I don't know if my current problem is a function of malware, virus, or hardware, but it's been getting worse with each Windows update - to the point where at least once a day, the computer regularly crashes with a blue screen and 'your PC has encountered a problem' message. Usually, after this happens, the boot drive is screwed up, and I get the message 'reboot and select proper boot device'. The laptop attempts to boot to P2: TSSTcorp CDDVW SN-208AB (which I assume is my optical DVD drive) instead of the HD, INTEL SSDSc2CW240A3. Today, for the first time after the crash, in addition to the reboot and select message, I received the following message:
For Bigfoot PCIE Ethernet Controller v2.1.1.1 (02/09/12) Check cable connection!
PXE-MOF: Exiting Intel PxE Rom
Since yesterday, the computer has been freezing up (with that little blue circle spinning) from time to time, often but not always followed by the blue screen.
My laptop was purchased in 2013 and has been very reliable to date, with some problems along the way that were solved. It's a custom made gaming laptop from Cyberpower, the Fang X-7 200, running Windows 10 x64 which was updated this past weekend. I tried to select an earlier restore point, but they were all wiped out by the latest update, and all I have is Jan. 31 2021. Any help will be greatly appreciated.
Here are the requested logs:
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 2/2/21
Scan Time: 2:22 PM
Log File: a252fea6-6559-11eb-8e96-8c89a5091075.json
Administrator: Yes
-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.365
Update Package Version: 1.0.20010
License: Free
-System Information-
OS: Windows 10 (Build 19041.746)
CPU: x64
File System: NTFS
User: AJKIMMEL-PC\AJKimmel
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 411691
Threats Detected: 29
Threats Quarantined: 29
Time Elapsed: 6 min, 22 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 2
PUP.Optional.QuickSearcher.ChrPRST, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME, Quarantined, [10787], [-1],0.0.0
PUP.Optional.QuickSearcher.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME, Quarantined, [10787], [-1],0.0.0
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 5
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\hibernationPage\js, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\hibernationPage, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\_metadata, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\USERS\AJKIMMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\pbdpajcdgknpendpmecafmopknefafha, Quarantined, [10787], [526588],1.0.20010
File: 22
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\hibernationPage\js\main.js, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\hibernationPage\index.html, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\hibernationPage\style.css, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\_metadata\verified_contents.json, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\component.json, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\eventPage.js, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\icon128.png, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\icon16.png, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\icon19.png, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\icon38.png, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\icon48.png, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\manifest.json, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\README.md, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\underscore.js, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\USERS\AJKIMMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\USERS\AJKIMMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\NTUSER.POL, Quarantined, [10787], [-1],0.0.0
PUP.Optional.QuickSearcher.ChrPRST, C:\PROGRAMDATA\NTUSER.POL, Quarantined, [10787], [-1],0.0.0
PUP.Optional.Delta, C:\USERS\AJKIMMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [615], [455070],1.0.20010
PUP.Optional.Delta, C:\USERS\AJKIMMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [615], [455070],1.0.20010
PUP.Optional.Delta, C:\USERS\AJKIMMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [615], [455070],1.0.20010
PUP.Optional.Delta, C:\USERS\AJKIMMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [615], [455070],1.0.20010
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-01-2021
Ran by AJKimmel (administrator) on AJKIMMEL-PC ( GT70) (02-02-2021 14:32:36)
Running from F:\00SAVED\Malware software
Loaded Profiles: AJKimmel & UpdatusUser
Platform: Windows 10 Pro Version 20H2 19042.746 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\114.4.426\QtWebEngineProcess.exe <3>
