Inactive Thanks for the help!

Status
Not open for further replies.
swissnavyseaman

swissnavyseaman

Hey folks. I could really use the help. I believe there might be a global rootkit installed on my device. I could also be full of it. Figured I'd let the pros decide.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2021
Ran by Daniel Hunley (administrator) on DESKTOP-JESKERH (Dell Inc. OptiPlex 7020) (02-08-2021 10:19:05)
Running from C:\Users\Daniel Hunley\AppData\Local\Temp\MicrosoftEdgeDownloads\27069284-407e-4d1d-9ce8-15964f2686d3
Loaded Profiles: Daniel Hunley
Platform: Windows 10 Pro Version 21H1 19043.1110 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(A. & M. Neuber Software -> Neuber Software - www.neuber.com) C:\Program Files (x86)\Security Task Manager\SpyProtector.exe
(A. & M. Neuber Software -> Neuber Software) C:\Program Files (x86)\Security Task Manager\TaskMan.exe
(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe <2>
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <3>
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(CyberGhost S.R.L. -> CyberGhost S.R.L.) C:\Program Files\CyberGhost 8\Dashboard.exe
(CyberGhost S.R.L. -> CyberGhost S.R.L.) C:\Program Files\CyberGhost 8\Dashboard.Service.exe
(CyberGhost S.R.L. -> The OpenVPN Project) C:\Program Files\CyberGhost 8\Applications\VPN\Data\OpenVPN\x64\openvpn.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Intel(R) pGFX 2020 -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Lansweeper -> Fing Limited) C:\Program Files\Fing\resources\extraResources\fingagent.exe
(Lansweeper -> Fing Ltd) C:\Program Files\Fing\Fing.exe <3>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <20>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.549981c3f5f10_3.2106.14307.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxAccounts.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowsstore_12105.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Spotify AB -> Spotify Ltd) C:\Users\Daniel Hunley\AppData\Roaming\Spotify\Spotify.exe <6>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8538872 2016-01-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1415928 2016-01-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => %LOCALAPPDATA%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [779504 2021-07-28] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-07-28] (Adobe Inc. -> )
HKLM-x32\...\Run: [Spy Protector] => C:\Program Files (x86)\Security Task Manager\SpyProtector.exe [145280 2018-10-19] (A. & M. Neuber Software -> Neuber Software - www.neuber.com)
HKU\S-1-5-21-3787111934-708604976-2212956296-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 8\Dashboard.exe [1306352 2021-07-29] (CyberGhost S.R.L. -> CyberGhost S.R.L.)
HKU\S-1-5-21-3787111934-708604976-2212956296-1001\...\Run: [Spotify] => C:\Users\Daniel Hunley\AppData\Roaming\Spotify\Spotify.exe [24276096 2021-07-30] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3787111934-708604976-2212956296-1001\...\Run: [electron.app.Fing] => C:\Program Files\Fing\Fing.exe [97700344 2021-04-26] (Lansweeper -> Fing Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\92.0.4515.107\Installer\chrmstp.exe [2021-07-29] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3055A744-32AF-4A6F-8F72-69288C8B34EE} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1224879130-3890355660-88388299-500 => C:\Users\Daniel Hunley\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {3FE1BF9F-B84B-4721-8F73-DBC3CE1583FC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {558A8288-20A1-42EA-A17F-565435FEAA64} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {68415B30-9531-4D5C-B249-366FD366BF56} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8DE49CCF-4B2D-4DED-AA76-E7764243C3BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-29] (Google LLC -> Google LLC)
Task: {A2447EFA-A76F-49D3-A9E6-951D9D5F5F22} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CD3B150A-E8E8-41C0-B974-3566827DF124} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-29] (Google LLC -> Google LLC)
Task: {E82E7FE3-6328-4D7C-A3A8-EF2BAE573068} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat
Task: {F62602F6-1FBB-4CE7-AF93-479B0293FEC0} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{0ce6a6cf-6d16-419f-a668-2e879951a88b}: [NameServer] 10.0.0.243
Tcpip\..\Interfaces\{0ce6a6cf-6d16-419f-a668-2e879951a88b}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{186f32ae-9e65-41b6-a6f5-1c9f1fc2932b}: [NameServer] 10.0.0.243
Tcpip\..\Interfaces\{186f32ae-9e65-41b6-a6f5-1c9f1fc2932b}: [DhcpNameServer] 10.0.0.243
Tcpip\..\Interfaces\{81ecb4ed-c2a1-4f4c-a536-8564e3d3cb4d}: [DhcpNameServer] 192.168.18.10 192.168.18.11 192.168.18.12 192.168.18.13 192.168.18.10
Tcpip\..\Interfaces\{dfff4ab0-e569-4fb8-a0a2-ca88ebad6353}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Daniel Hunley\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-02]
Edge Extension: (Grammarly for Microsoft Edge) - C:\Users\Daniel Hunley\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cnlefmmeadmemmdciolhbnfeacpdfbkd [2021-07-28]

FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-07-28] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-07-28] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default [2021-08-02]
CHR HomePage: Default -> hxxp://www.google.com/
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-07-29]
CHR Extension: (Entanglement Web App) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2021-07-29]
CHR Extension: (Docs) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-07-29]
CHR Extension: (Google Drive) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-07-29]
CHR Extension: (MEGA) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2021-07-29]
CHR Extension: (YouTube) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-07-29]
CHR Extension: (Sheets) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-07-29]
CHR Extension: (Full Screen Weather) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2021-07-29]
CHR Extension: (LogMeOnce) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\folnjigffmbjmcjgmbbfcpleeddaedal [2021-07-29] [UpdateUrl:hxxps://logmeonce.s3.amazonaws.com/download/firefox/updates.json] <==== ATTENTION
CHR Extension: (Google Docs Offline) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-29]
CHR Extension: (Google Keep - Notes and Lists) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2021-07-29]
CHR Extension: (Knok | Family Travel) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\iehdddmijbgofffjjmhkodckmnombhmf [2021-07-29]
CHR Extension: (Google Hangouts) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2021-07-29]
CHR Extension: (Crystal) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmaonghoefpmlfgaknnboiekjhfpmajh [2021-07-31]
CHR Extension: (Pulse Labs) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmlledknngdgnekjkonfamkeladgofao [2021-07-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-29]
CHR Extension: (Beautiful Audio Editor) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\okiblndpcefmebnkjnjfplijnelbcjmm [2021-07-29]
CHR Extension: (Gmail) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-07-29]
CHR Extension: (Chrome Media Router) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-29]
CHR Extension: (Canvas Rider) - C:\Users\Daniel Hunley\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2021-07-29]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [842480 2021-07-28] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 CyberGhost8Service; C:\Program Files\CyberGhost 8\Dashboard.Service.exe [66800 2021-07-29] (CyberGhost S.R.L. -> CyberGhost S.R.L.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5395384 2021-07-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\NisSrv.exe [2665432 2021-07-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MsMpEng.exe [136640 2021-07-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Fing.Agent; C:\Program Files\Fing\resources\extraResources\fingagent.exe --servicemode Fing.Agent --agentroot "C:\Users\Daniel Hunley\AppData\Roaming"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [75240 2021-03-05] (Insecure.Com LLC -> Insecure.Com LLC.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [174776 2021-07-16] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-07-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [425192 2021-07-28] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76008 2021-07-28] (Microsoft Windows -> Microsoft Corporation)
U4 npcap_wifi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-02 10:17 - 2021-08-02 10:19 - 000000000 ____D C:\FRST
2021-08-02 07:27 - 2021-08-02 07:27 - 000000000 ____D C:\Program Files\TAP-Windows
2021-08-02 07:24 - 2021-08-02 07:24 - 000007604 _____ C:\Users\Daniel Hunley\AppData\Local\Resmon.ResmonCfg
2021-08-02 07:13 - 2021-08-02 07:13 - 000001773 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fing.lnk
2021-08-02 07:13 - 2021-08-02 07:13 - 000000000 ____D C:\Program Files\Fing
2021-08-02 05:47 - 2021-08-02 05:47 - 000231390 _____ C:\Users\Daniel Hunley\Downloads\Unconfirmed 725507.crdownload
2021-08-02 05:46 - 2021-08-02 05:46 - 000000000 ____D C:\Users\Daniel Hunley\Downloads\PSTools
2021-08-02 05:42 - 2021-08-02 05:42 - 003668547 _____ C:\Users\Daniel Hunley\Downloads\PSTools.zip
2021-08-01 01:19 - 2021-08-01 01:19 - 000001962 _____ C:\Users\Daniel Hunley\Desktop\Zoom.lnk
2021-08-01 00:57 - 2021-08-01 00:57 - 000000000 ____D C:\Users\Daniel Hunley\Downloads\mewe-photos
2021-08-01 00:55 - 2021-08-01 00:55 - 020307772 _____ C:\Users\Daniel Hunley\Downloads\mewe-photos.zip
2021-08-01 00:45 - 2021-08-01 00:45 - 000000000 ____D C:\Users\Daniel Hunley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-08-01 00:28 - 2021-08-01 00:28 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2021-08-01 00:26 - 2021-08-01 03:56 - 000000000 ____D C:\Users\Daniel Hunley\AppData\Roaming\obs-studio
2021-08-01 00:26 - 2021-08-01 02:17 - 000000016 _____ C:\Users\Daniel Hunley\AppData\Roaming\obs-virtualcam.txt
2021-08-01 00:26 - 2021-08-01 00:26 - 000001059 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2021-08-01 00:26 - 2021-08-01 00:26 - 000000000 ____D C:\ProgramData\obs-studio-hook
2021-08-01 00:26 - 2021-08-01 00:26 - 000000000 ____D C:\Program Files\obs-studio
2021-08-01 00:25 - 2021-08-01 00:25 - 078817792 _____ (Fing Ltd) C:\Users\Daniel Hunley\Downloads\Fing.exe
2021-07-31 05:45 - 2021-07-31 05:45 - 000001071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2021.lnk
2021-07-31 04:04 - 2021-07-31 04:04 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2021-07-30 22:13 - 2021-08-02 07:39 - 000000000 ____D C:\Users\Daniel Hunley\AppData\Roaming\HueSync
2021-07-30 22:13 - 2021-07-30 22:13 - 000000910 _____ C:\Users\Public\Desktop\Hue Sync.lnk
2021-07-30 22:13 - 2021-07-30 22:13 - 000000000 ____D C:\Users\Daniel Hunley\AppData\Local\Signify
2021-07-30 22:13 - 2021-07-30 22:13 - 000000000 ____D C:\Program Files\Hue Sync
2021-07-30 20:42 - 2021-08-02 10:17 - 000000000 ____D C:\Users\Daniel Hunley\AppData\Roaming\Spotify
2021-07-30 20:42 - 2021-07-30 20:43 - 000000000 ____D C:\Users\Daniel Hunley\AppData\Local\Spotify
2021-07-30 20:42 - 2021-07-30 20:42 - 000001883 _____ C:\Users\Daniel Hunley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2021-07-29 19:22 - 2021-08-02 08:54 - 000000000 ____D C:\Users\Daniel Hunley\AppData\Roaming\Fing
2021-07-29 19:22 - 2021-08-02 07:13 - 000001761 _____ C:\Users\Public\Desktop\Fing.lnk
2021-07-29 19:22 - 2021-08-02 04:21 - 000000000 ____D C:\WINDOWS\SysWOW64\Npcap
2021-07-29 19:22 - 2021-08-02 04:21 - 000000000 ____D C:\WINDOWS\system32\Npcap
2021-07-29 19:22 - 2021-07-30 10:34 - 000000000 ____D C:\Program Files\Npcap
2021-07-29 19:22 - 2021-07-29 19:22 - 000003206 _____ C:\WINDOWS\system32\Tasks\npcapwatchdog
2021-07-29 19:22 - 2021-07-29 19:22 - 000000000 ____D C:\Users\Daniel Hunley\AppData\Roaming\FingAgent
2021-07-29 19:22 - 2021-07-29 19:22 - 000000000 ____D C:\Users\Daniel Hunley\AppData\Local\fing-updater
2021-07-29 19:22 - 2021-07-29 19:22 - 000000000 ____D C:\ProgramData\Fingagent
2021-07-29 19:09 - 2021-07-29 19:09 - 007147339 _____ C:\Users\Daniel Hunley\Desktop\c_node55299FFD.txt
2021-07-29 19:02 - 2021-07-29 19:02 - 000000000 ____D C:\Users\Daniel Hunley\AppData\Local\cache
2021-07-29 18:20 - 2021-08-02 10:17 - 000000000 ____D C:\Users\Daniel Hunley\AppData\Local\CyberGhost
2021-07-29 18:20 - 2021-07-29 18:21 - 000000000 ____D C:\Program Files\CyberGhost 8
2021-07-29 18:20 - 2021-07-29 18:20 - 000001074 _____ C:\Users\Daniel Hunley\Desktop\CyberGhost 8.lnk
2021-07-29 18:20 - 2021-07-29 18:20 - 000000000 ____D C:\Users\Daniel Hunley\AppData\Roaming\CyberGhost
