Hey folks. I could really use the help. I believe there might be a global rootkit installed on my device. I could also be full of it. Figured I'd let the pros decide.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2021
Ran by Daniel Hunley (administrator) on DESKTOP-JESKERH (Dell Inc. OptiPlex 7020) (02-08-2021 10:19:05)
Running from C:\Users\Daniel Hunley\AppData\Local\Temp\MicrosoftEdgeDownloads\27069284-407e-4d1d-9ce8-15964f2686d3
Loaded Profiles: Daniel Hunley
Platform: Windows 10 Pro Version 21H1 19043.1110 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(A. & M. Neuber Software -> Neuber Software - www.neuber.com) C:\Program Files (x86)\Security Task Manager\SpyProtector.exe
(A. & M. Neuber Software -> Neuber Software) C:\Program Files (x86)\Security Task Manager\TaskMan.exe
(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe <2>
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <3>
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(CyberGhost S.R.L. -> CyberGhost S.R.L.) C:\Program Files\CyberGhost 8\Dashboard.exe
(CyberGhost S.R.L. -> CyberGhost S.R.L.) C:\Program Files\CyberGhost 8\Dashboard.Service.exe
(CyberGhost S.R.L. -> The OpenVPN Project) C:\Program Files\CyberGhost 8\Applications\VPN\Data\OpenVPN\x64\openvpn.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Intel(R) pGFX 2020 -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Lansweeper -> Fing Limited) C:\Program Files\Fing\resources\extraResources\fingagent.exe
(Lansweeper -> Fing Ltd) C:\Program Files\Fing\Fing.exe <3>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <20>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.549981c3f5f10_3.2106.14307.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxAccounts.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowsstore_12105.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Spotify AB -> Spotify Ltd) C:\Users\Daniel Hunley\AppData\Roaming\Spotify\Spotify.exe <6>
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8538872 2016-01-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1415928 2016-01-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => %LOCALAPPDATA%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [779504 2021-07-28] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-07-28] (Adobe Inc. -> )
HKLM-x32\...\Run: [Spy Protector] => C:\Program Files (x86)\Security Task Manager\SpyProtector.exe [145280 2018-10-19] (A. & M. Neuber Software -> Neuber Software - www.neuber.com)
HKU\S-1-5-21-3787111934-708604976-2212956296-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 8\Dashboard.exe [1306352 2021-07-29] (CyberGhost S.R.L. -> CyberGhost S.R.L.)
HKU\S-1-5-21-3787111934-708604976-2212956296-1001\...\Run: [Spotify] => C:\Users\Daniel Hunley\AppData\Roaming\Spotify\Spotify.exe [24276096 2021-07-30] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3787111934-708604976-2212956296-1001\...\Run: [electron.app.Fing] => C:\Program Files\Fing\Fing.exe [97700344 2021-04-26] (Lansweeper -> Fing Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\92.0.4515.107\Installer\chrmstp.exe [2021-07-29] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {3055A744-32AF-4A6F-8F72-69288C8B34EE} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1224879130-3890355660-88388299-500 => C:\Users\Daniel Hunley\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {3FE1BF9F-B84B-4721-8F73-DBC3CE1583FC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {558A8288-20A1-42EA-A17F-565435FEAA64} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {68415B30-9531-4D5C-B249-366FD366BF56} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8DE49CCF-4B2D-4DED-AA76-E7764243C3BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-29] (Google LLC -> Google LLC)
Task: {A2447EFA-A76F-49D3-A9E6-951D9D5F5F22} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CD3B150A-E8E8-41C0-B974-3566827DF124} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-29] (Google LLC -> Google LLC)
Task: {E82E7FE3-6328-4D7C-A3A8-EF2BAE573068} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat
Task: {F62602F6-1FBB-4CE7-AF93-479B0293FEC0} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{0ce6a6cf-6d16-419f-a668-2e879951a88b}: [NameServer] 10.0.0.243
Tcpip\..\Interfaces\{0ce6a6cf-6d16-419f-a668-2e879951a88b}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{186f32ae-9e65-41b6-a6f5-1c9f1fc2932b}: [NameServer] 10.0.0.243
Tcpip\..\Interfaces\{186f32ae-9e65-41b6-a6f5-1c9f1fc2932b}: [DhcpNameServer] 10.0.0.243
Tcpip\..\Interfaces\{81ecb4ed-c2a1-4f4c-a536-8564e3d3cb4d}: [DhcpNameServer] 192.168.18.10 192.168.18.11 192.168.18.12 192.168.18.13 192.168.18.10
Tcpip\..\Interfaces\{dfff4ab0-e569-4fb8-a0a2-ca88ebad6353}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Daniel Hunley\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-02]
Edge Extension: (Grammarly for Microsoft Edge) - C:\Users\Daniel Hunley\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cnlefmmeadmemmdciolhbnfeacpdfbkd [2021-07-28]
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-07-28] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-07-28] (Adobe Inc. -> Adobe Systems)
Chrome:
=======
CHR Profile: C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default [2021-08-02]
CHR HomePage: Default -> hxxp://www.google.com/
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-07-29]
CHR Extension: (Entanglement Web App) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2021-07-29]