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Foxit Software Incorporated -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(FSL - Freesoftland) [File not signed] C:\Program Files (x86)\FSL\IconRestorer\IconRestorer.exe
(Google Inc (TEST) -> Epic Privacy Browser) [File not signed] C:\Users\AJKimmel\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel® Upgrade Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lytro, Inc. -> ) [File not signed] C:\Program Files\Lytro\LytroService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Micro-Star International CO., LTD. -> ) [File not signed] C:\Program Files (x86)\SCM\SCM.exe
(Micro-Star International Co., Ltd.) [File not signed] C:\Program Files (x86)\S-Bar\MSIService.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <11>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics) C:\ProgramData\Samsung Apps\Portable SSD\SamsungPortableSSDMon.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe <2>
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.exe
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.Service.exe
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.ShadowsocksService.exe
(TechSmith Corporation) [File not signed] C:\Program Files (x86)\TechSmith\SnagIt 7\SnagIt32.exe
(TechSmith Corporation) [File not signed] C:\Program Files (x86)\TechSmith\SnagIt 7\TSCHelp.exe
(VideoLAN -> VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11577216 2012-08-27] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [301848 2017-06-08] (Micro-Star International CO., LTD. -> ) [File not signed]
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3347688 2016-04-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [337720 2020-11-12] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7992336 2021-01-25] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2428754776-3200477234-109872743-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company) [File not signed]
HKU\S-1-5-21-2428754776-3200477234-109872743-1000\...\Run: [Epic Privacy Browser Installer] => C:\Users\AJKimmel\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2019-07-11] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
HKU\S-1-5-21-2428754776-3200477234-109872743-1000\...\Run: [Surfshark] => C:\Program Files (x86)\Surfshark\Surfshark.exe [4358608 2021-01-25] (Surfshark Ltd. -> Surfshark)
HKU\S-1-5-21-2428754776-3200477234-109872743-1001\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1371648 2012-05-19] (Microsoft Corporation) [File not signed] [File is in use]
HKU\S-1-5-21-2428754776-3200477234-109872743-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company) [File not signed]
HKU\S-1-5-21-2428754776-3200477234-109872743-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google Inc -> Google)
HKU\S-1-5-21-2428754776-3200477234-109872743-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\CutePDF Writer Monitor: C:\WINDOWS\system32\cpwmon64.dll [85504 2007-07-12] (Acro Software Inc. -> )
HKLM\...\Print\Monitors\HP C611 Status Monitor: C:\WINDOWS\system32\hpinkstsC611LM.dll [333344 2013-05-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\PrintingScout Language Monitor for Xerox Phaser 6130: C:\WINDOWS\system32\XRZWSLAI.DLL [184320 2007-09-25] (Microsoft Windows Hardware Compatibility Publisher -> Xerox Co., Ltd.)
HKLM\...\Print\Monitors\PrintingScout Language Monitor for Xerox Phaser 6500 PCL 6: C:\WINDOWS\system32\XRXMPZIL.DLL [187904 2010-07-20] (Microsoft Windows Hardware Compatibility Publisher -> Xerox Co., Ltd.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\Users\AJKimmel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconRestorer.lnk [2016-08-20]
ShortcutTarget: IconRestorer.lnk -> C:\Program Files (x86)\FSL\IconRestorer\IconRestorer.exe (FSL - Freesoftland) [File not signed]
Startup: C:\Users\AJKimmel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar243.lnk [2021-02-02]
ShortcutTarget: Sidebar243.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) [File not signed] [File is in use]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 9.8 PE.lnk [2016-03-17]
ShortcutTarget: PHOTOfunSTUDIO 9.8 PE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation -> Panasonic Corporation)
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {006692F7-1EBD-4B4E-81A6-7D9E38003ADA} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {072546F2-EA60-4B3A-86D1-244BE05C83E8} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {07FEA12B-3416-46F4-97A7-4FE9D895B236} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1021C977-DEAB-4C64-BC79-63D499B23E83} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {16E3FF48-23B3-47AE-9D96-8358D62F98DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {1F22C044-B0B2-4706-91B3-CB9BF09C3B4B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1F566A43-E88F-4518-903D-656F2319817C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {22CB8F1D-549F-4174-A5D8-20D1DD07226C} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [677344 2021-01-27] (Mozilla Corporation -> Mozilla Foundation)