2021-07-29 18:20 - 2021-07-29 18:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 8
2021-07-29 18:19 - 2021-07-29 18:19 - 000076880 _____ (CyberGhost S.A.) C:\Users\Daniel Hunley\Desktop\cgsetup_en_gx9zJ3wrkjgsNPTtwapE.exe
2021-07-29 16:24 - 2021-07-29 16:24 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-07-29 12:29 - 2021-07-29 12:29 - 000030135 _____ C:\Users\Daniel Hunley\Desktop\label_359665592412003.pdf
2021-07-29 12:29 - 2021-07-29 12:29 - 000004630 _____ C:\Users\Daniel Hunley\Desktop\label_847705952604016.pdf
2021-07-29 12:22 - 2021-07-29 12:22 - 000000000 ____D C:\Users\Daniel Hunley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2021-07-29 11:47 - 2021-07-30 07:08 - 000000000 ____D C:\Users\Daniel Hunley\AppData\Local\Google
2021-07-29 11:47 - 2021-07-29 11:47 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-07-29 11:47 - 2021-07-29 11:47 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-07-29 11:47 - 2021-07-29 11:47 - 000002326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-07-29 11:47 - 2021-07-29 11:47 - 000002285 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-07-29 11:47 - 2021-07-29 11:47 - 000000000 ____D C:\Program Files\Google
2021-07-29 11:47 - 2021-07-29 11:47 - 000000000 ____D C:\Program Files (x86)\Google
2021-07-29 04:18 - 2021-07-29 04:18 - 000000000 ____D C:\Users\Daniel Hunley\AppData\Local\PeerDistRepub
2021-07-28 18:58 - 2021-07-28 18:58 - 000003522 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-07-28 18:58 - 2021-07-28 18:58 - 000000000 ____D C:\Users\Daniel Hunley\AppData\Roaming\com.adobe.dunamis
2021-07-28 18:58 - 2021-07-28 18:58 - 000000000 ____D C:\Users\Daniel Hunley\AppData\LocalLow\Adobe
2021-07-28 18:57 - 2021-07-28 18:57 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2021.lnk
2021-07-28 18:55 - 2021-07-30 07:06 - 000000000 __RHD C:\Users\Daniel Hunley\Creative Cloud Files
2021-07-28 18:55 - 2021-07-28 18:55 - 000000000 ____D C:\Users\Daniel Hunley\AppData\Local\CEF
2021-07-28 18:53 - 2021-07-31 05:40 - 000000000 ____D C:\ProgramData\Adobe
2021-07-28 18:53 - 2021-07-28 18:53 - 000001389 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2021-07-28 18:53 - 2021-07-28 18:53 - 000001359 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2021-07-28 18:52 - 2021-07-31 05:39 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-07-28 18:52 - 2021-07-31 05:39 - 000000000 ____D C:\Program Files\Adobe
2021-07-28 18:52 - 2021-07-28 18:54 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-07-28 18:52 - 2021-07-28 18:53 - 000000000 ____D C:\ProgramData\Package Cache
2021-07-28 18:51 - 2021-08-02 03:53 - 000000000 ____D C:\Users\Daniel Hunley\AppData\Local\Adobe
2021-07-28 16:27 - 2021-08-02 08:00 - 000000000 ____D C:\ProgramData\SecTaskMan
2021-07-28 16:27 - 2021-07-28 16:27 - 000001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2021-07-28 16:27 - 2021-07-28 16:27 - 000001223 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2021-07-28 16:27 - 2021-07-28 16:27 - 000001211 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2021-07-28 16:27 - 2021-07-28 16:27 - 000000000 ____D C:\Program Files (x86)\Security Task Manager
2021-07-28 14:40 - 2021-08-02 06:02 - 000000000 ____D C:\Users\Daniel Hunley\AppData\Local\D3DSCache
2021-07-28 14:11 - 2021-08-01 00:45 - 000000000 ____D C:\Users\Daniel Hunley\AppData\Roaming\Zoom
2021-07-28 14:10 - 2021-07-28 14:10 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2021-07-28 13:57 - 2021-07-28 13:57 - 000002910 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1224879130-3890355660-88388299-500
2021-07-28 13:56 - 2021-07-31 14:13 - 000000000 ____D C:\Users\Daniel Hunley\AppData\Local\PlaceholderTileLogoFolder
2021-07-28 13:55 - 2021-07-28 13:55 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-07-28 13:54 - 2021-07-28 13:54 - 000000020 ___SH C:\Users\Daniel Hunley\ntuser.ini
2021-07-28 13:54 - 2021-07-28 13:54 - 000000000 ____D C:\Users\Daniel Hunley\AppData\Local\VirtualStore
2021-07-28 06:28 - 2021-07-28 02:49 - 000000000 ____D C:\WINDOWS\Panther
2021-07-28 06:27 - 2021-07-28 02:49 - 000000000 ____D C:\Windows.old
2021-07-28 06:26 - 2021-07-28 06:26 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-07-28 06:23 - 2021-07-28 06:23 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb
2021-07-28 06:23 - 2021-07-28 06:23 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb
2021-07-28 06:22 - 2021-07-28 06:22 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-07-28 06:22 - 2021-07-28 06:22 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-07-28 06:22 - 2021-07-28 06:22 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-07-28 06:22 - 2021-07-28 06:22 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll
2021-07-28 06:22 - 2021-07-28 06:22 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-07-28 06:22 - 2021-07-28 06:22 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-07-28 06:22 - 2021-07-28 06:22 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-07-28 06:22 - 2021-07-28 06:22 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-07-28 06:22 - 2021-07-28 06:22 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-07-28 06:22 - 2021-07-28 06:22 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-07-28 06:22 - 2021-07-28 06:22 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-07-28 06:22 - 2021-07-28 06:22 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-07-28 06:22 - 2021-07-28 06:22 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-07-28 06:22 - 2021-07-28 06:22 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-07-28 06:22 - 2021-07-28 06:22 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-07-28 06:22 - 2021-07-28 06:22 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-07-28 06:22 - 2021-07-28 06:22 - 000480256 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-07-28 06:22 - 2021-07-28 06:22 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-07-28 06:22 - 2021-07-28 06:22 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-07-28 06:22 - 2021-07-28 06:22 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-07-28 06:22 - 2021-07-28 06:22 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-07-28 06:22 - 2021-07-28 06:22 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-07-28 06:22 - 2021-07-28 06:22 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-07-28 06:22 - 2021-07-28 06:22 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-07-28 06:22 - 2021-07-28 06:22 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-07-28 06:22 - 2021-07-28 06:22 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-07-28 06:22 - 2021-07-28 06:22 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-07-28 06:22 - 2021-07-28 06:22 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-07-28 06:22 - 2021-07-28 06:22 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-07-28 06:22 - 2021-07-28 06:22 - 000153600 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2021-07-28 06:22 - 2021-07-28 06:22 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-07-28 06:22 - 2021-07-28 06:22 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-07-28 06:22 - 2021-07-28 06:22 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2021-07-28 06:22 - 2021-07-28 06:22 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-07-28 06:22 - 2021-07-28 06:22 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-07-28 06:22 - 2021-07-28 06:22 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-07-28 06:22 - 2021-07-28 06:22 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-07-28 06:22 - 2021-07-28 06:22 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-07-28 06:22 - 2021-07-28 06:22 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-07-28 06:22 - 2021-07-28 06:22 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-07-28 06:22 - 2021-07-28 06:22 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-07-28 06:22 - 2021-07-28 06:22 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-07-28 06:22 - 2021-07-28 06:22 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-07-28 06:22 - 2021-07-28 06:22 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2021-07-28 06:22 - 2021-07-28 06:22 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-07-28 06:22 - 2021-07-28 06:22 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-07-28 06:22 - 2021-07-28 06:22 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-07-28 06:22 - 2021-07-28 06:22 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb
2021-07-28 06:22 - 2021-07-28 06:22 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb
2021-07-28 06:21 - 2021-07-28 06:21 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-07-28 06:21 - 2021-07-28 06:21 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-07-28 06:21 - 2021-07-28 06:21 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-07-28 06:21 - 2021-07-28 06:21 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-07-28 06:21 - 2021-07-28 06:21 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-07-28 06:21 - 2021-07-28 06:21 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-07-28 06:21 - 2021-07-28 06:21 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-07-28 06:21 - 2021-07-28 06:21 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-07-28 06:21 - 2021-07-28 06:21 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-07-28 06:21 - 2021-07-28 06:21 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-07-28 06:21 - 2021-07-28 06:21 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-07-28 06:21 - 2021-07-28 06:21 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-07-28 06:21 - 2021-07-28 06:21 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-07-28 06:21 - 2021-07-28 06:21 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-07-28 06:21 - 2021-07-28 06:21 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-07-28 06:21 - 2021-07-28 06:21 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-07-28 06:21 - 2021-07-28 06:21 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-07-28 06:21 - 2021-07-28 06:21 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-07-28 06:21 - 2021-07-28 06:21 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-07-28 06:21 - 2021-07-28 06:21 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-07-28 06:21 - 2021-07-28 06:21 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-07-28 06:21 - 2021-07-28 06:21 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-07-28 06:21 - 2021-07-28 06:21 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-07-28 06:21 - 2021-07-28 06:21 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-07-28 06:21 - 2021-07-28 06:21 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-07-28 06:21 - 2021-07-28 06:21 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-07-28 06:21 - 2021-07-28 06:21 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-07-28 06:21 - 2021-07-28 06:21 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-07-28 06:21 - 2021-07-28 06:21 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-07-28 06:21 - 2021-07-28 06:21 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-07-28 06:21 - 2021-07-28 06:21 - 000097792 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-07-28 06:21 - 2021-07-28 06:21 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-07-28 06:21 - 2021-07-28 06:21 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-07-28 06:21 - 2021-07-28 06:21 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-07-28 06:21 - 2021-07-28 06:21 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2021-07-28 06:21 - 2021-07-28 06:21 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2021-07-28 06:21 - 2021-07-28 06:21 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv
2021-07-28 06:21 - 2021-07-28 06:21 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-07-28 06:21 - 2021-07-28 06:21 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-07-28 06:20 - 2021-07-28 06:20 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-07-28 06:20 - 2021-07-28 06:20 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-07-28 06:20 - 2021-07-28 06:20 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-07-28 06:20 - 2021-07-28 06:20 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-07-28 06:20 - 2021-07-28 06:20 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-07-28 06:20 - 2021-07-28 06:20 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-07-28 06:20 - 2021-07-28 06:20 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-07-28 06:20 - 2021-07-28 06:20 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2021-07-28 06:20 - 2021-07-28 06:20 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-07-28 06:20 - 2021-07-28 06:20 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-07-28 06:20 - 2021-07-28 06:20 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-07-28 06:20 - 2021-07-28 06:20 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-07-28 06:20 - 2021-07-28 06:20 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2021-07-28 06:20 - 2021-07-28 06:20 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-07-28 06:20 - 2021-07-28 06:20 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-07-28 06:16 - 2021-07-28 06:16 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-07-28 06:16 - 2021-07-28 06:16 - 000000000 ____D C:\Program Files\MSBuild
2021-07-28 06:16 - 2021-07-28 06:16 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-07-28 06:16 - 2021-07-28 06:16 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-07-28 06:15 - 2021-07-28 06:15 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-07-28 02:45 - 2021-07-28 02:45 - 000010162 _____ C:\Users\Daniel Hunley\Desktop\Removed Apps.html
2021-07-28 02:44 - 2021-08-02 07:48 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-07-28 02:40 - 2021-07-28 02:40 - 000000000 ____D C:\Users\Administrator
2021-07-28 02:38 - 2021-08-02 07:39 - 000000000 ____D C:\Users\Daniel Hunley
2021-07-28 02:38 - 2021-08-02 04:52 - 000000000 ____D C:\Users\Daniel Hunley\AppData\Local\Packages
2021-07-28 02:38 - 2021-07-31 10:39 - 000000000 ____D C:\Users\Daniel Hunley\AppData\Roaming\Adobe
2021-07-28 02:38 - 2021-07-30 00:52 - 000000000 ____D C:\Users\Daniel Hunley\AppData\Local\ConnectedDevicesPlatform
2021-07-28 02:38 - 2021-07-28 02:32 - 000000000 ____D C:\Users\Daniel Hunley\AppData\Local\Publishers
2021-07-28 02:38 - 2021-07-28 02:32 - 000000000 ____D C:\Users\Daniel Hunley\AppData\Local\MicrosoftEdge
2021-07-28 02:38 - 2021-07-28 02:32 - 000000000 ____D C:\Users\Daniel Hunley\AppData\Local\Comms
2021-07-28 02:32 - 2021-07-28 02:32 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-07-28 02:29 - 2021-08-02 07:41 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-07-28 02:29 - 2021-08-02 07:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-07-28 02:29 - 2021-07-29 20:35 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-07-28 02:29 - 2021-07-29 20:35 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-07-28 02:29 - 2021-07-28 15:55 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-07-28 02:29 - 2021-07-28 02:29 - 000561169 _____ C:\WINDOWS\system32\Drivers\rtwavesskdy.dat
2021-07-28 02:29 - 2021-07-28 02:29 - 000113697 _____ C:\WINDOWS\system32\Drivers\rtwavesvolpro.dat
