Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Generic User Avatar

Remote Access Tried to Change My Bank Account Password


  • Please log in to reply
1 reply to this topic

#1 nekton

nekton

  •  Avatar image
  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted Yesterday, 10:36 AM

While my computer was on and connected to the internet, someone remotely took control of my mouse and went to a browser tab pointing to my bank account. They attempted to change the password of my bank account but I shut down the my computer before they could. I am running Windows 10 Pro.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.06.2024
Ran by mattp (administrator) on DESKTOP-DU5C2FD (Dell Inc. Inspiron 7506 2n1) (29-06-2024 10:22:04)
Running from C:\Users\mattp\Downloads\FRST64.exe
Loaded Profiles: mattp
Platform: Microsoft Windows 10 Pro Version 22H2 19045.4529 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\1.3.911.1\DropboxCrashHandler.exe
(C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.UserProcess.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\DCF\Dell.DCF.UA.Bradbury.API.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DiagnosticsSubAgent\Dell.TechHub.Diagnostics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell) C:\Program Files\Dell\TechHub\Dell.CoreServices.Client.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\AnalyticsSubAgent\Dell.TechHub.Analytics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\DataManagerSubAgent\Dell.TechHub.DataManager.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\Mozilla Firefox\firefox.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WPS\1.19.187.1\extnhost\mc-extn-browserhost.exe
(C:\Users\mattp\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\mattp\AppData\Local\PowerToys\PowerToys.AlwaysOnTop.exe
(C:\Users\mattp\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\mattp\AppData\Local\PowerToys\PowerToys.Awake.exe
(C:\Users\mattp\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\mattp\AppData\Local\PowerToys\PowerToys.ColorPickerUI.exe
(C:\Users\mattp\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\mattp\AppData\Local\PowerToys\PowerToys.CropAndLock.exe
(C:\Users\mattp\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\mattp\AppData\Local\PowerToys\PowerToys.FancyZones.exe
(C:\Users\mattp\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\mattp\AppData\Local\PowerToys\PowerToys.PowerLauncher.exe
(C:\Users\mattp\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\mattp\AppData\Local\PowerToys\PowerToys.PowerOCR.exe
(C:\Users\mattp\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\mattp\AppData\Local\PowerToys\WinUI3Apps\PowerToys.AdvancedPaste.exe
(C:\Users\mattp\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\mattp\AppData\Local\PowerToys\WinUI3Apps\PowerToys.Peek.UI.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <26>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <31>
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(explorer.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe <2>
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_c6bfc5767fc0181c\WavesSvc64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\mattp\AppData\Local\Microsoft\OneDrive\24.111.0602.0003\Microsoft.SharePoint.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <33>
(RealDefense LLC -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\Fusion\FusionService.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Dell Technologies Inc. -> Dell) C:\Program Files\Dell\TechHub\Dell.TechHub.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_f21a18a53fedc854\AS\IAS\IntelAudioService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WPS\1.19.187.1\mc-fw-host.exe <2>
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (RealDefense, LLC -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c1ed66a4660de9da\RtkAudUService64.exe <3>
(services.exe ->) (Shenzhen Goodix Technology Co., Ltd. -> Goodix) C:\Windows\System32\drivers\SessionService.exe
(services.exe ->) (VMware Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WPS\1.19.187.1\neo\mc-neo-host.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\mattp\AppData\Local\PowerToys\PowerToys.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <5>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Windows.Media.BackgroundPlayback.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c1ed66a4660de9da\RtkAudUService64.exe [1672488 2023-05-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_c6bfc5767fc0181c\WavesSvc64.exe [5083736 2023-02-22] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [11859680 2023-11-30] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [367456 2024-04-22] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [9248144 2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [TrayProcess] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayProcess.exe [883848 2021-12-20] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\mattp\AppData\Local\Microsoft\Teams\Update.exe [2593816 2024-05-01] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\mattp\AppData\Local\WebEx\WebexHost.exe [8083040 2023-10-19] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\Run: [Discord] => C:\Users\mattp\AppData\Local\Discord\Update.exe [1522176 2022-06-08] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\Run: [Nextcloud] => C:\Program Files\Nextcloud\nextcloud.exe [5333200 2024-04-23] (Nextcloud GmbH -> Nextcloud GmbH)
HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\Run: [flbmusic] => C:\Users\mattp\AppData\Roaming\flbmusic\flbmusic.exe [153444352 2021-10-24] (Patrick Waweru) [File not signed] <==== ATTENTION
HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\Run: [OpenVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [869152 2022-12-02] (OpenVPN Inc. -> )
HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\Run: [CiscoSpark] => C:\Users\mattp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex\Webex.lnk [1482 2023-11-14] () [File not signed]
HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [263256 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)
HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\Run: [com.squirrel.slack.slack] => C:\Users\mattp\AppData\Local\slack\slack.exe [310584 2024-01-14] (Slack Technologies, LLC -> Slack Technologies Inc.)
HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11248160 2024-04-29] (RealDefense LLC -> SUPERAntiSpyware)
HKLM\...\Windows x64\Print Processors\HP1006PrintProc: C:\Windows\System32\spool\prtprocs\x64\HP1006PP.dll [65024 2013-04-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Windows x64\Print Processors\HP1020PrintProc: C:\Windows\System32\spool\prtprocs\x64\pphp1020.dll [65024 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Windows x64\Print Processors\hpcpp255: C:\Windows\System32\spool\prtprocs\x64\hpcpp255.dll [848384 2021-03-03] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [100352 2007-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\WINDOWS\system32\HPMPW082.DLL [120320 2021-03-03] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
HKLM\...\Print\Monitors\HP1006LM: C:\WINDOWS\system32\HP1006LM.DLL [198144 2013-04-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\HPLJ1020LM: C:\WINDOWS\system32\zlhp1020.dll [192512 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\HPMLM225: C:\WINDOWS\system32\hpmlm225.dll [308224 2018-11-14] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\124.0.6367.208\Installer\chrmstp.exe [2024-05-15] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{FCADF89D-0D43-488D-BC24-B068C474F40D}] -> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v OPENVPN-GUI /t REG_SZ /d "C:\Program Files\OpenVPN\bin\openvpn-gui.exe"
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy-Firefox: Restriction <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {E6864983-B96B-481E-94D5-683BFAEC5BE2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1558984 2024-06-25] (Adobe Inc. -> Adobe Inc.)
Task: {D54C4622-AB53-4163-9A60-862DB6AA82D7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {E004DDB1-4B06-4A24-98C5-C08A83C4671D} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\SupportAssistInstaller.exe [964936 2024-04-25] (Dell Technologies Inc. -> Dell Inc.) -> C:\Program Files\Dell\SupportAssistAgent\bin\AutoUpdate
Task: {0EF7350C-6C74-4DA4-98BB-8690B98D6C95} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-13] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B31867AA-DDD8-4A1E-9E25-CCD7F5A676AB} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-13] (Dropbox, Inc -> Dropbox, Inc.)
Task: {BFA6678F-285A-4920-8891-8F63A8189FAB} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem126.0.6462.0{4B8EE62D-1EA4-406F-8097-05A43C859FE2} => C:\Program Files (x86)\Google\GoogleUpdater\126.0.6462.0\updater.exe [4794656 2024-05-06] (Google LLC -> Google LLC)
Task: {7987EDE6-4958-471F-963E-61BCD9A7816F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe  --automatic (No File)
Task: {53BFCF01-0DFD-4E17-B7D5-93EEFDA9582A} - System32\Tasks\McAfee\WPS\McAfee Anti-tracker notification => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {AD29BDAC-E42A-4E02-8294-26F492CDC1EB} - System32\Tasks\McAfee\WPS\McAfee Anti-Tracker Scanner => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {9E394016-6988-48F8-A83C-1B51A223E684} - System32\Tasks\McAfee\WPS\McAfee Cloud Configuration Check => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {040094AC-0CED-40F2-A7A6-315EF6975C90} - System32\Tasks\McAfee\WPS\McAfee Health Check => C:\Program Files\McAfee\WPS\1.19.187.1\sustainability\mc-sustainability.exe [950824 2024-06-26] (McAfee, LLC -> McAfee, LLC)
Task: {022B99A0-0571-4327-A80F-9414076383BF} - System32\Tasks\McAfee\WPS\McAfee Hotfix => C:\Program Files\McAfee\wps\1.19.187.1\dad\3.21.6\mc-dad.exe [2641432 2024-06-21] (McAfee, LLC -> McAfee, LLC)
Task: {1B6B0F02-CDBB-43F3-B1BD-D2FF8ECBD246} - System32\Tasks\McAfee\WPS\McAfee Message Check => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {10AC6E7C-B316-45D9-96F0-99961358C064} - System32\Tasks\McAfee\WPS\McAfee PC Optimizer Task => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {FBC7062D-E3DE-4C2C-A0E6-7F0844B91604} - System32\Tasks\McAfee\WPS\McAfee restart of PC => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {D10B1339-4D2D-4182-B965-28622B27FB75} - System32\Tasks\McAfee\WPS\McAfee Scheduled AV Scan => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {C2FA5E7F-D252-43C5-B460-8DB528FE38D7} - System32\Tasks\McAfee\WPS\McAfee Scheduled Tracker Remover => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {33837C52-D3F2-4A54-A418-4F5BE2B4C8D0} - System32\Tasks\McAfee\wps\McAfee Updater => {81A7CB63-BB07-4DAD-8E72-07B3A9BB08E2} C:\Program Files\McAfee\wps\1.19.187.1\mc-update.exe [3296320 2024-06-26] (McAfee, LLC -> McAfee, LLC)
Task: {6E1B6372-2F79-47CA-B133-A682CADCDC6F} - System32\Tasks\McAfee\WPS\McAfee Virus Definition Update => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {8A8A8BAE-CB62-4977-BCA8-0CFDAC6D2DD0} - System32\Tasks\McAfee\WPS\McAfee Windows Notification Token => \\?\C:\Program Files\McAfee\WPS\1.19.187.1\mc-wns-client\mc-wns-client.exe [923696 2024-06-26] (McAfee, LLC -> )
Task: {2E7AF734-2C32-47F0-8E57-B51053CC8911} - System32\Tasks\McUtilTask => C:\Program Files\Common Files\McAfee\UPDMGR\8.0.160.1\mcupdutl.exe  /setaffid default 105 (No File)
Task: {D59C67BB-8D82-4CDD-BD58-70B87A71D25A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28499424 2024-06-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {A625BE1B-5CD4-4CF6-ACCA-5D6799916214} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28499424 2024-06-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {6FEB4EF4-13D7-491A-A75C-A3E149239082} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309800 2024-06-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {C045CD14-F46C-4FB9-8BB4-E2780BBA421A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309800 2024-06-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {54C86CA1-A412-481F-B67B-1C33B6413611} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [169648 2024-06-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {19264308-7F93-41CF-8729-275D4BD43E43} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe [504552 2024-06-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {B73C1082-0DB8-4777-9506-9DFCCF7B4FE0} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [33696 2024-06-28] (Mozilla Corporation -> Mozilla Foundation)
Task: {283606CB-7F51-4C2B-BE70-BC9FA98FDD28} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-11-22] () [File not signed]
Task: {FBBE1DAA-DE1E-44CC-AE15-277D6934E627} - System32\Tasks\Opera scheduled Autoupdate 1644508791 => C:\Users\mattp\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe [5728672 2024-06-04] (Opera Norway AS -> Opera Software)
Task: {D38E7BFC-4568-4C42-91F3-C27F400BC726} - System32\Tasks\PowerToys\Autorun for mattp => C:\Users\mattp\AppData\Local\PowerToys\PowerToys.exe [1194016 2024-05-26] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\vsocklib.dll [26512 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\vsocklib.dll [26512 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\vsocklib.dll [31120 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Winsock: Catalog9-x64 16 C:\Windows\system32\vsocklib.dll [31120 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.201.1
Tcpip\..\Interfaces\{119401b5-89ce-456e-8539-e079e52c9e22}: [DhcpNameServer] 192.168.201.254
Tcpip\..\Interfaces\{1e6b2f60-95d8-4a0f-a11d-b3581b487c2b}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{3f05f5f4-abf6-487e-80cc-66339b67c8cb}: [DhcpNameServer] 192.168.201.254
Tcpip\..\Interfaces\{504a8a90-4508-4eae-bb80-ec1845e4dab9}: [DhcpNameServer] 192.168.201.1
Tcpip\..\Interfaces\{504a8a90-4508-4eae-bb80-ec1845e4dab9}: [DhcpDomain] perrympls.lan
Tcpip\..\Interfaces\{c9b35498-21e6-4ed0-af90-b4a3d47764bc}: [DhcpNameServer] 192.168.99.1 192.168.99.1
Tcpip\..\Interfaces\{fc01fcd5-2b9d-2fd8-78d8-cb78b313e2b2}: [NameServer] 103.86.96.100,103.86.99.100
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\mattp\AppData\Local\Microsoft\Edge\User Data\Default [2024-06-29]
Edge Notifications: Default -> hxxps://calendar.google.com; hxxps://drive.google.com; hxxps://forum.virtualmin.com; hxxps://mail.google.com; hxxps://murray.perrympls.net; hxxps://service.mcafee.com; hxxps://twitter.com; hxxps://www.facebook.com; hxxps://www.instagram.com; hxxps://www.reddit.com; hxxps://www.youtube.com
Edge Extension: (Tab Suspender) - C:\Users\mattp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fiabciakcmgepblmdkmemdbbkilneeeh [2024-06-11]
Edge Extension: (Google Docs Offline) - C:\Users\mattp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-01]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\mattp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2024-06-11]
Edge Extension: (OneTab) - C:\Users\mattp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hoimpamkkoehapgenciaoajfkfkpgfop [2024-06-28]
Edge Extension: (Edge relevant text changes) - C:\Users\mattp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-01]
Edge Extension: (SimpleExtManager) - C:\Users\mattp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kniehgiejgnnpgojkdhhjbgbllnfkfdk [2024-06-11]
Edge Extension: (Postlight Reader) - C:\Users\mattp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kpldbdfpngbdadafgaccakmeaoeligcl [2024-06-11]
Edge Extension: (Vertical Tabs) - C:\Users\mattp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pddljdmihkpdfpkgmbhdomeeifpklgnm [2022-06-04]
Edge Extension: (hyde — hide the YouTube video player controls) - C:\Users\mattp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pmkpddhfbiojipiehnejbjkgdgdpkdpb [2024-06-11]
Edge HKLM-x32\...\Edge\Extension: [fphgeikpdcdcheaochkhldmnfblfogla]
 