Task: {22DC6A1B-856D-4805-9666-08845666ED43} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
Task: {2322812F-A58A-403E-99FA-209E0AAC1D5F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {24A9D787-42F7-4C61-81BB-F30DDEB2B892} - System32\Tasks\DropboxUpdateTaskMachineCore1d662067361c6f9 => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
Task: {2D7298DE-A1B1-48CD-945A-01E517F15EE2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {327D4326-2CE2-40FD-99BC-E058164784AE} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {32873F5A-8C83-4E51-81FD-83BF010EAD11} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {36263298-B3F6-4863-AD16-F86A4FB5C17D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3780BB65-6780-4F13-96C2-54E9DB9FF416} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3EDA70EF-AC5F-431F-831A-334A46338004} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {419ED464-1266-4944-8E6F-19629B432D5E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_156_Plugin.exe [1457664 2019-03-13] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {4218F1AC-BA84-44C4-838B-8AC5070DA073} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4663FA9C-9D74-44B9-87BB-C9A01C47C3F1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {4B43AE99-459C-4657-BDBF-DBFB528B12FA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
Task: {4EE0DA4A-4F40-4601-B7B0-30D45E9347DF} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4FDC05A7-7F79-4FF0-9265-1A8B6409B643} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {510382C8-0AD1-42AE-81D9-9E6E66939A8D} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {53BA3101-C7D7-490B-B0F7-452AE5EBAE30} - System32\Tasks\{693768F4-BAB4-4359-BBB1-7AC3F4B06600} => C:\Windows\system32\pcalua.exe -a C:\Downloads\jxpiinstall(4).exe -d C:\Downloads
Task: {5429F5E5-BD85-437F-94C2-015E26C156BC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {554C5264-3221-4730-A606-16CCDBDE8F4A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {61B58E44-D5B5-4B94-9BF7-71173DA98C61} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6285F34B-781F-4A4F-84DC-95869276F39F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {62C7936F-3C2A-4296-9799-7553E7BCA0D0} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {6BC61AF0-052E-44F4-8471-7199FDA0F98F} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {70D633E5-C2AA-40BF-96F7-31AF35551E2C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7118A037-106A-462B-9B10-474C95907EC6} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {789572C6-BF32-4CB3-98D4-B701EFB38594} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Downloads\esetonlinescanner_enu.exe
Task: {7D70F6F1-5650-4303-AE2C-C8C460B087E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {7DA1C9F9-EB4B-4A69-BB15-34496FB7828F} - System32\Tasks\Samsung_PSSD_Registration => C:\ProgramData\Samsung Apps\Portable SSD\SamsungPortableSSDMon.exe [499184 2018-10-16] (Samsung Electronics Co., Ltd. -> Samsung Electronics)
Task: {84C26733-E6FB-41A7-8321-217CABD532F8} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {856C83F5-B10F-4061-91CD-E2C2DB8B4757} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8D380145-C032-4EE7-9B4F-4AB509B5547F} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {90697E13-65D9-4DA3-B094-EBDBB7793690} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {98650361-2BAC-432A-8845-EDD002981544} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {98BF00C5-8F38-4F89-BFBD-1C486447E3D9} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9C1AC2E2-108A-4748-A074-091C6BBE8A96} - System32\Tasks\EOSv3 Scheduler onTime => C:\Downloads\esetonlinescanner_enu.exe
Task: {9FB7D739-1521-49F1-996D-67597DB0F7B1} - System32\Tasks\{5A0C57BF-5F99-4D28-BB80-5DAB0C5986D3} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\J River\Media Jukebox 12\PackageInstaller.exe" -d C:\ -c /RegFileAssociations
Task: {A1405976-24B8-4DB6-8A0E-3FB7EC359DE5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A8430EC6-6BDB-4136-BEEE-E1C50CC05C5B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B31F665E-AE39-410A-802B-DE3AEF234815} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe
Task: {C0D93061-7EFA-48FC-8CEB-14DC67A56CB5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C14B9542-41B7-41C8-82FF-FDC24C38FA04} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {C24A3183-CA7B-4601-8FF5-1B0AA2922144} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C5200547-A3F3-4207-8123-75DE2D128F7B} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