2021-07-28 02:29 - 2021-07-28 02:29 - 000031095 _____ C:\WINDOWS\system32\Drivers\rtwavesEFX.dat
2021-07-28 02:29 - 2021-07-28 02:29 - 000010945 _____ C:\WINDOWS\system32\Drivers\rtwavesMFX.dat
2021-07-28 02:29 - 2021-07-28 02:29 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2021-07-28 02:29 - 2021-07-28 02:29 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2021-07-28 02:29 - 2021-07-28 02:29 - 000000000 ____D C:\ProgramData\Realtek
2021-07-28 02:29 - 2021-07-28 02:29 - 000000000 ____D C:\Program Files\Realtek
2021-07-28 02:29 - 2021-07-28 02:29 - 000000000 ____D C:\Program Files\Intel
2021-07-28 02:29 - 2021-07-28 02:29 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2021-07-28 02:29 - 2020-10-18 22:31 - 000099696 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2021-07-28 02:28 - 2021-08-02 07:41 - 000440624 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-07-28 02:28 - 2021-08-02 03:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-07-28 01:15 - 2021-07-28 02:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio
2021-07-28 01:14 - 2021-07-28 01:14 - 000000000 ____D C:\Dell
2021-07-28 01:13 - 2021-07-28 01:13 - 257841168 _____ (Dell Inc.) C:\Users\Daniel Hunley\Downloads\Audio_Driver_822R6_WN32_6.0.1.6086_A01.EXE
2021-07-27 15:47 - 2016-01-13 00:41 - 072130584 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2021-07-27 15:47 - 2016-01-13 00:41 - 013243904 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO3064.dll
2021-07-27 15:47 - 2016-01-13 00:41 - 003709056 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioMeters64.exe
2021-07-27 15:47 - 2016-01-13 00:41 - 003309256 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2021-07-27 15:47 - 2016-01-13 00:41 - 002988768 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkAPO64.dll
2021-07-27 15:47 - 2016-01-13 00:41 - 002955000 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2021-07-27 15:47 - 2016-01-13 00:41 - 002602744 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTDVHD64.sys
2021-07-27 15:47 - 2016-01-13 00:41 - 002047000 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBAPO264.dll
2021-07-27 15:47 - 2016-01-13 00:41 - 001848056 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2021-07-27 15:47 - 2016-01-13 00:41 - 001773888 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBAPO232.dll
2021-07-27 15:47 - 2016-01-13 00:41 - 001579256 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTDSnM64.cpl
2021-07-27 15:47 - 2016-01-13 00:41 - 001416832 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO6064.dll
2021-07-27 15:47 - 2016-01-13 00:41 - 001372528 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2021-07-27 15:47 - 2016-01-13 00:41 - 001231248 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2021-07-27 15:47 - 2016-01-13 00:41 - 001183352 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2021-07-27 15:47 - 2016-01-13 00:41 - 001015608 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
2021-07-27 15:47 - 2016-01-13 00:41 - 000930848 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBAPO64.dll
2021-07-27 15:47 - 2016-01-13 00:41 - 000784304 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBAPO32.dll
2021-07-27 15:47 - 2016-01-13 00:41 - 000693024 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2021-07-27 15:47 - 2016-01-13 00:41 - 000657304 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBTHX64.dll
2021-07-27 15:47 - 2016-01-13 00:41 - 000591640 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBTHX32.dll
2021-07-27 15:47 - 2016-01-13 00:41 - 000422432 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBWrp64.dll
2021-07-27 15:47 - 2016-01-13 00:41 - 000355496 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2021-07-27 15:47 - 2016-01-13 00:41 - 000333288 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2021-07-27 15:47 - 2016-01-13 00:41 - 000333288 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2021-07-27 15:47 - 2016-01-13 00:41 - 000205640 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2021-07-27 15:47 - 2016-01-13 00:41 - 000179960 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTHDASIO64.dll
2021-07-27 15:47 - 2016-01-13 00:41 - 000156408 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RTHDASIO.dll
2021-07-27 15:47 - 2016-01-13 00:41 - 000084048 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBppld64.dll
2021-07-27 15:47 - 2016-01-13 00:41 - 000079296 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBPPCn64.dll
2021-07-27 15:47 - 2016-01-13 00:41 - 000032392 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2021-07-27 15:47 - 2015-09-30 10:22 - 000002236 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2021-07-27 12:21 - 2021-07-27 12:21 - 001310832 _____ (Google LLC) C:\Users\Daniel Hunley\Downloads\ChromeSetup.exe
2021-07-27 11:47 - 2021-07-27 11:47 - 000038017 _____ C:\Users\Daniel Hunley\Downloads\ED Patient Discharge Report 07-27-2021.pdf
2021-07-27 11:45 - 2021-07-27 11:45 - 000039577 _____ C:\Users\Daniel Hunley\Downloads\DANIEL HUNLEY_health-summary-07262021-to-07272021 (1).pdf
2021-07-27 11:45 - 2021-07-27 11:45 - 000039576 _____ C:\Users\Daniel Hunley\Downloads\DANIEL HUNLEY_health-summary-07262021-to-07272021.pdf
2021-07-26 02:49 - 2021-07-26 02:49 - 002092128 _____ (Malwarebytes) C:\Users\Daniel Hunley\Downloads\MBSetup-130577.130577-consumer.exe
2021-07-26 02:31 - 2021-07-26 02:31 - 003029920 _____ C:\Users\Daniel Hunley\Downloads\SecurityTaskManager_Setup.exe
2021-07-25 18:20 - 2021-07-02 05:14 - 469708384 _____ C:\Users\Daniel Hunley\Desktop\MVI_8183.MOV
2021-07-25 13:59 - 2021-07-25 13:59 - 003385032 _____ C:\Users\Daniel Hunley\Desktop\Untitled-1.ai
2021-07-25 13:07 - 2021-07-25 13:35 - 087719076 _____ C:\Users\Daniel Hunley\Desktop\mississippi river.psd
2021-07-25 12:59 - 2021-07-25 12:59 - 000000000 ____D C:\Users\Daniel Hunley\Documents\Adobe
2021-07-25 12:01 - 2021-07-31 05:45 - 000000000 ___HD C:\adobeTemp
2021-07-25 11:21 - 2021-07-25 11:21 - 001150818 _____ C:\Users\Daniel Hunley\Downloads\Memphis Hustle Vector Final.pdf
2021-07-25 07:47 - 2021-07-28 01:16 - 000000000 ___RD C:\Users\Daniel Hunley\Creative Cloud Files (archived) (1)
2021-07-25 07:36 - 2021-08-02 07:55 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-07-24 17:04 - 2021-07-24 17:04 - 000000000 ____D C:\Users\Daniel Hunley\Documents\FeedbackHub
2021-07-24 15:08 - 2021-07-24 15:09 - 000697496 _____ C:\Users\Daniel Hunley\Downloads\DBH Resume.pdf
2021-07-24 13:37 - 2021-07-24 13:37 - 001411169 _____ C:\Users\Daniel Hunley\Downloads\Plus-Instructions.pdf
2021-07-24 13:19 - 2021-07-24 13:19 - 000542276 _____ C:\Users\Daniel Hunley\Downloads\img (2).jpeg
2021-07-24 13:18 - 2021-07-24 13:18 - 000197361 _____ C:\Users\Daniel Hunley\Downloads\img (1).jpeg
2021-07-24 13:18 - 2021-07-24 13:18 - 000072137 _____ C:\Users\Daniel Hunley\Downloads\img.jpeg
2021-07-23 19:22 - 2021-07-23 19:22 - 000000000 ____D C:\Users\Public\Documents\Hyper-V
2021-07-23 18:27 - 2021-07-30 22:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hue Sync
2021-07-23 18:23 - 2021-07-23 18:24 - 049565336 _____ (Signify Netherlands B.V.) C:\Users\Daniel Hunley\Downloads\HueSyncInstaller_1.6.1.12.exe
2021-07-23 13:25 - 2021-07-23 13:27 - 085602920 _____ C:\Users\Daniel Hunley\Downloads\new-york-harbor-2021-04-02-22-52-10-utc.mov.crdownload
2021-07-23 13:17 - 2021-07-23 13:24 - 439906182 _____ C:\Users\Daniel Hunley\Downloads\the-sun-under-water-52X9CS7.zip
2021-07-23 12:33 - 2021-07-31 02:10 - 000000000 ____D C:\Users\Daniel Hunley\Downloads\Telegram Desktop
2021-07-23 12:26 - 2021-07-23 12:26 - 000000000 ____D C:\Users\Daniel Hunley\Documents\Zoom