FireFox:
========
FF DefaultProfile: ozzxf0ti.default
FF ProfilePath: C:\Users\mattp\AppData\Roaming\Mozilla\Firefox\Profiles\ozzxf0ti.default [2024-06-28]
FF Session Restore: Mozilla\Firefox\Profiles\ozzxf0ti.default -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\ozzxf0ti.default -> hxxps://murray.perrympls.net:19700; hxxps://blair.perrympls.net:19700; hxxps://www.youtube.com; hxxps://voice.google.com
FF ProfilePath: C:\Users\mattp\AppData\Roaming\Mozilla\Firefox\Profiles\mm1i5x0l.default-release [2024-06-29]
FF Session Restore: Mozilla\Firefox\Profiles\mm1i5x0l.default-release -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\mm1i5x0l.default-release -> hxxps://murray.perrympls.net:19700; hxxps://bumbry.perrympls.net:19700
FF Extension: (McAfee® WebAdvisor) - C:\Users\mattp\AppData\Roaming\Mozilla\Firefox\Profiles\mm1i5x0l.default-release\Extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}.xpi [2023-12-08] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-06-14] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.20 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\mattp\AppData\Local\Google\Chrome\User Data\Default [2024-06-29]
CHR Notifications: Default -> hxxps://192.168.201.49; hxxps://app.element.io; hxxps://business.facebook.com; hxxps://calendar.google.com; hxxps://community.learnlinux.tv; hxxps://drive.google.com; hxxps://forum.virtualmin.com; hxxps://mail.google.com; hxxps://nekton.social; hxxps://next.waveapps.com; hxxps://service.mcafee.com; hxxps://shop.null-byte.com; hxxps://voice.google.com; hxxps://www.facebook.com; hxxps://www.instagram.com; hxxps://www.reddit.com; hxxps://www.startribune.com; hxxps://www.verizon.com; hxxps://www.wsj.com; hxxps://www.youtube.com
CHR Extension: (Torrent Scanner) - C:\Users\mattp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2024-01-09]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\mattp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2024-06-28]
CHR Extension: (OneTab) - C:\Users\mattp\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2024-06-28]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\mattp\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-06-28]
CHR Extension: (Tab Suspender) - C:\Users\mattp\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiabciakcmgepblmdkmemdbbkilneeeh [2023-12-05]
CHR Extension: (Google Docs Offline) - C:\Users\mattp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-06-28]
CHR Extension: (SimpleExtManager) - C:\Users\mattp\AppData\Local\Google\Chrome\User Data\Default\Extensions\kniehgiejgnnpgojkdhhjbgbllnfkfdk [2023-10-15]
CHR Extension: (SmartVideo For YouTube™) - C:\Users\mattp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2022-02-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mattp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-05]
CHR Extension: (Postlight Reader) - C:\Users\mattp\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2023-03-06]
CHR Extension: (hyde — hide the YouTube video player controls) - C:\Users\mattp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmkpddhfbiojipiehnejbjkgdgdpkdpb [2024-06-11]
CHR HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [mfhcmdonhekjhfbjmeacdjbhlfgpjabp]
 
