microsoft Corporation) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 21.011.20039 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.011.20039 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.4.3.544 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 7.6.0.52 - Adobe Inc.)
Amazon Kindle (HKU\S-1-5-21-495011604-739877659-3503502076-1001\...\Amazon Kindle) (Version: 1.31.0.60170 - Amazon)
Anaconda3 2020.11 (Python 3.8.5 64-bit) (HKLM\...\Anaconda3 2020.11 (Python 3.8.5 64-bit)) (Version: 2020.11 - Anaconda, Inc.)
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.8.2 - Angry IP Scanner)
Azure Data Studio (HKLM\...\{6591F69E-6588-4980-81ED-C8FCBD7EC4B8}_is1) (Version: 1.32.0 - Microsoft Corporation)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 98.1.35.103 - Brave Software Inc)
Browser for SQL Server 2019 (HKLM-x32\...\{5E366957-8D78-4BB5-A790-96F97A9766BD}) (Version: 15.0.2000.5 - Microsoft Corporation)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.3.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.6.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.15.23 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.3.0 - Canon Inc.)
Canon MX490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX490_series) (Version: 1.02 - Canon Inc.)
Canon MX490 series User Registration (HKLM-x32\...\Canon MX490 series User Registration) (Version: - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.6.4 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.6.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.6.0 - Canon Inc.)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{0243F145-076D-423A-8F77-218DC8840261}) (Version: 4.8.04119 - Microsoft Corporation) Hidden
Cricut Design Space (HKU\S-1-5-21-495011604-739877659-3503502076-1001\...\{113DD42F-AE80-489B-8F15-FB8499306C48}) (Version: 7.2.87 - Cricut, Inc.)
Dell Digital Delivery Services (HKLM-x32\...\{560DFD4A-23E2-45DD-A223-A4B3FA356913}) (Version: 4.0.92.0 - Dell