2021-07-23 12:20 - 2021-08-01 00:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2021-07-23 12:17 - 2021-07-23 12:20 - 089945032 _____ (obsproject.com) C:\Users\Daniel Hunley\Downloads\OBS-Studio-27.0.1-Full-Installer-x64.exe
2021-07-23 12:02 - 2021-07-28 02:45 - 000000000 ____D C:\Users\Daniel Hunley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2021-07-23 12:02 - 2021-07-23 12:02 - 000001063 _____ C:\Users\Daniel Hunley\Desktop\Telegram.lnk
2021-07-22 12:38 - 2021-07-22 12:38 - 000076880 _____ (CyberGhost S.A.) C:\Users\Daniel Hunley\Downloads\cgsetup_en_JvB38V6Cm32xWtfh5HcT (1).exe
2021-07-22 12:06 - 2021-07-22 12:06 - 000076368 _____ (CyberGhost S.A.) C:\Users\Daniel Hunley\Downloads\cgsetup_en_JvB38V6Cm32xWtfh5HcT.exe
2021-07-22 06:20 - 2021-07-28 13:54 - 000000000 ___RD C:\Users\Daniel Hunley\3D Objects
2021-07-22 06:20 - 2021-07-28 00:35 - 000000000 __SHD C:\Users\Daniel Hunley\IntelGraphicsProfiles
2021-07-22 06:10 - 2021-07-30 20:42 - 000001897 _____ C:\Users\Daniel Hunley\Desktop\Spotify.lnk
2021-07-22 06:08 - 2021-07-22 06:08 - 000899816 _____ (Spotify Ltd) C:\Users\Daniel Hunley\Downloads\SpotifySetup.exe
2021-07-22 05:48 - 2021-07-22 05:51 - 121149343 _____ C:\Users\Daniel Hunley\Downloads\EU-Installset-W3.13.30.6.zip
2021-07-22 05:48 - 2021-07-22 05:48 - 004761861 _____ C:\Users\Daniel Hunley\Downloads\EOSWebcamUtility-WIN1.1.zip
2021-07-22 05:23 - 2021-07-22 05:25 - 031762384 _____ (Telegram FZ-LLC ) C:\Users\Daniel Hunley\Downloads\tsetup-x64.2.8.11.exe
2021-07-22 05:11 - 2021-07-22 05:11 - 000000000 ____D C:\Users\Daniel Hunley\VirtualBox VMs
2021-07-22 05:10 - 2021-07-23 12:18 - 000000000 ____D C:\Users\Daniel Hunley\.VirtualBox
2021-07-22 05:03 - 2021-07-22 05:06 - 108124400 _____ (Oracle Corporation) C:\Users\Daniel Hunley\Downloads\VirtualBox-6.1.24-145767-Win (1).exe
2021-07-22 04:58 - 2021-07-22 05:03 - 108124400 _____ (Oracle Corporation) C:\Users\Daniel Hunley\Downloads\VirtualBox-6.1.24-145767-Win.exe
2021-07-21 23:48 - 2021-07-21 23:48 - 000000000 _SHDL C:\Documents and Settings
2021-07-21 23:37 - 2021-07-31 06:41 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-07-21 23:37 - 2021-07-31 06:41 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-07-21 23:37 - 2021-07-21 23:48 - 000000000 ____D C:\Intel
2021-07-21 23:36 - 2021-08-02 07:41 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-21 23:36 - 2021-07-21 23:36 - 000000112 ___SH C:\bootTel.dat
2021-07-21 19:40 - 2021-07-21 23:44 - 000000000 ____D C:\WINDOWS\CSC
2021-07-16 08:24 - 2021-07-16 08:24 - 000174776 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSB.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-02 10:09 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-08-02 07:48 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-08-02 07:41 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-08-02 07:40 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-08-02 04:52 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-08-02 04:29 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-08-02 04:27 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-07-29 16:24 - 2020-06-24 12:22 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-07-29 16:23 - 2020-06-24 12:22 - 133422552 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-07-28 18:54 - 2020-06-17 09:58 - 000000000 ____D C:\ProgramData\Packages
2021-07-28 18:52 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-07-28 15:55 - 2020-06-24 12:23 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-07-28 15:55 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-07-28 14:10 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-07-28 13:54 - 2020-06-17 09:58 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-07-28 13:54 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-07-28 06:47 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-07-28 06:27 - 2019-12-07 05:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-07-28 06:25 - 2019-12-07 05:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
2021-07-28 06:25 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-07-28 06:25 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-07-28 06:25 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2021-07-28 06:24 - 2019-12-07 05:54 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-07-28 06:24 - 2019-12-07 05:54 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-07-28 02:49 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-07-28 02:45 - 2019-12-07 05:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-07-28 02:42 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-07-28 02:42 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-07-28 02:42 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-07-28 02:37 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2021-07-28 02:37 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2021-07-28 02:37 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2021-07-28 02:37 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2021-07-28 02:37 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\winrm
2021-07-28 02:37 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\WCN
2021-07-28 02:37 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\slmgr
2021-07-28 02:37 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2021-07-28 02:37 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-07-28 02:37 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-07-28 02:37 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-07-28 02:37 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\dsc
2021-07-28 02:37 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-07-28 02:37 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-07-28 02:37 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2021-07-28 02:37 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-07-28 02:37 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-07-28 02:37 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-07-28 02:37 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-07-28 02:37 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-07-28 02:37 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-07-28 02:37 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2021-07-28 02:37 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-07-28 02:37 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-07-28 02:37 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-07-28 02:37 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\IME
2021-07-28 02:35 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-07-28 02:34 - 2020-06-24 12:25 - 000000000 ____D C:\Program Files (x86)\Realtek
2021-07-28 02:33 - 2020-06-24 12:25 - 000000000 ____D C:\Program Files\Waves
2021-07-28 02:33 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-07-28 02:33 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-07-28 02:32 - 2020-06-24 12:22 - 000000000 ___HD C:\$WinREAgent
2021-07-28 02:32 - 2020-06-24 12:10 - 000000000 ____D C:\Users\Default\AppData\Roaming\Adobe
2021-07-28 02:32 - 2020-06-24 12:10 - 000000000 ____D C:\Users\Default\AppData\Local\Publishers
2021-07-28 02:32 - 2020-06-24 12:10 - 000000000 ____D C:\Users\Default\AppData\Local\Packages
2021-07-28 02:32 - 2020-06-24 12:10 - 000000000 ____D C:\Users\Default\AppData\Local\MicrosoftEdge
2021-07-28 02:32 - 2020-06-24 12:10 - 000000000 ____D C:\Users\Default\AppData\Local\ConnectedDevicesPlatform
2021-07-28 02:32 - 2020-06-24 12:10 - 000000000 ____D C:\Users\Default\AppData\Local\Comms
2021-07-28 02:29 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM

==================== Files in the root of some directories ========

2021-08-01 00:26 - 2021-08-01 02:17 - 000000016 _____ () C:\Users\Daniel Hunley\AppData\Roaming\obs-virtualcam.txt
2021-07-28 18:59 - 2021-07-28 18:59 - 000000000 _____ () C:\Users\Daniel Hunley\AppData\Local\oobelibMkey.log
2021-08-02 07:24 - 2021-08-02 07:24 - 000007604 _____ () C:\Users\Daniel Hunley\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2021
Ran by Daniel Hunley (02-08-2021 10:21:10)
Running from C:\Users\Daniel Hunley\AppData\Local\Temp\MicrosoftEdgeDownloads\27069284-407e-4d1d-9ce8-15964f2686d3
Windows 10 Pro Version 21H1 19043.1110 (X64) (2021-07-28 06:49:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3787111934-708604976-2212956296-500 - Administrator - Disabled)
Daniel Hunley (S-1-5-21-3787111934-708604976-2212956296-1001 - Administrator - Enabled) => C:\Users\Daniel Hunley
DefaultAccount (S-1-5-21-3787111934-708604976-2212956296-503 - Limited - Disabled)
Guest (S-1-5-21-3787111934-708604976-2212956296-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3787111934-708604976-2212956296-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.5.0.617 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
Adobe Illustrator 2021 (HKLM-x32\...\ILST_25_3_1) (Version: 25.3.1 - Adobe Inc.)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_4_3) (Version: 22.4.3.317 - Adobe Inc.)
CyberGhost 8 (HKLM\...\CyberGhost 8) (Version: 8.3.0.8042 - CyberGhost S.A.)
CyberGhost TUN (HKLM\...\{677232D6-72D6-4821-8CB5-47969B15D4DF}) (Version: 1.0 - CyberGhost S.R.L.) Hidden
Fing 2.6.0 (HKLM\...\Fing Desktop) (Version: 2.6.0 - Fing Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.107 - Google LLC)
Hue Sync (HKLM\...\{C0270355-35E2-4862-8B57-A7C1A258AF77}) (Version: 1.6.1.12 - Signify Netherlands B.V.)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6448.1 - Waves Audio Ltd.) Hidden
Microsoft Edge (HKLM-x32\...\{D4A70BF5-0215-346F-B1AD-A8DA61AB6F78}) (Version: 92.0.902.62 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Npcap OEM (HKLM-x32\...\NpcapInst) (Version: 1.20 - Nmap Project)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.0.1 - OBS Project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6086 - Realtek Semiconductor Corp.)
Security Task Manager 2.4 (HKLM-x32\...\Security Task Manager) (Version: 2.4 - Neuber Software)
Spotify (HKU\S-1-5-21-3787111934-708604976-2212956296-1001\...\Spotify) (Version: 1.1.64.561.g71bd09eb - Spotify AB)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Zoom (HKU\S-1-5-21-3787111934-708604976-2212956296-1001\...\ZoomUMX) (Version: 5.7.4 (804) - Zoom Video Communications, Inc.)

Packages:
=========
Huetro for Hue -> C:\Program Files\WindowsApps\27078NielsLaute.HuetroforHue_7.5.5.0_x64__91se88q2mhfz2 [2021-07-31] (NielsLaute)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-07-30] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3787111934-708604976-2212956296-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-3787111934-708604976-2212956296-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-07-28] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-07-28] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-07-28] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-07-28] (Adobe Inc. -> )
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-10-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-07-28] (Adobe Inc. -> )

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Daniel Hunley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - Notes and Lists.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Daniel Hunley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge (2).lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2021-08-02 07:42 - 2021-08-02 07:42 - 000615424 _____ () [File not signed] \\?\C:\Users\Daniel Hunley\AppData\Local\Temp\c2b13e2b-f47f-4838-a7ac-58a112e06696.tmp.node
2021-07-28 16:27 - 2016-11-28 21:31 - 000839444 _____ (SQLite Development Team) [File not signed] C:\Program Files (x86)\Security Task Manager\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3787111934-708604976-2212956296-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel Hunley\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\t01402_10.jpg
DNS Servers: 10.0.0.243 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Wi-Fi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet 4: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet 3: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (disabled)
Bluetooth Network Connection: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerLocalAppData"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{014662B2-717E-4451-9F81-CAF3DE5F535A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BF44DA67-94ED-46E1-9FE8-3D0B2498BF93}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{052456BA-C68B-443F-9A10-DA01D723029A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E7332AC3-F9CB-46B3-9E92-00181D00E066}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1255FB53-B64E-46B9-B817-E74D80BD8265}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{7B49AA8B-8BD5-466A-A17E-C67E2BFFAC6C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{9CBB6889-1E2A-4D0B-92F0-C77FB3A39F4A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{295CADF8-E41A-4CA9-8086-08DE481824A9}C:\users\daniel hunley\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\daniel hunley\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{B6DBC2F3-21CD-42CF-A65F-C29B732FCDCA}C:\users\daniel hunley\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\daniel hunley\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{9E52BB02-0639-4F5E-861F-445E0EFAB256}C:\program files\hue sync\huesync.exe] => (Allow) C:\program files\hue sync\huesync.exe (Signify Netherlands B.V. -> Signify Netherlands B.V.)
FirewallRules: [UDP Query User{6589D7FE-8BD7-4F07-BAEF-E3C9FA3642BA}C:\program files\hue sync\huesync.exe] => (Allow) C:\program files\hue sync\huesync.exe (Signify Netherlands B.V. -> Signify Netherlands B.V.)
FirewallRules: [{6F119136-60C3-4F40-87A7-FF9906CFFA30}] => (Allow) C:\Users\Daniel Hunley\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{6D7A71A7-52DC-49E6-9016-853207C5ACC5}] => (Allow) C:\Users\Daniel Hunley\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{9407465A-193B-47B6-8B75-D90688C51E76}] => (Allow) C:\Users\Daniel Hunley\AppData\Roaming\Zoom\bin\airhost.exe => No File