Opera: 
=======
OPR DefaultProfile: Default
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [177392 2023-09-13] (RealDefense, LLC -> SUPERAntiSpyware.com)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-06-25] (Adobe Inc. -> Adobe Inc.)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103776 2024-03-30] (Apple Inc. -> Apple Inc.)
S4 BalloonService; C:\Program Files (x86)\SPICE Guest Tools\drivers\Balloon\w10\amd64\blnsvr.exe [166568 2017-07-19] (Red Hat, Inc. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14012384 2024-06-15] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-13] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-13] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46824 2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458128 2023-12-07] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [159632 2023-12-07] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [481680 2023-12-07] (Dell Technologies Inc. -> Dell Technologies Inc.)
S4 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [57760 2023-12-20] (Dell Inc -> )
S4 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [22224 2023-12-13] (Dell Inc -> Dell INC.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [50392 2024-01-27] (Dell Inc -> )
R2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [159664 2023-12-22] (Dell Technologies Inc. -> Dell)
S3 DropboxElevationService; C:\Program Files (x86)\Dropbox\Client\202.4.5551\DropboxElevationService.exe [1659288 2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
S4 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [44168 2021-12-20] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 FusionService; C:\Program Files\Dell\Fusion\FusionService.exe [26792 2023-02-13] (Dell Inc -> Dell Inc.)
R2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_f21a18a53fedc854\AS\IAS\IntelAudioService.exe [530560 2023-03-14] (Intel Corporation -> Intel)
S4 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [13004248 2023-11-30] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8895072 2024-06-11] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-05-22] (Malwarebytes Inc. -> Malwarebytes)
R2 mc-fw-host; C:\Program Files\McAfee\WPS\1.19.187.1\mc-fw-host.exe [2713488 2024-06-26] (McAfee, LLC -> McAfee, LLC)
S3 mc-wps-update; C:\Program Files\McAfee\wps\1.19.187.1\mc-update.exe [3296320 2024-06-26] (McAfee, LLC -> McAfee, LLC)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.24040.4-0\MpDefenderCoreService.exe [1489000 2024-05-20] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2019-02-01] (HP Inc.) [File not signed]
S4 nordsec-threatprotection-service; C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe [320088 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)
S4 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2023-08-09] (nordvpn s.a. -> nordvpn S.A.)
S4 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [263256 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)
S4 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [67352 2022-12-02] (OpenVPN Inc. -> The OpenVPN Project)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2019-02-01] (HP Inc.) [File not signed]
R3 QEMU Guest Agent VSS Provider; C:\WINDOWS\system32\dllhost.exe /Processid:{790FC55B-0A43-4835-B097-A3E5F193E1ED} [22384 2023-12-03] (Microsoft Windows -> Microsoft Corporation)
S4 QEMU-GA; C:\Program Files\qemu-ga\qemu-ga.exe [197632 2017-04-19] () [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522200 2024-05-21] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [159048 2024-04-25] (Dell Technologies Inc. -> Dell Inc.)
S4 TbtP2pShortcutService; C:\WINDOWS\TbtP2pShortcutService.exe [256608 2022-06-29] (Intel Corporation -> Intel Corporation)
S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [20992824 2023-10-18] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [805224 2023-01-11] (Oracle Corporation -> Oracle and/or its affiliates)
S4 vdservice; C:\Program Files (x86)\SPICE Guest Tools\64\vdservice.exe [206381 2017-10-30] (Red Hat Inc.) [File not signed]
R3 VssEaseusProvider; C:\WINDOWS\system32\dllhost.exe /Processid:{7ED84FBB-13D6-40FB-B066-FF7DC7DC5BE2} [22384 2023-12-03] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.24040.4-0\NisSrv.exe [3236840 2024-05-20] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.24040.4-0\MsMpEng.exe [133704 2024-05-20] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 WireGuardManager; C:\Program Files\WireGuard\wireguard.exe [8185648 2021-12-22] (WireGuard LLC -> WireGuard LLC)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AcxHdAudio; C:\WINDOWS\System32\drivers\AcxHdAudio.sys [526848 2024-05-21] (Microsoft Windows -> Microsoft Corporation)
R3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [46640 2023-08-29] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [74296 2021-07-25] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [54328 2021-07-25] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [22784 2021-07-25] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [555072 2021-08-26] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R2 hcmon; C:\WINDOWS\system32\DRIVERS\hcmon.sys [72144 2023-08-08] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R3 iaLPSS2_GPIO2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_c330c09d72f3e083\iaLPSS2_GPIO2_TGL.sys [128664 2021-01-27] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_312c3014729186bd\iaLPSS2_I2C_TGL.sys [201376 2021-01-27] (Intel Corporation -> Intel Corporation)
R0 iaStorVD; C:\WINDOWS\System32\drivers\iaStorVD.sys [1548488 2022-10-27] (Intel Corporation -> Intel Corporation)
R3 IntcUSB; C:\WINDOWS\System32\DriverStore\FileRepository\intcusb.inf_amd64_1013b3c009bce5af\IntcUSB.sys [917672 2023-03-14] (Intel Corporation -> Intel® Corporation)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [221136 2024-06-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-05-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-06-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 mfeelam; C:\WINDOWS\System32\DRIVERS\mfeelam.sys [19536 2024-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R0 mfesec; C:\WINDOWS\System32\DRIVERS\mfesec.sys [85304 2024-06-26] (McAfee, LLC -> McAfee, LLC)
S3 mshield; C:\WINDOWS\System32\DRIVERS\mshield.sys [43112 2024-04-17] (nordvpn s.a. -> Nordvpn S.A.)
R2 NDivert; C:\Program Files\NordVPN\7.23.3.0\Drivers\NDivert.sys [131472 2024-04-08] (nordvpn s.a. -> Nordvpn S.A.)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [44928 2023-01-17] (nordvpn s.a. -> TEFINCOM S.A.)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [77792 2023-10-19] (Nmap Software LLC -> Insecure.Com LLC.)
S3 npcap_wifi; C:\WINDOWS\system32\DRIVERS\npcap.sys [77792 2023-10-19] (Nmap Software LLC -> Insecure.Com LLC.)
R3 rtump64x64; C:\WINDOWS\System32\drivers\rtump64x64.sys [944680 2021-09-23] (Realtek Semiconductor Corp. -> Realtek Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [18160 2023-08-25] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [15600 2023-08-25] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ScrHIDDriver3; C:\WINDOWS\System32\drivers\ScrHIDDriver3.sys [68392 2020-11-23] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2023-01-14] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [49744 2023-11-06] (nordvpn s.a. -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2020-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [254616 2023-01-11] (Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [265488 2023-01-11] (Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxSup; C:\WINDOWS\system32\DRIVERS\VBoxSup.sys [1061392 2023-01-11] (Oracle Corporation -> Oracle and/or its affiliates)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [189152 2023-01-11] (Oracle Corporation -> Oracle and/or its affiliates)
R0 vmci; C:\WINDOWS\System32\drivers\vmci.sys [104888 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R3 VMnetAdapter; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [31120 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetBridge; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [53704 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetuserif; C:\WINDOWS\system32\DRIVERS\vmnetuserif.sys [30664 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 vmx86; C:\WINDOWS\system32\DRIVERS\vmx86.sys [100776 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R0 vsock; C:\WINDOWS\System32\DRIVERS\vsock.sys [88976 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [21056 2024-05-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [601496 2024-05-20] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105880 2024-05-20] (Microsoft Windows -> Microsoft Corporation)
R3 WiManH; C:\WINDOWS\System32\DriverStore\FileRepository\wiman.inf_amd64_f54d0a27ac206b8c\WiManH\WiManH.sys [175672 2021-07-28] (Intel Corporation -> Intel Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-06-29 10:22 - 2024-06-29 10:22 - 000041288 _____ C:\Users\mattp\Downloads\FRST.txt
2024-06-29 10:21 - 2024-06-29 10:22 - 000000000 ____D C:\FRST
2024-06-29 10:20 - 2024-06-29 10:20 - 002395648 _____ (Farbar) C:\Users\mattp\Downloads\FRST64.exe
2024-06-28 16:11 - 2024-06-28 16:11 - 000000000 ____D C:\Users\mattp\AppData\Roaming\SUPERAntiSpyware.com
2024-06-28 16:10 - 2024-06-28 16:11 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2024-06-28 16:10 - 2024-06-28 16:10 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2024-06-28 16:10 - 2024-06-28 16:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2024-06-28 16:09 - 2024-06-28 16:09 - 219616544 _____ (SUPERAntiSpyware) C:\Users\mattp\Downloads\SUPERAntiSpyware.exe
2024-06-28 16:07 - 2024-06-28 16:07 - 219616544 _____ (SUPERAntiSpyware) C:\Users\mattp\Downloads\Unconfirmed 693976.crdownload
2024-06-28 13:48 - 2024-06-28 13:49 - 035640045 _____ (The qBittorrent project) C:\Users\mattp\Downloads\qbittorrent_4.6.5_x64_setup (2).exe
2024-06-28 11:04 - 2024-06-28 11:04 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3765B446.sys
2024-06-28 11:03 - 2024-06-28 11:03 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2024-06-28 10:57 - 2024-06-28 10:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-06-28 10:41 - 2024-06-28 10:41 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\67167686.sys
2024-06-28 10:40 - 2024-06-28 13:17 - 000000000 ____D C:\Users\mattp\OneDrive\Desktop\mbar
2024-06-28 10:40 - 2024-06-28 13:17 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2024-06-28 10:40 - 2024-06-28 10:40 - 014178840 _____ (Malwarebytes Corp.) C:\Users\mattp\Downloads\mbar-1.10.3.1001.exe
2024-06-28 08:19 - 2024-06-28 08:19 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-06-27 09:46 - 2024-06-27 09:46 - 000004266 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1644508791
2024-06-27 09:46 - 2024-06-27 09:46 - 000001392 _____ C:\Users\mattp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2024-06-26 01:23 - 2024-06-26 01:23 - 000085304 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfesec.sys
2024-06-25 15:10 - 2024-06-25 15:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2024-06-25 06:18 - 2024-06-25 06:18 - 000046824 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2024-06-21 19:37 - 2024-06-21 19:37 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1721838227-1617371528-1245358295-1001
2024-06-21 19:37 - 2024-06-21 19:37 - 000002385 _____ C:\Users\mattp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-06-18 23:01 - 2024-06-18 23:01 - 000002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-06-17 19:56 - 2024-06-17 19:56 - 000000816 _____ C:\Users\mattp\AppData\Local\recently-used.xbel
2024-06-17 17:04 - 2024-06-17 17:09 - 941621248 _____ C:\Users\mattp\Downloads\systemrescue-11.01-amd64.iso
2024-06-12 08:56 - 2024-06-28 09:52 - 000000000 ____D C:\Users\mattp\AppData\LocalLow\IGDump
2024-06-11 21:59 - 2024-06-11 21:59 - 000011216 _____ C:\Users\mattp\AppData\LocalLow\6d1a0d74b8983cab26a68cd0cdace1fb63918ce4f5f6aeaeeefb13009d6d5154
2024-06-11 21:59 - 2024-06-11 21:59 - 000000026 _____ C:\Users\mattp\AppData\LocalLow\7107d4cac2bc4428fa0187dfd88ac646a0a936ba0c71f8a4e27055a4333f4375
2024-06-11 21:17 - 2024-06-11 21:17 - 000000000 ___HD C:\$WinREAgent
2024-06-05 12:15 - 2024-06-05 12:15 - 035640045 _____ (The qBittorrent project) C:\Users\mattp\Downloads\qbittorrent_4.6.5_x64_setup.exe
2024-06-02 10:39 - 2024-06-02 10:39 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-05-31 08:03 - 2024-06-28 14:01 - 000000000 ____D C:\WINDOWS\system32\Tasks\PowerToys
2024-05-31 08:03 - 2024-05-31 08:03 - 000000000 ____D C:\Users\mattp\OneDrive\Documents\PowerShell
2024-05-31 08:03 - 2024-05-31 08:03 - 000000000 ____D C:\Users\mattp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerToys (Preview)
2024-05-31 08:03 - 2024-05-31 08:03 - 000000000 ____D C:\Users\mattp\AppData\Local\PowerToys
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-06-29 10:21 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Registration
2024-06-29 10:07 - 2024-05-22 08:18 - 000000000 ____D C:\Users\mattp\AppData\Local\Malwarebytes
2024-06-29 10:03 - 2024-05-20 14:04 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-06-29 09:23 - 2024-05-20 14:10 - 000004168 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B7A3061B-3912-4AB6-97F5-54DFEFC1A5E5}
2024-06-29 09:12 - 2022-04-16 11:27 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-06-29 09:11 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-06-29 04:01 - 2021-03-25 14:11 - 000000000 ____D C:\Users\mattp\AppData\Local\D3DSCache
2024-06-28 16:35 - 2021-01-12 16:58 - 000000000 ____D C:\Users\mattp\AppData\Local\Google
2024-06-28 15:49 - 2022-06-15 23:10 - 000000000 ____D C:\Users\mattp\AppData\Roaming\discord
2024-06-28 15:44 - 2022-06-15 23:10 - 000000000 ____D C:\Users\mattp\AppData\Local\Discord
2024-06-28 14:44 - 2024-05-20 15:07 - 000002255 _____ C:\Users\mattp\OneDrive\Desktop\Discord.lnk
2024-06-28 14:06 - 2024-05-20 14:14 - 000844898 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-06-28 14:06 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2024-06-28 14:01 - 2024-05-20 14:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-06-28 14:01 - 2024-05-16 13:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2024-06-28 14:01 - 2022-05-24 11:20 - 000000000 ____D C:\ProgramData\VMware
2024-06-28 14:01 - 2022-03-24 11:00 - 000008192 ___SH C:\DumpStack.log.tmp
2024-06-28 14:01 - 2021-01-12 16:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-06-28 14:01 - 2020-11-12 11:43 - 000000000 ____D C:\ProgramData\Goodix
2024-06-28 14:01 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2024-06-28 14:01 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2024-06-28 13:45 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-06-28 13:45 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-06-28 13:20 - 2021-01-12 16:38 - 000001284 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2024-06-28 11:03 - 2022-04-18 14:53 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-06-28 10:57 - 2022-04-18 14:53 - 000001013 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-06-28 10:41 - 2024-05-22 08:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-06-28 10:34 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2024-06-28 10:33 - 2024-05-20 14:56 - 000011216 _____ C:\Users\mattp\AppData\LocalLow\abdfbee3f482f410934d1e17c2f7f6fa1d3b379b2a07284ffda6ea337445c922
2024-06-28 10:28 - 2021-01-16 11:33 - 000000000 ____D C:\Users\mattp\AppData\Local\ElevatedDiagnostics
2024-06-28 10:25 - 2024-05-20 13:56 - 000000000 ____D C:\Users\mattp
2024-06-28 09:45 - 2021-04-13 13:09 - 000000000 ____D C:\Users\mattp\AppData\Roaming\uTorrent
2024-06-28 09:21 - 2021-12-17 17:11 - 000000000 ____D C:\WINDOWS\pss
2024-06-28 08:04 - 2021-01-12 17:30 - 000000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2024-06-28 08:04 - 2021-01-12 17:30 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2024-06-26 01:23 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-06-25 15:10 - 2021-01-12 17:30 - 000000000 ____D C:\Users\mattp\AppData\Roaming\Dropbox
2024-06-25 15:10 - 2021-01-12 17:30 - 000000000 ____D C:\Users\mattp\AppData\Local\Dropbox
2024-06-25 15:10 - 2021-01-12 17:30 - 000000000 ____D C:\Program Files (x86)\Dropbox
2024-06-25 15:10 - 2021-01-12 16:20 - 000000000 ____D C:\Users\mattp\AppData\Local\Packages
2024-06-22 10:13 - 2022-05-24 11:45 - 000000000 ____D C:\Users\mattp\AppData\Local\VMware
2024-06-22 05:21 - 2020-11-19 02:46 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-06-21 19:37 - 2024-05-20 14:10 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1721838227-1617371528-1245358295-1001
2024-06-21 16:00 - 2022-05-24 11:45 - 000000000 ____D C:\Users\mattp\AppData\Roaming\VMware
2024-06-20 17:44 - 2020-11-12 11:47 - 000000000 ____D C:\Program Files (x86)\Dell
2024-06-19 16:57 - 2024-05-20 14:10 - 000003998 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2024-06-19 16:57 - 2024-05-20 14:10 - 000003766 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2024-06-19 09:52 - 2021-01-27 14:41 - 000000000 ____D C:\Users\mattp\.VirtualBox
2024-06-19 09:52 - 2021-01-27 14:41 - 000000000 ____D C:\ProgramData\VirtualBox
2024-06-17 19:56 - 2022-02-18 12:04 - 000000000 ____D C:\Users\mattp\.dbus-keyrings
2024-06-17 18:40 - 2022-02-18 12:22 - 000000000 ____D C:\Users\mattp\AppData\Local\virt-viewer
2024-06-17 06:00 - 2024-05-20 14:13 - 000000130 _____ C:\Users\mattp\AppData\LocalLow\a8b141efd5a28a0535a4b1cef38c232052f69977de70ef5ac15dddb5a77f531f
2024-06-16 15:11 - 2022-01-17 17:10 - 000000128 _____ C:\Users\mattp\AppData\Local\PUTTY.RND
2024-06-15 15:06 - 2020-11-12 11:56 - 000000000 ____D C:\Program Files\Microsoft Office
2024-06-13 20:59 - 2020-11-19 02:48 - 000000000 ____D C:\ProgramData\Packages
2024-06-13 15:41 - 2022-03-28 12:13 - 000000000 ___RD C:\Users\mattp\iCloudDrive
2024-06-13 15:41 - 2022-03-28 12:12 - 000000000 ___RD C:\Users\mattp\iCloudPhotos
2024-06-11 21:58 - 2024-05-20 14:04 - 000436296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-06-11 21:57 - 2024-04-13 12:13 - 000000000 ____D C:\Users\mattp\AppData\Roaming\qBittorrent
2024-06-11 21:57 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-06-11 21:57 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-06-11 21:57 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-06-11 21:57 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-06-11 21:57 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-06-11 21:57 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-06-11 21:57 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-06-11 21:57 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-06-11 21:57 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-06-11 21:57 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-06-11 21:31 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-06-11 21:26 - 2024-05-20 14:05 - 003017216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-06-11 21:16 - 2021-01-13 17:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-06-11 21:06 - 2021-01-13 17:50 - 199048176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-06-07 00:15 - 2024-05-20 14:10 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-06-07 00:15 - 2024-05-20 14:10 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-05-31 14:32 - 2024-05-20 13:05 - 000000000 ___DC C:\WINDOWS\Panther
2024-05-31 08:03 - 2022-12-10 13:13 - 000000000 ____D C:\Users\mattp\AppData\Local\Package Cache
 