Task: {D392E1D4-8957-43AF-A976-B27828568A58} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {D58AAEA8-2873-4D47-8469-4F973139CFBA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2019-03-13] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {D6B93678-C384-4733-BA74-C92DA6312AE2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DD18E705-E4E9-4306-8CFE-63DC7FAD9936} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
Task: {DEA0BF0F-5EEE-44E6-B42C-CAE65F1BAF11} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E0F90818-9585-4864-A351-C5717B7C28BA} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {E1161D16-16CC-4067-85CF-76687A707CF8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E7B51FCC-DB0B-441B-ADF6-471F6AA4CFE5} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E9F6959B-3ADE-4965-9E21-204800EC7DD0} - System32\Tasks\DropboxUpdateTaskMachineUA1d6620673698dca => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
Task: {EBEA78E3-0EA9-40DA-9A82-D72DB0983630} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {EDFDCE01-DF2B-4BA4-AC8F-AB16BA2F9F5F} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {F58129DF-28A0-4AB6-9279-AF52893DC9B7} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F6986AF9-364A-4291-A599-B1ED11B871A5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {F72C5B88-536C-4429-BD1A-A9972BC8C0AE} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {F8450148-0061-4C48-9DFC-D9EB8922489C} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F917E976-76D0-4C32-A366-EFB64E0AEBC7} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore1d662067361c6f9.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA1d6620673698dca.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{3c53f296-155f-47a1-9971-4c9fc62a5acf}: [DhcpNameServer] 162.252.172.57 149.154.159.92
Tcpip\..\Interfaces\{65fd769d-e176-48f6-b606-a01d4d3ef33a}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{65fd769d-e176-48f6-b606-a01d4d3ef33a}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6FD9DD12-B3D4-45E5-A715-45D6717E165B}: [NameServer] 162.252.172.57 149.154.159.92
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge:
=======
DownloadDir: C:\Users\AJKimmel\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-2428754776-3200477234-109872743-1000 -> hxxps://mail.google.com/mail/u/0/?pc=carousel-about-en#inbox
Edge Notifications: HKU\S-1-5-21-2428754776-3200477234-109872743-1000 -> hxxps://www.facebook.com
Edge Extension: (Video Downloader professional) -> EdgeExtension_Link64GmbHVideoDownloaderProfessionalforEdge_r8gm29f18mcyc => C:\Program Files\WindowsApps\Link64GmbH.VideoDownloaderProfessionalforEdge_1.0.12.0_neutral__r8gm29f18mcyc [2019-11-22]
Edge DefaultProfile: Default
Edge Profile: C:\Users\AJKimmel\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-02]
Edge HomePage: Default -> hxxps://mail.google.com/mail/u/0/?pc=carousel-about-en#inbox
Edge StartupUrls: Default -> "hxxps://news.google.com/?hl=en-US&gl=US&ceid=US:en"
Edge DefaultSearchURL: Default -> hxxps://www.google.fr/search?q={searchTerms}&ie={inputEncoding?}&oe={outputEncoding?}
Edge Extension: (All Video Downloader professional) - C:\Users\AJKimmel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mbpnbnogejaolbhfpfgagldkeahefbhd [2021-01-05]
FireFox:
========
FF DefaultProfile: 8beseft5.default
FF DefaultProfile: deiv6e28.default
FF ProfilePath: C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default [2021-02-02]
FF DownloadDir: C:\Downloads
FF Homepage: Mozilla\Firefox\Profiles\8beseft5.default -> hxxps://news.google.com/topstories?hl=en-US&gl=US&ceid=US:en
FF NetworkProxy: Mozilla\Firefox\Profiles\8beseft5.default -> ftp", "201.251.156.17"
FF HomepageOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: yayanotherspeeddial@bakadev.fr
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Enabled: newtaboverride@agenedia.com
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Enabled: {71ec5708-2489-11e8-8697-87e8af1da1d9}
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: custom-new-tab-page@mint.as
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: pavel.sherbakov@gmail.com
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: multilevelspeeddial@powercoder.org
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: yayanotherspeeddial@bakadev.fr
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: michal.simonfy@gmail.com
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: {241ffcc1-cc25-47e9-86e6-ab5e79147952}
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: admin@fastaddons.com_GroupSpeedDial
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: newtabtools@darktrojan.net