CHR Extension: (Docs) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-07-29]
CHR Extension: (Google Drive) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-07-29]
CHR Extension: (MEGA) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2021-07-29]
CHR Extension: (YouTube) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-07-29]
CHR Extension: (Sheets) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-07-29]
CHR Extension: (Full Screen Weather) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2021-07-29]
CHR Extension: (LogMeOnce) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\folnjigffmbjmcjgmbbfcpleeddaedal [2021-07-29] [UpdateUrl:hxxps://logmeonce.s3.amazonaws.com/download/firefox/updates.json] <==== ATTENTION
CHR Extension: (Google Docs Offline) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-29]
CHR Extension: (Google Keep - Notes and Lists) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2021-07-29]
CHR Extension: (Knok | Family Travel) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\iehdddmijbgofffjjmhkodckmnombhmf [2021-07-29]
CHR Extension: (Google Hangouts) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2021-07-29]
CHR Extension: (Crystal) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmaonghoefpmlfgaknnboiekjhfpmajh [2021-07-31]
CHR Extension: (Pulse Labs) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmlledknngdgnekjkonfamkeladgofao [2021-07-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-29]
CHR Extension: (Beautiful Audio Editor) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\okiblndpcefmebnkjnjfplijnelbcjmm [2021-07-29]
CHR Extension: (Gmail) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-07-29]
CHR Extension: (Chrome Media Router) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-29]
CHR Extension: (Canvas Rider) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2021-07-29]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [842480 2021-07-28] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 CyberGhost8Service; C:\Program Files\CyberGhost 8\Dashboard.Service.exe [66800 2021-07-29] (CyberGhost S.R.L. -> CyberGhost S.R.L.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5395384 2021-07-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\NisSrv.exe [2665432 2021-07-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MsMpEng.exe [136640 2021-07-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Fing.Agent; C:\Program Files\Fing\resources\extraResources\fingagent.exe --servicemode Fing.Agent --agentroot "C:\Users\Daniel Hunley\AppData\Roaming"
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [75240 2021-03-05] (Insecure.Com LLC -> Insecure.Com LLC.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [174776 2021-07-16] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-07-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [425192 2021-07-28] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76008 2021-07-28] (Microsoft Windows -> Microsoft Corporation)
U4 npcap_wifi; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2021
Ran by Daniel Hunley (administrator) on DESKTOP-JESKERH (Dell Inc. OptiPlex 7020) (02-08-2021 10:19:05)
Running from C:\Users\Daniel Hunley\AppData\Local\Temp\MicrosoftEdgeDownloads\27069284-407e-4d1d-9ce8-15964f2686d3
Loaded Profiles: Daniel Hunley
Platform: Windows 10 Pro Version 21H1 19043.1110 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(A. & M. Neuber Software -> Neuber Software - www.neuber.com) C:\Program Files (x86)\Security Task Manager\SpyProtector.exe
(A. & M. Neuber Software -> Neuber Software) C:\Program Files (x86)\Security Task Manager\TaskMan.exe
(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe <2>
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <3>
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(CyberGhost S.R.L. -> CyberGhost S.R.L.) C:\Program Files\CyberGhost 8\Dashboard.exe
(CyberGhost S.R.L. -> CyberGhost S.R.L.) C:\Program Files\CyberGhost 8\Dashboard.Service.exe
(CyberGhost S.R.L. -> The OpenVPN Project) C:\Program Files\CyberGhost 8\Applications\VPN\Data\OpenVPN\x64\openvpn.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Intel(R) pGFX 2020 -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Lansweeper -> Fing Limited) C:\Program Files\Fing\resources\extraResources\fingagent.exe
(Lansweeper -> Fing Ltd) C:\Program Files\Fing\Fing.exe <3>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <20>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.549981c3f5f10_3.2106.14307.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxAccounts.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowsstore_12105.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Spotify AB -> Spotify Ltd) C:\Users\Daniel Hunley\AppData\Roaming\Spotify\Spotify.exe <6>
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8538872 2016-01-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1415928 2016-01-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => %LOCALAPPDATA%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [779504 2021-07-28] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-07-28] (Adobe Inc. -> )
HKLM-x32\...\Run: [Spy Protector] => C:\Program Files (x86)\Security Task Manager\SpyProtector.exe [145280 2018-10-19] (A. & M. Neuber Software -> Neuber Software - www.neuber.com)
HKU\S-1-5-21-3787111934-708604976-2212956296-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 8\Dashboard.exe [1306352 2021-07-29] (CyberGhost S.R.L. -> CyberGhost S.R.L.)