==================== Files in the root of some directories ========
 
2023-12-21 14:33 - 2023-12-21 14:33 - 000000426 _____ () C:\Program Files (x86)\LMIR0AB96001.tmp.bat
2023-12-21 14:33 - 2023-12-21 14:33 - 000000351 _____ () C:\Program Files (x86)\LMIR0AB96001.tmp_r.bat
2023-12-11 17:39 - 2023-12-11 17:39 - 000000426 _____ () C:\Program Files (x86)\LMIR0E192001.tmp.bat
2023-12-11 17:39 - 2023-12-11 17:39 - 000000351 _____ () C:\Program Files (x86)\LMIR0E192001.tmp_r.bat
2022-06-02 23:10 - 2023-05-07 13:14 - 000000128 _____ () C:\Users\mattp\AppData\Roaming\winscp.rnd
2022-05-21 13:15 - 2022-05-21 13:15 - 000000038 _____ () C:\Users\mattp\AppData\Local\cloudready_installer_uuid
2022-01-17 17:10 - 2024-06-16 15:11 - 000000128 _____ () C:\Users\mattp\AppData\Local\PUTTY.RND
2024-06-17 19:56 - 2024-06-17 19:56 - 000000816 _____ () C:\Users\mattp\AppData\Local\recently-used.xbel
2021-02-01 16:32 - 2023-10-11 15:12 - 000007601 _____ () C:\Users\mattp\AppData\Local\Resmon.ResmonCfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.06.2024
Ran by mattp (29-06-2024 10:22:56)
Running from C:\Users\mattp\Downloads
Microsoft Windows 10 Pro Version 22H2 19045.4529 (X64) (2024-05-20 19:11:33)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1721838227-1617371528-1245358295-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1721838227-1617371528-1245358295-503 - Limited - Disabled)
Guest (S-1-5-21-1721838227-1617371528-1245358295-501 - Limited - Disabled)
mattp (S-1-5-21-1721838227-1617371528-1245358295-1001 - Administrator - Enabled) => C:\Users\mattp
WDAGUtilityAccount (S-1-5-21-1721838227-1617371528-1245358295-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee (Enabled - Up to date) {0BE13B34-492A-21C0-AE43-C1742279CCB6}
FW: McAfee (Enabled) {33DABA11-0345-2098-851C-6841DCAA8BCD}
FW: McAfee (Enabled) {2FDD6819-222E-5E9F-F5E7-E13A2241D502}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (HKLM\...\{50229C72-539F-4E65-BEB5-F0491C5074B7}) (Version: 22.2.1 - HP Inc.) Hidden
7-Zip 21.07 (x64) (HKLM\...\7-Zip) (Version: 21.07 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.002.20857 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601078}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Anki (HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\Anki) (Version: 23.12.1 - )
Apple Mobile Device Support (HKLM\...\{336D80E8-E773-4B6F-BCAB-D291F34A6685}) (Version: 17.5.0.12 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
AWS Command Line Interface v2 (HKLM\...\{3B64874B-9537-4D3E-9D6D-19BF110D3D94}) (Version: 2.4.11.0 - Amazon Web Services)
balenaEtcher 1.5.116 (HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\d2f3b6c7-6f49-59e2-b8a5-f72e33900c2b) (Version: 1.5.116 - Balena Inc.)
Belarc Advisor 9.7 (HKLM-x32\...\Belarc Advisor) (Version: 9.7.0.0 - Belarc Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Boson Exam Environment (HKLM-x32\...\{3528F285-5F6D-4235-9700-A2A140CC3C02}) (Version: 3.21.0 - Boson Software, LLC)
Boson NetSim 13 (HKLM-x32\...\{BC769957-BE77-4639-A627-1F82C8A10303}) (Version: 13.19.0 - Boson Software, LLC) Hidden
Boson NetSim 13 (HKLM-x32\...\InstallShield_{BC769957-BE77-4639-A627-1F82C8A10303}) (Version: 13.19.0 - Boson Software, LLC)
CCNA 200-301 Network Simulator Lite, Volume 1 (HKLM-x32\...\CCNA 200-301 Network Simulator Lite, Volume 1) (Version: 5.1.0.1 - Pearson IT Certification)
Cisco Network Assistant (HKLM-x32\...\{397FF711-8BD9-4388-ADFC-2A878B83F018}) (Version: 5.8(9.1) - Cisco Systems, Inc)
Cisco Packet Tracer 8.1.1 64Bit (HKLM\...\Cisco Packet Tracer 8.1.1 64Bit_is1) (Version:  - Cisco Systems, Inc.)
Cisco Packet Tracer 8.2.1 64Bit (HKLM\...\Cisco Packet Tracer 8.2.1 64Bit_is1) (Version: 8.2.1.118 - Cisco Systems, Inc.)
Cisco Webex Meetings (HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\ActiveTouchMeetingClient) (Version: 43.10.0 - Cisco Webex LLC)
Core Temp 1.17.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.17.1 - ALCPU)
dch_setup (HKLM-x32\...\{0A5C4FC7-C229-464C-A042-1DB2352152B6}) (Version: 1.47.0.0 - elrazdah) Hidden
Dell Digital Delivery Services (HKLM-x32\...\{16AE9E0C-0E0C-4AD6-82B4-D0F8AB94082F}) (Version: 5.0.86.0 - Dell Inc.)
Dell Mobile Connect Driver (HKLM\...\{EF42F5D9-A5B3-4255-916F-EA411B906750}) (Version: 4.0.6072 - Screenovate Technologies Ltd.)
Dell SupportAssist (HKLM\...\{A1FC489C-7909-4E08-9685-6C77BA2053DE}) (Version: 4.0.3.61633 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{39BF0E71-7A16-4A80-BBCE-FBDD2D1CC2D5}) (Version: 5.5.9.18923 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{f6a4df94-48f2-459a-8d40-16b1fbed13c5}) (Version: 5.5.9.18923 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{398E49A0-84CA-43B5-A926-42EF68619E91}) (Version: 5.5.10.19019 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{3563aa3a-c8ae-48d8-ab19-b1f359265295}) (Version: 5.5.10.19019 - Dell Inc.)
Dell Update for Windows Universal (HKLM\...\{183DEF89-F000-4745-81FD-3B43101D5B9F}) (Version: 5.2.0 - Dell Inc.)
Discord (HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\Discord) (Version: 1.0.9005 - Discord Inc.)
Documentation Manager (HKLM\...\{BD72B4C5-F19D-4507-97C7-21F67DF098C4}) (Version: 23.10.0.8 - Intel Corporation) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 202.4.5551 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.911.1 - Dropbox, Inc.) Hidden
Dynamic Application Loader Host Interface Service (HKLM\...\{2DF0E6F6-1C0E-4AF3-BD8C-2DBD0A8A770F}) (Version: 1.0.0.0 - Intel Corporation) Hidden
EaseUS Todo Backup Home 2022 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 2022 - EaseUS)
EVE-NG-Win-Client-Pack version 2.0 (HKLM-x32\...\EVE-NG-Win-Client-Pack_is1) (Version: 2.0 - EVE-NG Ltd)
FileZilla Client 3.58.0 (HKLM-x32\...\FileZilla Client) (Version: 3.58.0 - Tim Kosse)
Fusion Service (HKLM\...\{93D141B9-9B5E-485B-8ED1-97DE741EE768}) (Version: 2.2.14.0 - Dell.Inc) Hidden
Fusion Service (HKLM-x32\...\{6e578348-d226-4341-a69f-26274feac293}) (Version: 2.2.14.0 - Dell.Inc)
Goodix Fingerprint Driver (HKLM\...\{60FAB781-18F2-4D2B-A8E7-B3AADD327955}_is1) (Version: 3.0.38.600 - Goodix, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 124.0.6367.208 - Google LLC)
iCloud Outlook (HKLM\...\{F054257C-600A-4918-B730-F6829E491781}) (Version: 13.0.0.201 - Apple Inc.)
inSSIDer (HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\inSSIDer) (Version: 5.5.0 - MetaGeek, LLC)
Intel® Icls (HKLM\...\{D404A759-EC9F-4C95-A9FD-2CC8EFF89E03}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2345.5.42.0 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{DD4C55D7-B644-4274-AEC9-77AAB3FB00F2}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{6204E232-6522-4B6E-B22C-4F0DF7CCA27C}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® ME WMI Provider (HKLM\...\{5C67AF85-8F17-49C9-854F-8E40208ECFBE}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.2104.1 - Intel Corporation)
Intel® Serial IO (HKLM\...\{C57881FA-A086-42E7-8FA2-2C3C2DBE5F7E}) (Version: 30.100.2104.1 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000010-0230-1033-84C8-B8D95FA3C8C3}) (Version: 23.10.0.2 - Intel Corporation)
Intel® Integrated Sensor Solution (HKLM-x32\...\{81da3767-7ece-47b7-acbe-01d003fdbe55}) (Version: 3.10.100.4446 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{bddd55ff-828e-4d3d-90dd-cdcc8076d5ba}) (Version: 22.200.2.1 - Intel Corporation) Hidden
Intel® Software Installer (HKLM-x32\...\{cd5b4033-2c6b-4241-acf1-1ee873737a03}) (Version: 23.10.0.8 - Intel Corporation) Hidden
ISS_Drivers_x64 (HKLM\...\{188144F0-D6CC-4A19-AF83-4BFC017233A5}) (Version: 3.10.100.4446 - Intel Corporation) Hidden
iTunes (HKLM\...\{F741FD08-15DA-4153-941C-CB03656C8AAD}) (Version: 12.13.2.3 - Apple Inc.)
Macrium Reflect Free Edition (HKLM\...\{E00F3578-4849-40C8-91DE-58F02AF087A8}) (Version: 8.0.6392 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 8.0 - Paramount Software (UK) Ltd.)
Malwarebytes version 5.1.5.116 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.5.116 - Malwarebytes)
McAfee (HKLM\...\McAfee.WPS) (Version: 1.19.187.1 - McAfee, LLC)
Microsoft .NET Core Host - 3.1.28 (x64) (HKLM\...\{26ECE92F-518E-40AF-9108-7B7B444A46DE}) (Version: 24.112.31513 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.28 (x64) (HKLM\...\{CDEA72F4-1367-4E0A-AC5F-0EBAF7C6825A}) (Version: 24.112.31513 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.28 (x64) (HKLM\...\{3691148D-EF42-4812-8956-AE11FC413B8D}) (Version: 24.112.31513 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.28 (x64) (HKLM-x32\...\{231e3b76-4d0f-4e60-9d69-f11c9c448630}) (Version: 3.1.28.31513 - Microsoft Corporation)
Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.28 (x64) (HKLM\...\{CA84969C-64F9-4606-A998-E692A5DA9B9F}) (Version: 48.112.10439 - Microsoft Corporation) Hidden
Microsoft .NET Host - 7.0.7 (x64) (HKLM\...\{E914E975-A0B1-49F7-AB71-28DACD495C44}) (Version: 56.31.61636 - Microsoft Corporation) Hidden
Microsoft .NET Host - 8.0.3 (x64) (HKLM\...\{0511E062-77E0-4F80-ABA3-0F99B9EF8C4B}) (Version: 64.12.10343 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.20 (x64) (HKLM\...\{76FA02FF-603F-48BB-9E3F-17ED5DB861E8}) (Version: 48.83.63169 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.28 (x64) (HKLM\...\{7C4254A1-17EE-4840-B9D3-7CA9B34C75CD}) (Version: 48.112.10439 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.7 (x64) (HKLM\...\{62A9DE14-DB7A-41D9-9D7E-ED494E6FCBAF}) (Version: 56.31.61636 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.3 (x64) (HKLM\...\{E79D3B29-C9A2-42D5-8703-85B73C452D8B}) (Version: 64.12.10343 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM-x32\...\{a699b48e-5748-4980-ad92-0b61b1d9d718}) (Version: 5.0.17.31213 - Microsoft Corporation)
Microsoft .NET Runtime - 6.0.20 (x64) (HKLM\...\{6CE8AD8C-E6D5-4BF7-91C3-7F8106A5CD93}) (Version: 48.83.63169 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.20 (x64) (HKLM-x32\...\{403b0cfe-5969-462d-8eb2-aafde344360e}) (Version: 6.0.20.32620 - Microsoft Corporation)