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Enabled: {6905b838-e843-4ee3-9df0-b4c79673b21c}
FF Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\@setupvpncom.xpi [2020-10-17]
FF Extension: (Group Speed Dial) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\admin@fastaddons.com_GroupSpeedDial.xpi [2020-12-28]
FF Extension: (Ant Video downloader) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\anttoolbar@ant.com.xpi [2021-01-28]
FF Extension: (Classic Theme Restorer) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2017-11-14] [Legacy]
FF Extension: (Custom New Tab Page) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\custom-new-tab-page@mint.as.xpi [2020-10-30]
FF Extension: (Xmarks Bookmark Sync) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\foxmarks@kei.com.xpi [2017-12-04]
FF Extension: (EverSync - Sync bookmarks, backup favorites) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\fvdmedia@gmail.com.xpi [2020-05-10]
FF Extension: (Bypass Paywalls) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\iamadamdev@hotmail.com.xpi [2018-11-12]
FF Extension: (google-weather) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\jid0-lQyK6JstbAGdiq1fp28Cl@jetpack.xpi [2018-12-30]
FF Extension: (Substital: Add Subtitles to Videos) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\jid1-Cn7LiNrWh4k6RA@jetpack.xpi [2020-10-28]
FF Extension: (New Tab Override) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\newtaboverride@agenedia.com.xpi [2019-12-31]
FF Extension: (New Tab Tools) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\newtabtools@darktrojan.net.xpi [2020-12-19]
FF Extension: (New Tab Page) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\pavel.sherbakov@gmail.com.xpi [2020-11-16]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\sp@avast.com.xpi [2020-07-03]
FF Extension: (Avast Online Security) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\wrc@avast.com.xpi [2020-06-17]
FF Extension: (Yay! Another Speed dial!) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\yayanotherspeeddial@bakadev.fr.xpi [2019-04-09]
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2018-04-13]
FF Extension: (SearchSubtitle) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{15690dc0-7102-4bec-94bd-ebf1f1ddea7b}.xpi [2018-12-26]
FF Extension: (404 Bookmarks) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{5f8d31ba-47fb-4b70-bf8d-d2113f6da22f}.xpi [2018-09-15]
FF Extension: (Save Video As) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{63f3b52d-7581-42cd-9e82-fb1b2cdb0043}.xpi [2017-11-16]
FF Extension: (Speed Dial) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2016-03-27] [Legacy]
FF Extension: (Classical Search Bar) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{6905b838-e843-4ee3-9df0-b4c79673b21c}.xpi [2020-11-07]
FF Extension: (Speed Dial Quantum) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{71ec5708-2489-11e8-8697-87e8af1da1d9}.xpi [2018-08-31]
FF Extension: (GetThemALL! 57+) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{78836ee1-63fc-4301-a7b0-75c48ac2166d}.xpi [2017-12-16]
FF Extension: (Googlebar Lite) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}.xpi [2017-04-22] [Legacy]
FF Extension: (Video DownloadHelper) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-12-16]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-01-29]
FF Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}.xpi [2017-09-22]
FF ProfilePath: C:\Users\AJKimmel\AppData\Roaming\Infogrid Pacific Pte. Ltd\AZARDI-2.0\Profiles\deiv6e28.default [2019-11-13]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_156.dll [2019-03-13] (Adobe Systems Incorporated -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_156.dll [2019-03-13] (Adobe Systems Incorporated -> )
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-08-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-08-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc -> Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-2428754776-3200477234-109872743-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\AJKimmel\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2019-07-11] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
FF Plugin HKU\S-1-5-21-2428754776-3200477234-109872743-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\AJKimmel\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2019-07-11] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
Chrome:
=======
CHR DefaultProfile: Default"},"rappor":{"cohort_seed":30,"last_daily_sample":"13142121292734674
CHR Profile: C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default [2021-01-05]
CHR Notifications: Default -> hxxps://mail.google.com