==================== Restore Points =========================

30-07-2021 10:34:21 Move file to quarantine: npcapwatchdog
31-07-2021 11:55:33 Move file to quarantine: Node.js: Server-side JavaScript

==================== Faulty Device Manager Devices ============

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (08/02/2021 07:38:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LockApp.exe, version: 10.0.19041.844, time stamp: 0x3db2673a
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1110, time stamp: 0x4809adf2
Exception code: 0xc0000409
Fault offset: 0x000000000010bd3e
Faulting process id: 0x38dc
Faulting application start time: 0x01d78792d94a717d
Faulting application path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 58ea2720-1d2a-4a3d-96b7-231e4312ceed
Faulting package full name:
Faulting package-relative application ID:

Error: (08/02/2021 07:37:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LockApp.exe, version: 10.0.19041.844, time stamp: 0x3db2673a
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1110, time stamp: 0x4809adf2
Exception code: 0xc0000409
Fault offset: 0x000000000010bd3e
Faulting process id: 0x517c
Faulting application start time: 0x01d78792cc9b48de
Faulting application path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 32ee7989-c7e0-4fe4-a723-a65e6fcd815b
Faulting package full name:
Faulting package-relative application ID:

Error: (08/02/2021 07:29:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program TaskMan.exe version 2.4.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3838

Start Time: 01d787867c302376

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Security Task Manager\TaskMan.exe

Report Id: a97ea0e3-ac11-4eb8-b483-1b0e7a4c9cb7

Faulting package full name:

Faulting package-relative application ID:

Hang type: Top level window is idle

Error: (08/02/2021 07:27:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fingagent.exe, version: 2.6.0.0, time stamp: 0x60818213
Faulting module name: MSVCR90.dll, version: 9.0.30729.9625, time stamp: 0x5db2747f
Exception code: 0x40000015
Fault offset: 0x0005beae
Faulting process id: 0x4214
Faulting application start time: 0x01d7878f77847277
Faulting application path: C:\Program Files\Fing\resources\extraResources\fingagent.exe
Faulting module path: C:\WINDOWS\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9625_none_508ef7e4bcbbe589\MSVCR90.dll
Report Id: e10c0bbc-aeb3-4ed2-9d1f-28191fc794c4
Faulting package full name:
Faulting package-relative application ID:

Error: (08/02/2021 07:26:02 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={9D581221-84FE-0004-BA79-6A9DFE84D701}: The user SYSTEM dialed a connection named CyberGhost (IKEv2) which has failed. The error code returned on failure is 0.

Error: (08/02/2021 05:48:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x48d4
Faulting application start time: 0x01d7878388d1e316
Faulting application path: C:\Users\Daniel Hunley\AppData\Local\Temp\MicrosoftEdgeDownloads\a6cb3729-2562-4189-8bd0-55dc20cc580a\RootkitRevealer\RootkitRevealer.exe
Faulting module path: C:\Users\Daniel Hunley\AppData\Local\Temp\MicrosoftEdgeDownloads\a6cb3729-2562-4189-8bd0-55dc20cc580a\RootkitRevealer\RootkitRevealer.exe
Report Id: b5e9d945-6e28-437e-b748-94946e332b55
Faulting package full name:
Faulting package-relative application ID:

Error: (08/02/2021 05:47:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0xf84
Faulting application start time: 0x01d7878377824a32
Faulting application path: C:\Users\Daniel Hunley\AppData\Local\Temp\MicrosoftEdgeDownloads\a6cb3729-2562-4189-8bd0-55dc20cc580a\RootkitRevealer\RootkitRevealer.exe
Faulting module path: C:\Users\Daniel Hunley\AppData\Local\Temp\MicrosoftEdgeDownloads\a6cb3729-2562-4189-8bd0-55dc20cc580a\RootkitRevealer\RootkitRevealer.exe
Report Id: 77e51f24-f42f-42e3-89cf-e067140a6741
Faulting package full name:
Faulting package-relative application ID:

Error: (08/02/2021 05:47:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x2d00
Faulting application start time: 0x01d787836ff6da8a
Faulting application path: C:\Users\Daniel Hunley\AppData\Local\Temp\MicrosoftEdgeDownloads\a6cb3729-2562-4189-8bd0-55dc20cc580a\RootkitRevealer\RootkitRevealer.exe
Faulting module path: C:\Users\Daniel Hunley\AppData\Local\Temp\MicrosoftEdgeDownloads\a6cb3729-2562-4189-8bd0-55dc20cc580a\RootkitRevealer\RootkitRevealer.exe
Report Id: de9a5f5c-0bc2-47fd-b815-2a244f97cad4
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (08/02/2021 07:39:54 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JESKERH)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (08/02/2021 07:39:54 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JESKERH)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (08/02/2021 07:39:54 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JESKERH)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (08/02/2021 07:27:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Fing.Agent service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (08/02/2021 06:32:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Wi-Fi Direct Services Connection Manager Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/02/2021 06:18:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The DevicePicker_58079 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/02/2021 06:17:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The CaptureService_58079 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/02/2021 04:20:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Fing.Agent service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Windows Defender:
================
Date: 2021-08-01 16:52:07
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-07-31 16:55:49
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-07-29 16:17:58
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-07-29 04:21:51
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

==================== Memory info ===========================

BIOS: Dell Inc. A18 05/30/2019
Motherboard: Dell Inc. 02YYK5
Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 21%
Total physical RAM: 32676.2 MB
Available physical RAM: 25564.35 MB
Total Virtual: 37540.2 MB
Available Virtual: 30602.07 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:475.63 GB) (Free:391.06 GB) NTFS

\\?\Volume{7487f8e9-5365-4b8f-ae65-0641408f1899}\ (Recovery) (Fixed) (Total:0.93 GB) (Free:0.51 GB) NTFS
\\?\Volume{be8f2797-5675-4987-a220-b99d408eeb34}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: AF8CAC7E)

Partition: GPT.

==================== End of Addition.txt =======================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=========================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back