Microsoft .NET Runtime - 6.0.28 (x64) (HKLM\...\{4BCC5DFD-5D10-4ACC-AAA9-8A1578A9F0C6}) (Version: 48.112.10439 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.7 (x64) (HKLM\...\{ECCA3DB0-6DEF-42CD-A21A-F2F7B918FB59}) (Version: 56.31.61636 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.3 (x64) (HKLM\...\{D98088DE-EDA4-4E1A-BF0F-ED9A9145CC70}) (Version: 64.12.10343 - Microsoft Corporation) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17628.20144 - Microsoft Corporation)
Microsoft ASP.NET Core 7.0.7 - Shared Framework (x64) (HKLM-x32\...\{4a749a1a-b799-41b4-a328-33a7b2355e76}) (Version: 7.0.7.23274 - Microsoft Corporation)
Microsoft ASP.NET Core 7.0.7 Shared Framework (x64) (HKLM\...\{5ECA54B7-62F2-39EE-9514-31F7DFFFC968}) (Version: 7.0.7.23274 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 126.0.2592.68 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 126.0.2592.68 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\OneDriveSetup.exe) (Version: 24.111.0602.0003 - Microsoft Corporation)
Microsoft Teams classic (HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\Teams) (Version: 1.7.00.10152 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.28 (x64) (HKLM\...\{443A7BE8-E5BE-4514-BDAB-0A872E3E846B}) (Version: 48.112.10435 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.28 (x64) (HKLM-x32\...\{bd3c5800-9256-43b9-97a7-eb349fc38d78}) (Version: 6.0.28.33420 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 7.0.7 (x64) (HKLM\...\{593F16DC-C2D3-4740-ABD4-A171B4E32B06}) (Version: 56.31.61651 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.7 (x64) (HKLM-x32\...\{e875fc20-9a37-4344-b046-0bb037cb2d57}) (Version: 7.0.7.32525 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 8.0.3 (x64) (HKLM\...\{CE0906F2-6C11-4A2B-880B-AFB92474B13E}) (Version: 64.12.10377 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.3 (x64) (HKLM-x32\...\{fb8f4657-2b60-4298-b83e-aaccb07ef793}) (Version: 8.0.3.33416 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 127.0 (x64 en-US)) (Version: 127.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 99.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 127.0.0.8923 - Mozilla)
Mozilla Thunderbird (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 115.12.2 (x86 en-US)) (Version: 115.12.2 - Mozilla)
Nextcloud (HKLM\...\{EACF6F39-3C6B-4983-B90F-251B2FE609A3}) (Version: 3.13.0.20240423 - Nextcloud GmbH)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
NordPass (HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\f7c32559-6c31-590a-9972-0bea54b04213) (Version: 5.9.25 - NordPass Team)
NordUpdater (HKLM\...\{6E35DB82-3D19-4DD6-B8CB-F082815FDE18}_is1) (Version: 1.4.4.1 - Nord Security)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 7.23.3.0 - Nord Security)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.78 - Nmap Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17628.20110 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17628.20144 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenVPN 2.5.8-I604 amd64 (HKLM\...\{FCADF89D-0D43-488D-BC24-B068C474F40D}) (Version: 2.5.040 - OpenVPN, Inc.)
Opera Stable 111.0.5168.43 (HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\Opera 111.0.5168.43) (Version: 111.0.5168.43 - Opera Software)
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Oracle VM VirtualBox 7.0.6 (HKLM\...\{5C50439B-4A95-4615-A77B-6D250D734303}) (Version: 7.0.6 - Oracle and/or its affiliates)
Pearson Test Prep (HKLM-x32\...\Pearson Test Prep_is1) (Version: 1.0.32.0 - Pearson IT Certification)
PearsonCCNASimulator (HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\PearsonCCNANetworkSimulator) (Version: 1.1.0 - Pearson)
Postman x86_64 10.5.2 (HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\Postman) (Version: 10.5.2 - Postman)
PowerToys (Preview) (HKLM\...\{BFA8AF9A-AC09-422E-99DA-29479F232E25}) (Version: 0.81.1 - Microsoft Corporation) Hidden
PowerToys (Preview) x64 (HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\{ba004f68-3d55-4428-b56b-a04921bde4bc}) (Version: 0.81.1 - Microsoft Corporation)
PuTTY release 0.76 (64-bit) (HKLM\...\{1E0D5689-40F1-4E46-ABBB-EAAC68B5CD89}) (Version: 0.76.0.0 - Simon Tatham)
PuTTY Session Manager 0.50.189.0 (HKLM-x32\...\PuTTY Session Manager) (Version: 0.50.189.0 - David Riseley)
Python 3.10.10 (64-bit) (HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\{d792a453-39b9-418b-b84a-a3c081f4a96c}) (Version: 3.10.10150.0 - Python Software Foundation)
Python 3.10.10 Add to Path (64-bit) (HKLM\...\{8537571F-1A2B-4D99-8042-55ABFAA1CB75}) (Version: 3.10.10150.0 - Python Software Foundation) Hidden
Python 3.10.10 Core Interpreter (64-bit) (HKLM\...\{8D186605-9E75-4786-926B-A6434419C86D}) (Version: 3.10.10150.0 - Python Software Foundation) Hidden
Python 3.10.10 Development Libraries (64-bit) (HKLM\...\{BE74226F-199B-4DCE-AB22-4269DC9A83FC}) (Version: 3.10.10150.0 - Python Software Foundation) Hidden
Python 3.10.10 Documentation (64-bit) (HKLM\...\{BA63FB24-50D4-4D04-A1DD-BDB3A3098C0E}) (Version: 3.10.10150.0 - Python Software Foundation) Hidden
Python 3.10.10 Executables (64-bit) (HKLM\...\{81F82011-7F71-4D82-A213-9D4C704959EA}) (Version: 3.10.10150.0 - Python Software Foundation) Hidden
Python 3.10.10 pip Bootstrap (64-bit) (HKLM\...\{861EF849-90A5-4F4A-BAD4-479141466551}) (Version: 3.10.10150.0 - Python Software Foundation) Hidden
Python 3.10.10 Standard Library (64-bit) (HKLM\...\{DCFC24EF-C987-4F08-A807-C562D5546446}) (Version: 3.10.10150.0 - Python Software Foundation) Hidden
Python 3.10.10 Tcl/Tk Support (64-bit) (HKLM\...\{254DC21E-9E4E-48BC-943D-6DB473D6356A}) (Version: 3.10.10150.0 - Python Software Foundation) Hidden
Python 3.10.10 Test Suite (64-bit) (HKLM\...\{C5A7DCFD-705B-41AC-8615-4A33DBFC5272}) (Version: 3.10.10150.0 - Python Software Foundation) Hidden
Python 3.10.10 Utility Scripts (64-bit) (HKLM\...\{D8E25ACB-4E67-4402-8A53-5B5DAB83FD2C}) (Version: 3.10.10150.0 - Python Software Foundation) Hidden
Python 3.11.1 (64-bit) (HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\{fca95908-8c70-405d-9e72-cd746e2f7786}) (Version: 3.11.1150.0 - Python Software Foundation)
Python 3.11.1 Add to Path (64-bit) (HKLM\...\{592A8BDA-2DD1-4C98-86D1-72B14B0464FD}) (Version: 3.11.1150.0 - Python Software Foundation) Hidden
Python 3.11.1 Core Interpreter (64-bit) (HKLM\...\{5D1EFF51-4740-4E62-8E49-11C13DEC34C3}) (Version: 3.11.1150.0 - Python Software Foundation) Hidden
Python 3.11.1 Development Libraries (64-bit) (HKLM\...\{988799D6-A7CE-4F51-89AF-1E4A64FA7ECA}) (Version: 3.11.1150.0 - Python Software Foundation) Hidden
Python 3.11.1 Documentation (64-bit) (HKLM\...\{5EB7FFE8-5B05-4DD3-9DE0-D0F20D93FA6C}) (Version: 3.11.1150.0 - Python Software Foundation) Hidden
Python 3.11.1 Executables (64-bit) (HKLM\...\{A7DE96A8-2F75-44B2-B46E-5D50DE5B1B80}) (Version: 3.11.1150.0 - Python Software Foundation) Hidden
Python 3.11.1 pip Bootstrap (64-bit) (HKLM\...\{C5FAF3D9-A03D-4F6A-AAC9-87735DDA5DCF}) (Version: 3.11.1150.0 - Python Software Foundation) Hidden
Python 3.11.1 Standard Library (64-bit) (HKLM\...\{21EEFB31-6A96-4CAE-9A3B-B7FD6374C155}) (Version: 3.11.1150.0 - Python Software Foundation) Hidden
Python 3.11.1 Tcl/Tk Support (64-bit) (HKLM\...\{66CA643F-68B2-4063-8F87-34D48A2C49ED}) (Version: 3.11.1150.0 - Python Software Foundation) Hidden
Python 3.11.1 Test Suite (64-bit) (HKLM\...\{EFFC2C23-AEE2-4867-998C-5F5A902496C0}) (Version: 3.11.1150.0 - Python Software Foundation) Hidden
Python 3.11.1 Utility Scripts (64-bit) (HKLM\...\{E63D4F21-1B1F-43DC-9347-4FB51A71704C}) (Version: 3.11.1150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{8A19B72D-62A8-4198-BEBD-CAEF117194C8}) (Version: 3.11.8009.0 - Python Software Foundation)
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.6.4 - The qBittorrent project)
QEMU guest agent (HKLM\...\{8122E54F-475E-4DA7-BEC2-B6B2DE16A988}) (Version: 7.4.5 - Red Hat, Inc.)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9517.1 - Realtek Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.19042.31267 - Realtek Semiconductor Corp.)
Realtek USB Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{04201224-2B34-4EE7-862B-B7BBF89DB3AB}) (Version: 10.39.518.2020 - Realtek)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Slack (HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\slack) (Version: 4.35.132 - Slack Technologies Inc.)
SPICE Guest Tools 0.141 (HKLM-x32\...\SpiceGuestTools) (Version: 0.141 - The SPICE Project)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1266 - SUPERAntiSpyware.com)
TbtLegacyPlug (HKLM-x32\...\{488D2737-A8BE-4F2A-8A9B-AEFF2DB8833F}) (Version: 18.0.0.0 - elrazdah) Hidden
TeamViewer (HKLM\...\TeamViewer) (Version: 15.47.3 - TeamViewer)
Tera Term 4.105 (HKLM-x32\...\Tera Term_is1) (Version: 4.105 - TeraTerm Project)
Tftpd64 Standalone Edition (remove only) (HKLM-x32\...\Tftpd64) (Version:  - )
Thunderbolt™ Software (HKLM-x32\...\{6653e751-8a5d-4ba0-b13d-c3a212e9cd67}) (Version: 1.47.0.0 - Intel® Corporation)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.2.3.0 - uvnc bvba)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation)
VirtViewer 11.0-256 (64-bit) (HKLM\...\{4446F5FE-F6AD-4B4B-998C-825440ABD586}) (Version: 11.0.256 - Virt Viewer Project)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.20 - VideoLAN)
Web Companion (HKLM-x32\...\{78cd67f6-141e-4abe-ab6b-e3dc3498bc7f}) (Version: 7.0.2417.4248 - Lavasoft) <==== ATTENTION
Webex (HKLM\...\{678BF7CC-80F6-5573-B16C-04493421D448}) (Version: 43.2.0.25211 - Cisco Systems, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\WinDirStat) (Version:  - )
Windows PC Health Check (HKLM\...\{77ACFAF7-E5AB-410D-BA14-BBEBF89422DE}) (Version: 3.1.2109.29003 - Microsoft Corporation)
WinSCP 5.19.6 (HKLM-x32\...\winscp3_is1) (Version: 5.19.6 - Martin Prikryl)
WireGuard (HKLM\...\{2FDB79CE-5193-4A39-82BB-E00158CC1533}) (Version: 0.5.3 - WireGuard LLC)
Wireshark 4.2.4 x64 (HKLM-x32\...\Wireshark) (Version: 4.2.4 - The Wireshark developer community, hxxps://www.wireshark.org)
X2Go Client for Windows (HKLM-x32\...\x2goclient) (Version: 4.1.2.2-2020.02.13 - X2Go Project)
yEd Graph Editor 3.21.1 (HKLM\...\3309-7404-0599-8908) (Version: 3.21.1 - yWorks GmbH)
Zoom (HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\ZoomUMX) (Version: 5.16.10 (26186) - Zoom Video Communications, Inc.)
 