CHR HomePage: Default -> hxxp://news.google.com/?ar=1310991475
CHR StartupUrls: Default -> "hxxp://43marks.com/mortstiff","hxxps://mail.google.com/mail/#inbox","hxxp://avxhome.se/vidoe","hxxp://www.zone-telechargement.com/","hxxp://www.imdb.com/","hxxp://www.dailymail.co.uk/home/index.html","hxxp://lefooding.com/fr","hxxp://googlenews.com/"
CHR Extension: (Google Translate) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-02-09]
CHR Extension: (Google Translate Pad) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgpafgiahigeanbnnmdbnkdkllhjndl [2014-06-06]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-07-17]
CHR Extension: (Bookmarks Side Panel) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankkfflbgjokclfgfehiinnlijdlicdb [2014-06-08]
CHR Extension: (Google Drive) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-26]
CHR Extension: (YouTube) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-10]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-05-29]
CHR Extension: (Google Search) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-07-26]
CHR Extension: (Quick Find for Google Chrome™) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dejblhmebonldngnmeidliaifgiagcjj [2015-07-17]
CHR Extension: (Chroma) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gefgglgjdlddcpcapigheknbacbmmggp [2018-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-29]
CHR Extension: (Avast Online Security) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-05-29]
CHR Extension: (MLB.com Scoreboard) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ignfgamliophfaggapcolfgjiekgppld [2014-06-06]
CHR Extension: (Diigo Read Later) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jooajjfbnpnafgndfpeboaehpddfglaj [2015-07-17]
CHR Extension: (tab packager by tab.bz) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhheoejnijomhdjilifdbjeholikpnb [2016-07-26]
CHR Extension: (Numerics Calculator & Converter) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2014-06-06]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
CHR Extension: (French Dictionary) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnhkhjchchenblaemilhmkbdkkdkdchn [2015-07-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-01-06]
CHR Extension: (Print Friendly & PDF) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2020-05-29]
CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole [2015-03-31]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2014-06-06]
CHR Extension: (Evernote Web Clipper) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2020-05-29]
CHR Extension: (World Clocks 2) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjgoijhajhaahklokegbfnohialajpej [2015-03-31]
CHR Extension: (Gmail) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-01-06]
CHR Extension: (Chrome Media Router) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-05]
CHR Extension: (G App Launcher (Customizer for Google™)) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponjkmladgjfjgllmhnkhgbgocdigcjm [2020-05-29]
CHR HKU\S-1-5-21-2428754776-3200477234-109872743-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\AJKimmel\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-06-07]
CHR HKU\S-1-5-21-2428754776-3200477234-109872743-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2019-03-13] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44064 2021-01-25] (Dropbox, Inc -> Dropbox, Inc.)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1648840 2016-08-05] (Foxit Software Incorporated -> Foxit Software Inc.)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 LytroService; C:\Program Files\Lytro\lytroservice.exe [202336 2014-10-21] (Lytro, Inc. -> ) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes Corporation -> Malwarebytes)
S3 Media Jukebox 14 Service; C:\Program Files (x86)\J River\Media Jukebox 14\JRService.exe [379400 2010-07-15] (J. River Inc. -> J. River, Inc.)
R2 Micro Star SCM; C:\Program Files (x86)\S-Bar\MSIService.exe [160768 2011-11-02] (Micro-Star International Co., Ltd.) [File not signed]
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [490496 2012-07-23] () [File not signed]
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia -> Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia -> Secunia)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Surfshark Service; C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe [436688 2020-06-15] (Surfshark Ltd. -> Surfshark)
R2 Surfshark Shadowsocks Service; C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe [436688 2020-06-15] (Surfshark Ltd. -> Surfshark)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bflwfx64.sys [66928 2012-07-23] (Qualcomm Atheros, Inc. -> Qualcomm Atheros, Inc.)