HKU\S-1-5-21-3787111934-708604976-2212956296-1001\...\Run: [Spotify] => C:\Users\Daniel Hunley\AppData\Roaming\Spotify\Spotify.exe [24276096 2021-07-30] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3787111934-708604976-2212956296-1001\...\Run: [electron.app.Fing] => C:\Program Files\Fing\Fing.exe [97700344 2021-04-26] (Lansweeper -> Fing Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\92.0.4515.107\Installer\chrmstp.exe [2021-07-29] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {3055A744-32AF-4A6F-8F72-69288C8B34EE} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1224879130-3890355660-88388299-500 => C:\Users\Daniel Hunley\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {3FE1BF9F-B84B-4721-8F73-DBC3CE1583FC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {558A8288-20A1-42EA-A17F-565435FEAA64} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {68415B30-9531-4D5C-B249-366FD366BF56} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8DE49CCF-4B2D-4DED-AA76-E7764243C3BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-29] (Google LLC -> Google LLC)
Task: {A2447EFA-A76F-49D3-A9E6-951D9D5F5F22} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CD3B150A-E8E8-41C0-B974-3566827DF124} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-29] (Google LLC -> Google LLC)
Task: {E82E7FE3-6328-4D7C-A3A8-EF2BAE573068} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat
Task: {F62602F6-1FBB-4CE7-AF93-479B0293FEC0} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{0ce6a6cf-6d16-419f-a668-2e879951a88b}: [NameServer] 10.0.0.243
Tcpip\..\Interfaces\{0ce6a6cf-6d16-419f-a668-2e879951a88b}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{186f32ae-9e65-41b6-a6f5-1c9f1fc2932b}: [NameServer] 10.0.0.243
Tcpip\..\Interfaces\{186f32ae-9e65-41b6-a6f5-1c9f1fc2932b}: [DhcpNameServer] 10.0.0.243
Tcpip\..\Interfaces\{81ecb4ed-c2a1-4f4c-a536-8564e3d3cb4d}: [DhcpNameServer] 192.168.18.10 192.168.18.11 192.168.18.12 192.168.18.13 192.168.18.10
Tcpip\..\Interfaces\{dfff4ab0-e569-4fb8-a0a2-ca88ebad6353}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Daniel Hunley\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-02]
Edge Extension: (Grammarly for Microsoft Edge) - C:\Users\Daniel Hunley\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cnlefmmeadmemmdciolhbnfeacpdfbkd [2021-07-28]
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-07-28] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-07-28] (Adobe Inc. -> Adobe Systems)
Chrome:
=======
CHR Profile: C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default [2021-08-02]
CHR HomePage: Default -> hxxp://www.google.com/
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-07-29]
CHR Extension: (Entanglement Web App) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2021-07-29]
CHR Extension: (Docs) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-07-29]
CHR Extension: (Google Drive) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-07-29]
CHR Extension: (MEGA) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2021-07-29]
CHR Extension: (YouTube) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-07-29]
CHR Extension: (Sheets) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-07-29]
CHR Extension: (Full Screen Weather) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2021-07-29]
CHR Extension: (LogMeOnce) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\folnjigffmbjmcjgmbbfcpleeddaedal [2021-07-29] [UpdateUrl:hxxps://logmeonce.s3.amazonaws.com/download/firefox/updates.json] <==== ATTENTION
CHR Extension: (Google Docs Offline) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-29]
CHR Extension: (Google Keep - Notes and Lists) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2021-07-29]
CHR Extension: (Knok | Family Travel) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\iehdddmijbgofffjjmhkodckmnombhmf [2021-07-29]
CHR Extension: (Google Hangouts) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2021-07-29]
CHR Extension: (Crystal) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmaonghoefpmlfgaknnboiekjhfpmajh [2021-07-31]
CHR Extension: (Pulse Labs) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmlledknngdgnekjkonfamkeladgofao [2021-07-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-29]
CHR Extension: (Beautiful Audio Editor) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\okiblndpcefmebnkjnjfplijnelbcjmm [2021-07-29]
CHR Extension: (Gmail) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-07-29]
CHR Extension: (Chrome Media Router) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-29]
CHR Extension: (Canvas Rider) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2021-07-29]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [842480 2021-07-28] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 CyberGhost8Service; C:\Program Files\CyberGhost 8\Dashboard.Service.exe [66800 2021-07-29] (CyberGhost S.R.L. -> CyberGhost S.R.L.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5395384 2021-07-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\NisSrv.exe [2665432 2021-07-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MsMpEng.exe [136640 2021-07-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Fing.Agent; C:\Program Files\Fing\resources\extraResources\fingagent.exe --servicemode Fing.Agent --agentroot "C:\Users\Daniel Hunley\AppData\Roaming"
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [75240 2021-03-05] (Insecure.Com LLC -> Insecure.Com LLC.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [174776 2021-07-16] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-07-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [425192 2021-07-28] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76008 2021-07-28] (Microsoft Windows -> Microsoft Corporation)
U4 npcap_wifi; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)