Packages:
=========
 
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-06-14] ()
Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.25.1177.0_x64__22t9g3sebte08 [2023-08-02] (AMZN Mobile LLC.) [Startup Task]
Dell Cinema Guide -> C:\Program Files\WindowsApps\DellInc.DellCinemaGuide_1.0.49.0_x64__htrsf667h5kn2 [2021-12-23] (Dell Inc)
Dell CinemaColor -> C:\Program Files\WindowsApps\PortraitDisplays.DellCinemaColor_2.4.78.0_x64__2dgmkzkw4h30c [2022-08-11] (Portrait Displays)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.5.5.0_x64__htrsf667h5kn2 [2024-05-20] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_5.0.86.0_x64__htrsf667h5kn2 [2024-05-20] (Dell Inc)
Dell Mobile Connect -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnectPlus_4.1.8330.0_x64__0vhbc3ng4wbp0 [2021-12-28] (Screenovate Technologies)
Dell Mobile Connect 3.3 -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0 [2024-05-20] (Screenovate Technologies) [Startup Task]
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_4.0.16.0_x64__htrsf667h5kn2 [2024-05-10] (Dell Inc)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.22.10269.0_x64__rz1tebttyb220 [2024-05-28] (Dolby Laboratories)
Dolby Vision Extensions -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyVisionAccess_2.20303.556.0_x64__rz1tebttyb220 [2024-05-17] (Dolby Laboratories)
Dropbox -> C:\Program Files (x86)\Dropbox\Client\PackageAssets [2024-06-25] (Dropbox Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_15.0.215.0_x64__nzyj5cx40ttqa [2024-02-18] (Apple Inc.) [Startup Task]
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.23.0_neutral__8xx8rvfyw5nnt [2024-02-15] (Instagram)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1041.0_x64__8j3eq9eme6ctt [2024-05-20] (INTEL CORP)
McAfee -> C:\Program Files\McAfee\wps\1.19.187.1 [2024-06-26] ()
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2024-05-20] (Microsoft Corporation)
MQTT-Explorer -> C:\Program Files\WindowsApps\51031thomas.nordquist.MQTT-Explorer_0.3.5.0_x64__0vh81zz42j0x6 [2022-12-11] (Thomas Nordquist)
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_2.2.6.0_x64__htrsf667h5kn2 [2024-05-20] (Dell Inc)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.99.5.0_x64__mcm4njqhnhss8 [2024-04-19] (Netflix, Inc.)
Partner Promo -> C:\Program Files\WindowsApps\DellInc.PartnerPromo_1.0.21.0_x64__htrsf667h5kn2 [2020-11-12] (Dell Inc)
Rufus -> C:\Program Files\WindowsApps\19453.net.Rufus_4.5.2180.0_x64__y8nh7bq2a8dtt [2024-05-23] (Akeo Consulting)
SmartByte -> C:\Program Files\WindowsApps\RivetNetworks.SmartByte_3.1.1002.0_x64__rh07ty8m5nkag [2023-06-05] (Rivet Networks LLC)
Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.18.194.0_x64__43tkc6nmykmb6 [2024-05-20] (Ookla)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0 [2024-06-20] (Spotify AB) [Startup Task]
Telegram Desktop -> C:\Program Files\WindowsApps\TelegramMessengerLLP.TelegramDesktop_5.1.7.0_x64__t4vj0pshhgkwm [2024-06-16] (Telegram Messenger LLP) [Startup Task]
Thunderbolt™ Control Center -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.37.0_x64__8j3eq9eme6ctt [2023-10-14] (INTEL CORP)
Twitter -> C:\Program Files\WindowsApps\twitter.com-135FFC0D_7.0.1.1_neutral__9wdrbcd1pw7ja [2023-10-15] (twitter.com)
Waves MaxxAudio Pro for Dell 2020 -> C:\Program Files\WindowsApps\WavesAudio.MaxxAudioProforDell2020_3.0.98.0_x64__fh4rh281wavaa [2021-07-02] (Waves Audio)
Web Search from Microsoft Bing -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.91.0_x64__8wekyb3d8bbwe [2024-05-20] (Microsoft Corporation)
WiFi Analyzer -> C:\Program Files\WindowsApps\19965MATTHAFNER.WIFIANALYZER_2.7.3.0_x64__gs5k5vmxr2ste [2024-05-20] (Matt Hafner)
WiFi Scout -> C:\Program Files\WindowsApps\58902DevinWong.WiFiScout_1.1.27.0_x64__prjqa6kttm06e [2021-01-12] (Devin Wong)
WinAppRuntime.Main.1.2 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.2_2000.802.31.0_x64__8wekyb3d8bbwe [2023-08-15] (Microsoft Corp.)
WinAppRuntime.Main.1.3 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.3_3000.934.1904.0_x64__8wekyb3d8bbwe [2023-09-15] (Microsoft Corp.)
WinAppRuntime.Main.1.4 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.4_4000.1227.1637.0_x64__8wekyb3d8bbwe [2024-05-17] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_5001.159.55.0_x64__8wekyb3d8bbwe [2024-06-13] (Microsoft Corp.)
WinDbg -> C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2402.24001.0_x64__8wekyb3d8bbwe [2024-03-07] (Microsoft Corporation)
Windows App Runtime DDLM 2000.802.31.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.2000.802.31.0-x6_2000.802.31.0_x64__8wekyb3d8bbwe [2023-08-15] (Microsoft Corporation)
Windows App Runtime DDLM 2000.802.31.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.2000.802.31.0-x8_2000.802.31.0_x86__8wekyb3d8bbwe [2023-08-15] (Microsoft Corporation)
Windows App Runtime DDLM 3000.882.2207.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3000.882.2207.0-x6_3000.882.2207.0_x64__8wekyb3d8bbwe [2023-09-14] (Microsoft Corporation)
Windows App Runtime DDLM 3000.882.2207.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3000.882.2207.0-x8_3000.882.2207.0_x86__8wekyb3d8bbwe [2023-09-14] (Microsoft Corporation)
Windows App Runtime DDLM 4000.1082.2259.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.1082.2259.0-x6_4000.1082.2259.0_x64__8wekyb3d8bbwe [2024-05-06] (Microsoft Corporation)
Windows App Runtime DDLM 4000.1082.2259.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.1082.2259.0-x8_4000.1082.2259.0_x86__8wekyb3d8bbwe [2024-05-06] (Microsoft Corporation)
Windows App Runtime DDLM 4000.964.11.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.964.11.0-x6_4000.964.11.0_x64__8wekyb3d8bbwe [2024-01-14] (Microsoft Corporation)
Windows App Runtime DDLM 4000.964.11.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.964.11.0-x8_4000.964.11.0_x86__8wekyb3d8bbwe [2024-01-14] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001_Classes\CLSID\{0440049F-D1DC-4E46-B27B-98393D79486B}\InprocServer32 -> C:\Users\mattp\AppData\Local\PowerToys\WinUI3Apps\PowerToys.PowerRenameExt.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001_Classes\CLSID\{0e99ffe2-047a-495f-bbd5-9e007ecaac3f} -> [Nextcloud] => C:\Users\mattp\Nextcloud [2022-06-24 17:12]
CustomCLSID: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001_Classes\CLSID\{10144713-1526-46C9-88DA-1FB52807A9FF}\InprocServer32 -> C:\Users\mattp\AppData\Local\PowerToys\PowerToys.SvgThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001_Classes\CLSID\{1019ADC7-17CB-4489-AFD5-6642C7400ACE}\localserver32 -> C:\Users\mattp\AppData\Local\Webex\Webex\Applications\ptOIEx64.exe (Cisco WebEx LLC -> Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001_Classes\CLSID\{131E4473-BAAD-4935-A571-7B34CDF75BB3} -> [iCloud Drive] => C:\Users\mattp\iCloudDrive [2022-03-28 12:13]
CustomCLSID: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\mattp\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.24054.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001_Classes\CLSID\{1E62D59A-6EA4-476C-B707-4A32E88ED822}\InprocServer32 -> C:\Program Files\Nextcloud\CfApiShellExtensions.dll () [File not signed]
CustomCLSID: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001_Classes\CLSID\{227C9E8F-71A1-4B23-9076-682A1A8EAAED}\localserver32 -> c:\program files\macrium\common\reflectmonitor.exe (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
CustomCLSID: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> C:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> nordvpn S.A.)
CustomCLSID: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001_Classes\CLSID\{51B4D7E5-7568-4234-B4BB-47FB3C016A69}\InprocServer32 -> C:\Users\mattp\AppData\Local\PowerToys\PowerToys.ImageResizerExt.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001_Classes\CLSID\{60789D87-9C3C-44AF-B18C-3DE2C2820ED3}\InprocServer32 -> C:\Users\mattp\AppData\Local\PowerToys\PowerToys.MarkdownPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001_Classes\CLSID\{6FF9B5B6-389F-444A-9FDD-A286C36EA079}\InprocServer32 -> C:\Program Files\Nextcloud\CfApiShellExtensions.dll () [File not signed]
CustomCLSID: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001_Classes\CLSID\{729B72CD-B72E-4FE9-BCBF-E954B33FE699}\InprocServer32 -> C:\Users\mattp\AppData\Local\PowerToys\PowerToys.QoiPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001_Classes\CLSID\{77257004-6F25-4521-B602-50ECC6EC62A6}\InprocServer32 -> C:\Users\mattp\AppData\Local\PowerToys\PowerToys.StlThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001_Classes\CLSID\{830F2B1C-865D-4369-B2CD-586CB4452F05} -> [iCloud Photos] => C:\Users\mattp\iCloudPhotos\Photos [2022-03-28 12:13]
CustomCLSID: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001_Classes\CLSID\{84D68575-E186-46AD-B0CB-BAEB45EE29C0}\InprocServer32 -> C:\Users\mattp\AppData\Local\PowerToys\WinUI3Apps\PowerToys.FileLocksmithExt.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001_Classes\CLSID\{A0257634-8812-4CE8-AF11-FA69ACAEAFAE}\InprocServer32 -> C:\Users\mattp\AppData\Local\PowerToys\PowerToys.GcodePreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001_Classes\CLSID\{AD856B15-D25E-4008-AFB7-AFAA55586188}\InprocServer32 -> C:\Users\mattp\AppData\Local\PowerToys\PowerToys.QoiThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\mattp\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\mattp\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001_Classes\CLSID\{D8034CFA-F34B-41FE-AD45-62FCBB52A6DA}\InprocServer32 -> C:\Users\mattp\AppData\Local\PowerToys\PowerToys.MonacoPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001_Classes\CLSID\{DD5CACDA-7C2E-4997-A62A-04A597B58F76}\localserver32 -> C:\Users\mattp\AppData\Local\PowerToys\PowerToys.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001_Classes\CLSID\{e20d759d-905f-3997-07cd-4f39701ea62e}\localserver32 -> C:\Users\mattp\AppData\Local\PowerToys\PowerToys.PowerLauncher.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\mattp\Dropbox [2021-01-12 17:32]
CustomCLSID: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001_Classes\CLSID\{F2847CBE-CD03-4C83-A359-1A8052C1B9D5}\InprocServer32 -> C:\Users\mattp\AppData\Local\PowerToys\PowerToys.GcodeThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001_Classes\CLSID\{FCDD4EED-41AA-492F-8A84-31A1546226E0}\InprocServer32 -> C:\Users\mattp\AppData\Local\PowerToys\PowerToys.SvgPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [                NextcloudError] -> {E0342B74-7593-4C70-9D61-22F294AAFE05} => C:\Program Files\Nextcloud\NCOverlays.dll [2024-04-23] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [                NextcloudOK] -> {E1094E94-BE93-4EA2-9639-8475C68F3886} => C:\Program Files\Nextcloud\NCOverlays.dll [2024-04-23] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [                NextcloudOKShared] -> {E243AD85-F71B-496B-B17E-B8091CBE93D2} => C:\Program Files\Nextcloud\NCOverlays.dll [2024-04-23] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [                NextcloudSync] -> {E3D6DB20-1D83-4829-B5C9-941B31C0C35A} => C:\Program Files\Nextcloud\NCOverlays.dll [2024-04-23] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [                NextcloudWarning] -> {E4977F33-F93A-4A0A-9D3C-83DEA0EE8483} => C:\Program Files\Nextcloud\NCOverlays.dll [2024-04-23] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_d51acc8493d6b911\OptaneShellExt.dll [2022-10-27] (Intel Corporation -> )
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [McCtxMenu] -> {4ADAAC88-E1BD-424F-816D-15E059007938} => C:\Program Files\McAfee\wps\1.19.187.1\mc-ctxmnu.dll [2024-06-26] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2023-11-30] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2021-12-20] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2023-11-30] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2021-12-20] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-05-22] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [NextcloudContextMenuHandler] -> {BC6988AB-ACE2-4B81-84DC-DC34F9B24401} => C:\Program Files\Nextcloud\NCContextMenu.dll [2024-04-23] (Nextcloud GmbH -> Nextcloud GmbH)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_d51acc8493d6b911\OptaneShellExt.dll [2022-10-27] (Intel Corporation -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2021-12-20] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.75.0.dll [2024-06-25] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-05-22] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [McCtxMenu] -> {4ADAAC88-E1BD-424F-816D-15E059007938} => C:\Program Files\McAfee\wps\1.19.187.1\mc-ctxmnu.dll [2024-06-26] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers2_S-1-5-21-1721838227-1617371528-1245358295-1001: [FileLocksmithExt] -> {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Users\mattp\AppData\Local\PowerToys\WinUI3Apps\PowerToys.FileLocksmithExt.dll [2024-05-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3_S-1-5-21-1721838227-1617371528-1245358295-1001: [FileLocksmithExt] -> {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Users\mattp\AppData\Local\PowerToys\WinUI3Apps\PowerToys.FileLocksmithExt.dll [2024-05-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3_S-1-5-21-1721838227-1617371528-1245358295-1001: [PowerRenameExt] -> {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Users\mattp\AppData\Local\PowerToys\WinUI3Apps\PowerToys.PowerRenameExt.dll [2024-05-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5_S-1-5-21-1721838227-1617371528-1245358295-1001: [PowerRenameExt] -> {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Users\mattp\AppData\Local\PowerToys\WinUI3Apps\PowerToys.PowerRenameExt.dll [2024-05-26] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\mattp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TikTok.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=nlalbmkafgmoifbeooblidblkmlhhpnc
 
==================== Loaded Modules (Whitelisted) =============
 
2017-04-19 06:27 - 2017-04-19 06:27 - 000138752 _____ () [File not signed] C:\Program Files\qemu-ga\qga-vss.dll
2022-03-28 14:16 - 2021-12-20 13:25 - 000066184 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\VssEaseusProvider.dll
2022-03-28 14:16 - 2021-12-20 13:26 - 000382088 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll
2019-02-01 23:42 - 2019-02-01 23:42 - 000050688 _____ (HP Inc.) [File not signed] c:\windows\system32\hpzinw12.dll
2019-02-01 23:42 - 2019-02-01 23:42 - 000066048 _____ (HP Inc.) [File not signed] c:\windows\system32\hpzipm12.dll
2022-01-25 15:57 - 2021-12-26 09:00 - 000093696 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2018-03-08 07:18 - 2018-03-08 07:18 - 000015360 _____ (NHibernate community) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Iesi.Collections.dll
2018-02-06 17:25 - 2018-02-06 17:25 - 000176640 _____ (rubicon IT GmbH) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Remotion.Linq.dll
2018-03-23 12:10 - 2018-03-23 12:10 - 000028160 _____ (rubicon IT GmbH) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Remotion.Linq.EagerFetching.dll
2021-02-17 04:19 - 2021-02-17 04:19 - 000124928 _____ (Stateless Contributors) [File not signed] [File is in use] C:\Program Files\Dell\SupportAssistAgent\bin\stateless.dll
2021-12-17 05:45 - 2021-12-17 05:45 - 000258048 _____ (The Apache Software Foundation) [File not signed] [File is in use] C:\Program Files\Dell\SupportAssistAgent\bin\log4net.dll
2016-12-18 08:55 - 2016-12-18 08:55 - 000097280 _____ (Tunnel Vision Laboratories, LLC) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Antlr3.Runtime.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\mattp\Downloads\Cisco ASA 9.9.2.zip:shield [288]
AlternateDataStreams: C:\Users\mattp\Downloads\Cisco CSR1000v-20200430T221052Z-001.zip:shield [466]
AlternateDataStreams: C:\Users\mattp\Downloads\Cisco IOS XRv 9000-20200430T221638Z-001.zip:shield [470]
AlternateDataStreams: C:\Users\mattp\Downloads\Cisco IOS XRv-20200430T221423Z-001.zip:shield [462]
AlternateDataStreams: C:\Users\mattp\Downloads\Cisco IOSv images Latest.zip:shield [297]
AlternateDataStreams: C:\Users\mattp\Downloads\Cisco IOSv L2.zip:shield [286]
AlternateDataStreams: C:\Users\mattp\Downloads\Cisco NX OSv Final.zip:shield [291]
AlternateDataStreams: C:\Users\mattp\Downloads\cookies.zip:shield [501]
AlternateDataStreams: C:\Users\mattp\Downloads\EIGRPv6.yaml:shield [96]
AlternateDataStreams: C:\Users\mattp\Downloads\en_visio_professional_2019_x86_x64_dvd_3b951cef.iso:shield [199]
AlternateDataStreams: C:\Users\mattp\Downloads\Fedora-Workstation-Live-x86_64-39-1.5.iso:shield [225]
AlternateDataStreams: C:\Users\mattp\Downloads\L3-Adventerprisek9-ms.154-2.T4.zip:shield [458]
AlternateDataStreams: C:\Users\mattp\Downloads\NordPassSetup.exe:shield [130]
AlternateDataStreams: C:\Users\mattp\Downloads\Parrot-security-5.3_amd64 (1).iso:shield [166]
AlternateDataStreams: C:\Users\mattp\Downloads\PowerToysUserSetup-0.81.1-x64.exe:MBAM.Zone.Identifier [677]
AlternateDataStreams: C:\Users\mattp\Downloads\qbittorrent_4.6.4_x64_setup.exe:shield [362]
AlternateDataStreams: C:\Users\mattp\Downloads\TeamViewerQS_x64.exe:shield [204]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\Software\Classes\regfile:  <==== ATTENTION
HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\Software\Classes\.reg:  =>  <==== ATTENTION
HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\Software\Classes\.bat:  =>  <==== ATTENTION
HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\Software\Classes\.cmd:  =>  <==== ATTENTION
 
==================== Internet Explorer (Whitelisted) ==========
 
SearchScopes: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001 -> DefaultScope {FE3AC205-7DBA-4E9F-9B14-8C9412BB867B} URL = 
SearchScopes: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001 -> {FE3AC205-7DBA-4E9F-9B14-8C9412BB867B} URL = 
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2020-10-15] (Belarc, Inc. -> Belarc, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-01] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\ably-realtime.com -> hxxps://ably-realtime.com
IE trusted site: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\ably.io -> hxxps://ably.io
IE trusted site: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\gettesting.com -> hxxps://gettesting.com
IE trusted site: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\onvue.com -> hxxps://onvue.com
IE trusted site: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\pearson.com -> hxxps://pearson.com
IE trusted site: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\pearsonvue.com -> hxxps://pearsonvue.com
IE trusted site: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\proctorcam.com -> hxxps://proctorcam.com
IE trusted site: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\programworkshop.com -> hxxps://programworkshop.com
IE trusted site: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\programworkshop2.com -> hxxps://programworkshop2.com
IE trusted site: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\pvue2.com -> hxxps://pvue2.com
IE trusted site: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\startpractice.com -> hxxps://startpractice.com
IE trusted site: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\starttest.com -> hxxps://starttest.com
IE trusted site: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\starttest2.com -> hxxps://starttest2.com
IE trusted site: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\twilio.com -> hxxps://twilio.com
IE trusted site: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\verifyreadiness.com -> hxxps://verifyreadiness.com
IE trusted site: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\wowza.com -> hxxps://wowza.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 04:14 - 2022-02-10 10:38 - 000000822 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\VMware\VMware Player\bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\PuTTY\;C:\Program Files\Amazon\AWSCLIV2\;C:\Program Files\dotnet\;C:\Program Files\WireGuard\
HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\mattp\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 192.168.201.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
Network Binding:
=============
VirtualBox Host-Only Network: VMware Bridge Protocol -> vmware_bridge (enabled) 
VirtualBox Host-Only Network: NordVPN LightWeight Firewall -> NordLwf (enabled) 
VirtualBox Host-Only Network: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled) 
VMware Network Adapter VMnet8: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
Wi-Fi: VMware Bridge Protocol -> vmware_bridge (enabled) 
Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
Wi-Fi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
Wi-Fi: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) 
Wi-Fi: NordVPN LightWeight Firewall -> NordLwf (enabled) 
Bluetooth Network Connection 2: VMware Bridge Protocol -> vmware_bridge (enabled) 
Bluetooth Network Connection 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
Ethernet 2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
Ethernet 2: VMware Bridge Protocol -> vmware_bridge (enabled) 
Ethernet 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled) 
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled) 
Ethernet: VMware Bridge Protocol -> vmware_bridge (enabled) 
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
VMware Network Adapter VMnet1: VMware Bridge Protocol -> vmware_bridge (disabled) 
VMware Network Adapter VMnet1: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: BalloonService => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cplspcon => 2
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: DbxSvc => 2
MSCONFIG\Services: dcpm-notify => 3
MSCONFIG\Services: Dell Digital Delivery Services => 2
MSCONFIG\Services: Dell Hardware Support => 2
MSCONFIG\Services: Dell SupportAssist Remediation => 2
MSCONFIG\Services: EaseUS Agent => 2
MSCONFIG\Services: esifsvc => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: GoogleUpdaterInternalService126.0.6462.0 => 2
MSCONFIG\Services: GoogleUpdaterService126.0.6462.0 => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iaStorAfsService => 3
MSCONFIG\Services: igccservice => 2
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel® TPM Provisioning Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MacriumService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nordsec-threatprotection-service => 3
MSCONFIG\Services: NordUpdaterService => 2
MSCONFIG\Services: nordvpn-service => 2
MSCONFIG\Services: OpenVPNServiceInteractive => 2
MSCONFIG\Services: QEMU-GA => 2
MSCONFIG\Services: RstMwService => 2
MSCONFIG\Services: TbtP2pShortcutService => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: vdservice => 2
MSCONFIG\Services: WavesSysSvc => 2
MSCONFIG\Services: WCAssistantService => 2
MSCONFIG\Services: WireGuardManager => 2
MSCONFIG\Services: WMIRegistrationService => 2
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Reflect UI"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "TrayProcess"
HKLM\...\StartupApproved\Run32: => "Intel® Arc™ Control"
HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\StartupApproved\Run: => "CiscoMeetingDaemon"
HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\StartupApproved\Run: => "ut"
HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\StartupApproved\Run: => "flbmusic"
HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\StartupApproved\Run: => "Nextcloud"
HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\StartupApproved\Run: => "OpenVPN-GUI"
HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\StartupApproved\Run: => "NordVPN"
HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\StartupApproved\Run: => "CiscoSpark"
HKU\S-1-5-21-1721838227-1617371528-1245358295-1001\...\StartupApproved\Run: => "com.squirrel.slack.slack"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6E2559AF-3EED-4EF9-A6A4-F175FFD4362F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{BB05DA22-28DB-4DA4-B36F-A3D136CFFF83}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DD46CF52-2C16-46A2-8E1A-DBDD964555CB}] => (Allow) C:\Program Files\NordVPN\nordvpn-service.exe (nordvpn s.a. -> nordvpn S.A.)
FirewallRules: [{19DF1ADD-2299-41F0-ACDB-E7097365DAEB}] => (Allow) C:\Program Files\NordVPN\nordvpn-service.exe (nordvpn s.a. -> nordvpn S.A.)
FirewallRules: [UDP Query User{0407F972-60A2-4184-B918-CD49A51DC6BC}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [TCP Query User{B00E90B6-AC26-455E-8350-909DF890B49C}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{976B9F27-4F62-4BD2-967B-CF39AD36DE7B}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{264CB7BA-B8B8-4E17-859D-71503450D087}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{5AE9ED0D-FF56-44FA-880A-D312FE998668}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2402.24001.0_x64__8wekyb3d8bbwe\arm64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{73752C27-1ADD-4034-9434-9FC973AC0D71}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2402.24001.0_x64__8wekyb3d8bbwe\arm64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ED85CBA8-B44F-45F0-8305-C0B197F5DDCE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2402.24001.0_x64__8wekyb3d8bbwe\amd64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{46BC1972-88AC-41AD-93CD-DD9E1124B56E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2402.24001.0_x64__8wekyb3d8bbwe\amd64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8C7619E6-A44D-4004-86ED-BA6BCDF83AE2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2402.24001.0_x64__8wekyb3d8bbwe\x86\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8792A5C3-1C0C-4983-8FEB-77DB39AB543C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2402.24001.0_x64__8wekyb3d8bbwe\x86\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{37A92F75-4B1D-40A6-BFD8-E5CA91C05092}C:\users\mattp\appdata\local\programs\opera\opera.exe] => (Block) C:\users\mattp\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{B15A1C63-41A2-430D-ADF7-021EE1958596}C:\users\mattp\appdata\local\programs\opera\opera.exe] => (Block) C:\users\mattp\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{A30FEBB0-EBF8-4225-AE84-B0A7FB25839D}C:\users\mattp\appdata\local\temp\2yvmcr7o0gh6o0tn0yz47pp299i\onvue.exe] => (Allow) C:\users\mattp\appdata\local\temp\2yvmcr7o0gh6o0tn0yz47pp299i\onvue.exe => No File
FirewallRules: [TCP Query User{45777CAA-C195-406F-975A-0C968D1AA756}C:\users\mattp\appdata\local\temp\2yvmcr7o0gh6o0tn0yz47pp299i\onvue.exe] => (Allow) C:\users\mattp\appdata\local\temp\2yvmcr7o0gh6o0tn0yz47pp299i\onvue.exe => No File
FirewallRules: [{CCCAE0F2-C2BC-43CF-B494-DC9B7EDB5A8F}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{A3428318-BD99-4A9B-9CB5-B5EF5BB6D9E2}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{64DBDEDF-B79D-4DB0-A529-89EA46BE6A90}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{B62C29CC-E81E-4808-9745-A407A0FECC77}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [UDP Query User{85342F89-E662-469D-BC1E-A8093397ADF5}C:\users\mattp\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\mattp\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{E7CC1549-5AD8-4DB0-8A32-6EC7A06448AC}C:\users\mattp\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\mattp\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{813E4573-6863-4AD5-9A2D-D7596D2B91EB}C:\users\mattp\appdata\roaming\flbmusic\flbmusic.exe] => (Block) C:\users\mattp\appdata\roaming\flbmusic\flbmusic.exe (Patrick Waweru) [File not signed]
FirewallRules: [TCP Query User{99F7D9C4-3428-474B-B989-C876EA6294F0}C:\users\mattp\appdata\roaming\flbmusic\flbmusic.exe] => (Block) C:\users\mattp\appdata\roaming\flbmusic\flbmusic.exe (Patrick Waweru) [File not signed]
FirewallRules: [UDP Query User{DC80E569-8D2C-40F7-BA13-3F449D552EE5}C:\users\mattp\appdata\roaming\flbmusic\flbmusic.exe] => (Block) C:\users\mattp\appdata\roaming\flbmusic\flbmusic.exe (Patrick Waweru) [File not signed]
FirewallRules: [TCP Query User{A53CDFDB-25C8-4F37-8498-D2828952676C}C:\users\mattp\appdata\roaming\flbmusic\flbmusic.exe] => (Block) C:\users\mattp\appdata\roaming\flbmusic\flbmusic.exe (Patrick Waweru) [File not signed]
FirewallRules: [UDP Query User{0A3D31C7-DE7E-4AA3-AC57-550394ADC888}C:\users\mattp\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\mattp\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{592804D4-E430-4B47-B484-3FEFB3C002DB}C:\users\mattp\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\mattp\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{5BA97122-41BE-456F-9BF7-5DF537BD4A79}C:\program files\cisco packet tracer 8.2.1\bin\packettracer.exe] => (Allow) C:\program files\cisco packet tracer 8.2.1\bin\packettracer.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [TCP Query User{86D49FD7-CE01-499F-9B87-D17FA8DD5B0D}C:\program files\cisco packet tracer 8.2.1\bin\packettracer.exe] => (Allow) C:\program files\cisco packet tracer 8.2.1\bin\packettracer.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [{CFBD4816-FB53-4385-AFE4-9883EFA889FC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{63104385-C720-4FBF-A0B1-E7B92BC7FE03}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{440C1491-763B-455D-82BD-9ED89786E89F}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{3CAFF6A0-C383-40B9-8CE3-7E81D0209843}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{FD58CA6E-5C31-4EBD-A834-82F513F751AC}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{272313AC-62E0-482E-B7EE-814BF4B3FBA3}] => (Allow) LPort=5800
FirewallRules: [{8285CFB6-BE9F-4F7D-8161-158EA29D7898}] => (Allow) LPort=5900
FirewallRules: [{D31DC3E7-7A8C-47F4-A8C1-8AB8E98C2CDE}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
FirewallRules: [{D198795B-E786-4B06-9DAF-E3EC6B5D1CB4}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
FirewallRules: [{A1C4EF6F-3A71-497D-9D39-78DCF4695221}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E2544D27-0E00-4F20-8D2F-ADD5174A9410}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{680F05EA-43FA-43DD-B57B-355153216406}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
FirewallRules: [{50A77C67-299B-48C9-9DFE-DB2357023839}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
FirewallRules: [{1BFD23B8-94B4-4ABE-9557-1F32988D517A}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
FirewallRules: [{BB4C1381-3BED-4299-B62E-1D14E2346F41}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
FirewallRules: [{05560327-7114-4B8C-A1C7-DE785A6CEA44}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
FirewallRules: [{69D0059E-774A-4FC3-9E4A-27A390DDC9BA}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
FirewallRules: [{0CC92B47-7846-42EB-A000-17A07A8DE59D}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (6B081F61-C764-4F21-995F-B463D0640577 -> Screenovate Technologies Ltd.)
FirewallRules: [{1B304E70-6AF3-4DD1-B57F-E2B50F6762E0}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (6B081F61-C764-4F21-995F-B463D0640577 -> Screenovate Technologies Ltd.)
FirewallRules: [{0AA51F7E-26FA-4711-BF9C-B6C265793628}] => (Allow) C:\Users\mattp\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{892A93E2-5C33-4AC1-8624-57AF2A4068C8}] => (Allow) C:\Users\mattp\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{F4FFABA8-FD0C-4C9F-AD62-D8ECA01EBE58}] => (Allow) C:\Users\mattp\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{9CF54459-7259-4316-B50A-A3D2B0DD7BE7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{919D2C8C-7DD5-4FCE-AD61-DFECCE3BF4B9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{9C7ED174-9ECF-4B23-B26F-CB6434E08D02}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{C06024A8-2932-4FDE-9832-9C2BC805B5EE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{480F4B0B-B3C5-48D4-B691-E6E067A58851}] => (Allow) C:\Users\mattp\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{A2B5913F-2DF5-4F2D-BAA2-7069CDAD4FBE}] => (Allow) C:\Users\mattp\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{6E94DC81-3254-42F2-BC97-737722DB4DDD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5ACAAE61-4533-4DBA-8727-E7F018099071}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F642C7C3-18E2-48A2-9C31-3254B737F0A9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2A3B68AF-AD3B-41B7-91CE-E076B4E32DC0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7A6F509D-F4C1-497C-BCC3-C506CE3AEEFC}] => (Allow) C:\Users\mattp\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{761015F8-C7E4-46CB-AA1A-25E32A357D96}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnectPlus_4.1.8330.0_x64__0vhbc3ng4wbp0\DellMobileConnect.exe (6B081F61-C764-4F21-995F-B463D0640577 -> Screenovate Technologies Ltd.)
FirewallRules: [{E86E99C6-FED1-4405-9D1E-79C44A070C7C}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnectPlus_4.1.8330.0_x64__0vhbc3ng4wbp0\DellMobileConnect.exe (6B081F61-C764-4F21-995F-B463D0640577 -> Screenovate Technologies Ltd.)
FirewallRules: [{BC63B31E-DDF7-47C5-97A7-5C072B3625C3}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{A376EA57-14F1-4AB2-A28D-D3AA1EA238B9}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{C211330A-B89D-4EFA-8DB5-4548E1EF4344}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{31A0011E-9E0E-4939-9CD1-45169FBED793}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6A8693D1-622B-4A22-868D-7432022996E1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{522A7DD9-9202-44ED-BD41-6A2168596F61}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{80A83B94-4208-4CBE-BFA3-1E3B2E67DD2D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{450DF2BF-FAFC-4F4B-9B37-2C2C737A173F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{778D9555-CE73-4921-8A83-1C2DD6A70AC8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{369C2F79-E53F-41E4-BD73-F2D571E6713D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B12FA6FF-F303-48A0-BB6B-EDA704211977}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F04D1938-A104-4DB7-952B-497B5EB81C4E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{6B1B508D-DEAE-4846-9DFE-4F5D1FE8AD78}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C67DA293-5F93-4E38-A656-ECC4548ACE58}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{63ED0329-DD86-49FD-90C1-5AD25C721A88}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3232A14B-5B72-4D69-A9E0-2531E8F478C1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.240.599.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{FEEB05AB-C0CC-4790-BB74-764BD4FE06AC}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A25A2EDE-7C3B-444D-AA8A-6B0F527D72D3}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{EE5FA18E-6113-4714-8F1D-43F963F92922}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
 
==================== Restore Points =========================
 
11-06-2024 21:19:23 Windows Modules Installer
21-06-2024 03:58:54 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (06/29/2024 05:12:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskhostw.exe, version: 10.0.19041.4474, time stamp: 0x5599b21c
Faulting module name: ntdll.dll, version: 10.0.19041.4522, time stamp: 0x8a1bb6f3
Exception code: 0xc0000005
Fault offset: 0x000000000002f23f
Faulting process id: 0x562c
Faulting application start time: 0x01daca0ccfd0940e
Faulting application path: C:\WINDOWS\system32\taskhostw.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: cd13c81c-dbd1-4d5c-8dfe-dba75f1cd39e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/28/2024 01:55:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.19041.4522 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2698
 
Start Time: 01dac987c1423a1f
 
Termination Time: 0
 
Application Path: C:\Windows\explorer.exe
 
Report Id: 2d56a05e-74ee-4b4b-97c6-20328e98d8a1
 
Faulting package full name: 
 
Faulting package-relative application ID: 
 
Hang type: Unknown
 
Error: (06/28/2024 08:31:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mc-neo-host.exe, version: 24.3.0.301, time stamp: 0x662ad381
Faulting module name: mc-neo-unpacker-nsis.dll, version: 24.3.0.301, time stamp: 0x662ad405
Exception code: 0xc0000005
Fault offset: 0x00000000000233e0
Faulting process id: 0x37b8
Faulting application start time: 0x01dac95c21f3a63d
Faulting application path: \\?\C:\Program Files\McAfee\WPS\1.19.187.1\neo\mc-neo-host.exe
Faulting module path: \\?\C:\Program Files\McAfee\WPS\1.19.187.1\neo\mc-neo-unpacker-nsis.dll
Report Id: 894ee28c-4850-40ed-a22a-51cd7c84207a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/28/2024 08:31:14 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: mc-neo-host.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 00007FFAE94333E0
Stack:
 
Error: (06/25/2024 03:10:38 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
 
Error: (06/25/2024 03:10:38 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
 
Error: (06/25/2024 03:10:38 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
 
Error: (06/25/2024 03:10:38 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
 
 
System errors:
=============
Error: (06/29/2024 06:00:00 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error -2147020471. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931
 
Error: (06/29/2024 01:23:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The McAfee Scheduled Task - (McAfee-Dynamicappdownloader) service terminated with the following error: 
Incorrect function.
 
Error: (06/28/2024 06:00:01 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error -2147020471. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931
 
Error: (06/28/2024 04:10:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SASKUTIL service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Error: (06/28/2024 02:01:46 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error -2147020471. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931
 
Error: (06/28/2024 02:01:43 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.201.249 with the system
having network hardware address B4-B0-24-8B-2C-0C. Network operations on this system may
be disrupted as a result.
 
Error: (06/28/2024 01:19:34 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.201.249 with the system
having network hardware address B4-B0-24-8B-2C-0C. Network operations on this system may
be disrupted as a result.
 
Error: (06/28/2024 01:19:21 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error -2147020471. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931
 
 
Windows Defender:
================
Date: 2024-06-28 10:35:47
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Backdoor:PowerShell/Shaningnin
Severity: Severe
Category: Backdoor
Path: containerfile:_C:\Users\mattp\Downloads\kali-linux-2021.1-installer-amd64.iso; file:_C:\Users\mattp\Downloads\kali-linux-2021.1-installer-amd64.iso->pool\main\n\nishang\nishang_0.7.6-0kali2_all.deb
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.411.259.0, AS: 1.411.259.0, NIS: 1.411.259.0
Engine Version: AM: 1.1.24040.1, NIS: 1.1.24040.1
 
Date: 2024-06-28 10:35:47
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/RemoteAdmin!MSR
Severity: High
Category: Tool
Path: containerfile:_C:\Users\mattp\Downloads\kali-linux-2021.1-installer-amd64.iso; file:_C:\Users\mattp\Downloads\kali-linux-2021.1-installer-amd64.iso->pool\non-free\w\windows-binaries\windows-binaries_0.6.9_all.deb->data.tar.xz->(xz)->./usr/share/windows-resources/binaries/nc.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.411.259.0, AS: 1.411.259.0, NIS: 1.411.259.0
Engine Version: AM: 1.1.24040.1, NIS: 1.1.24040.1
 
Date: 2024-06-28 10:35:47
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/PWDump.C
Severity: High
Category: Tool
Path: containerfile:_C:\Users\mattp\Downloads\kali-linux-2021.1-installer-amd64.iso; file:_C:\Users\mattp\Downloads\kali-linux-2021.1-installer-amd64.iso->pool\non-free\w\windows-binaries\windows-binaries_0.6.9_all.deb->data.tar.xz->(xz)->./usr/share/windows-resources/binaries/fgdump/PwDump.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.411.259.0, AS: 1.411.259.0, NIS: 1.411.259.0
Engine Version: AM: 1.1.24040.1, NIS: 1.1.24040.1
 
Date: 2024-06-28 10:35:47
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win64/Fgdump
Severity: High
Category: Tool
Path: containerfile:_C:\Users\mattp\Downloads\kali-linux-2021.1-installer-amd64.iso; file:_C:\Users\mattp\Downloads\kali-linux-2021.1-installer-amd64.iso->pool\non-free\w\windows-binaries\windows-binaries_0.6.9_all.deb->data.tar.xz->(xz)->./usr/share/windows-resources/binaries/fgdump/cachedump64.exe; file:_C:\Users\mattp\Downloads\kali-linux-2021.1-installer-amd64.iso->pool\non-free\w\windows-binaries\windows-binaries_0.6.9_all.deb->data.tar.xz->(xz)->./usr/share/windows-resources/binaries/fgdump/servpw64.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.411.259.0, AS: 1.411.259.0, NIS: 1.411.259.0
Engine Version: AM: 1.1.24040.1, NIS: 1.1.24040.1
 
Date: 2024-06-28 10:35:47
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/Fgdump
Severity: High
Category: Tool
Path: containerfile:_C:\Users\mattp\Downloads\kali-linux-2021.1-installer-amd64.iso; file:_C:\Users\mattp\Downloads\kali-linux-2021.1-installer-amd64.iso->pool\non-free\w\windows-binaries\windows-binaries_0.6.9_all.deb->data.tar.xz->(xz)->./usr/share/windows-resources/binaries/fgdump/cachedump.exe; file:_C:\Users\mattp\Downloads\kali-linux-2021.1-installer-amd64.iso->pool\non-free\w\windows-binaries\windows-binaries_0.6.9_all.deb->data.tar.xz->(xz)->./usr/share/windows-resources/binaries/fgdump/fgdump.exe; file:_C:\Users\mattp\Downloads\kali-linux-2021.1-installer-amd64.iso->pool\non-free\w\windows-binaries\windows-binaries_0.6.9_all.deb->data.tar.xz->(xz)->./usr/share/windows-resources/binaries/fgdump/fgexec.exe; file:_C:\Users\mattp\Downloads\kali-linux-2021.1-installer-amd64.iso->pool\non-free\w\windows-binaries\windows-binaries_0.6.9_all.deb->data.tar.xz->(xz)->./usr/share/windows-resources/binaries/fgdump/pstgdump.exe; file:_C:\Users\mattp\Downloads\kali-linux-2021.1-installer-amd64.iso->pool\non-free\w\windo
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.411.259.0, AS: 1.411.259.0, NIS: 1.411.259.0
Engine Version: AM: 1.1.24040.1, NIS: 1.1.24040.1
Event[0]:
 
Date: 2024-06-28 08:08:49
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.411.259.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.24040.1
Error code: 0x80240017
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2024-06-11 22:03:15
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.413.234.0
Previous security intelligence Version: 1.411.259.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.24050.5
Previous Engine Version: 1.1.24040.1
Error code: 0x80070002
Error description: The system cannot find the file specified. 
 
Date: 2024-06-11 22:03:15
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.413.234.0
Previous security intelligence Version: 1.411.259.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 1.1.24050.5
Previous Engine Version: 1.1.24040.1
Error code: 0x80070002
Error description: The system cannot find the file specified. 
 
Date: 2024-06-11 22:03:15
Description: 
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.24050.5
Previous Engine Version: 1.1.24040.1
Error Code: 0x80070002
Error description: The system cannot find the file specified. 
 
CodeIntegrity:
===============
Date: 2024-06-29 08:06:46
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\WPS\1.19.187.1\mc-sec-plugin-x64.dll that did not meet the Windows signing level requirements.
 
Date: 2024-06-29 08:06:46
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. 1.29.0 03/07/2024
Motherboard: Dell Inc. 0YGNMD
Processor: 11th Gen Intel® Core™ i5-1135G7 @ 2.40GHz
Percentage of memory in use: 27%
Total physical RAM: 65262.79 MB
Available physical RAM: 47204.14 MB
Total Virtual: 74990.79 MB
Available Virtual: 56135.81 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:937.76 GB) (Free:113.49 GB) (Model: Intel Optane H10 with SSD 512GB) (Protected) NTFS
 
\\?\Volume{419f8208-50df-41f9-98a4-6ddfaf9b6e73}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.4 GB) NTFS
\\?\Volume{3900cc26-9a20-47fb-bf90-d3e885560f0a}\ (Image) (Fixed) (Total:13.52 GB) (Free:0.17 GB) NTFS
\\?\Volume{0a148cd7-9731-4db8-bab3-cd8cb0db88cb}\ (DELLSUPPORT) (Fixed) (Total:1.34 GB) (Free:0.35 GB) NTFS
\\?\Volume{7af0749e-6878-47e1-b053-587e262f422a}\ (ESP) (Fixed) (Total:0.14 GB) (Free:0.06 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 953.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

Edited by hamluis, Yesterday, 10:39 AM.
Deleted 2 dupes - Hamluis.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware


  •  Avatar image
  • Malware Response Instructor
  • 58,110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:31 PM

Posted Today, 08:28 PM

Greetings and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
  • It is important to not run any tools or take any steps other than those I will provide for you.
  • Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
  • Please copy and paste all logs into your post unless otherwise requested.
  • When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
  • If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Please allow me some time to review what you have posted.
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.

John 6:68-69




2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users