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [14456 2013-06-05] (GFI Software Development Ltd. -> GFI Software)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2021-02-02] (Malwarebytes Corporation -> Malwarebytes)
R1 pango_netfilter2; C:\WINDOWS\System32\drivers\pango_netfilter2.sys [84168 2020-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Pango Inc)
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia -> Secunia)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-10-16] (Corel Corporation -> Corel Corporation)
R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [34512 2020-05-22] (NCH Software -> )
S3 SurfsharkSplitTunnelDriver; C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelCalloutDriver.sys [39648 2020-12-28] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [40664 2016-11-07] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapsurfshark; C:\WINDOWS\System32\drivers\tapsurfshark.sys [38728 2020-06-15] (WDKTestCert Lenovo,131775874531219913 -> The OpenVPN Project)
S3 visctap0901; C:\WINDOWS\System32\drivers\visctap0901.sys [39048 2015-08-26] (SparkLabs Pty Ltd -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 wintunshark; C:\WINDOWS\system32\DRIVERS\wintunshark.sys [31096 2020-09-17] (WDKTestCert nikod,132409123292239223 -> Surfshark Ltd)
U3 idsvc; no ImagePath
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-02-02 14:25 - 2021-02-02 14:31 - 000000000 ____D C:\Users\AJKimmel\Desktop\PC Problem 2-21
2021-02-02 14:20 - 2021-02-02 14:20 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-02-02 14:20 - 2021-02-02 14:20 - 000001912 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-02-02 14:20 - 2021-02-02 14:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2021-02-02 14:20 - 2021-02-02 14:20 - 000000000 ____D C:\ProgramData\MB2Migration
2021-02-02 14:20 - 2021-02-02 14:20 - 000000000 ____D C:\Program Files\Malwarebytes
2021-02-02 14:20 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-02-01 15:21 - 2021-02-01 15:21 - 000000000 ___HD C:\$SysReset
2021-02-01 15:18 - 2021-02-01 15:18 - 001003084 _____ C:\WINDOWS\Minidump\020121-47500-01.dmp
2021-02-01 14:07 - 2021-02-02 14:33 - 000000000 ____D C:\FRST
2021-01-31 23:42 - 2021-01-31 23:42 - 000000842 _____ C:\Users\AJKimmel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-01-31 23:42 - 2021-01-31 23:42 - 000000714 _____ C:\Users\AJKimmel\Desktop\ESET Online Scanner.lnk
2021-01-31 23:39 - 2021-01-31 23:39 - 000999972 _____ C:\WINDOWS\Minidump\013121-13687-01.dmp
2021-01-31 00:43 - 2021-01-31 00:43 - 001980444 _____ C:\WINDOWS\Minidump\013121-45937-01.dmp
2021-01-29 16:14 - 2021-01-29 16:14 - 000000000 ____D C:\Users\AJKimmel\Desktop\Washburn
2021-01-29 14:12 - 2021-02-02 02:30 - 000000000 ____D C:\Users\AJKimmel\Desktop\Treavor Comp
2021-01-29 01:37 - 2021-01-29 01:37 - 000000847 _____ C:\Users\AJKimmel\AppData\Local\recently-used.xbel
2021-01-28 15:27 - 2021-02-01 15:19 - 000000000 ____D C:\WINDOWS\Minidump
2021-01-28 15:27 - 2021-01-28 15:27 - 001003108 _____ C:\WINDOWS\Minidump\012821-39843-01.dmp
2021-01-28 13:10 - 2021-01-28 13:10 - 000000000 ____D C:\Users\AJKimmel\AppData\Local\OneDrive
2021-01-28 13:09 - 2021-01-28 13:09 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-01-28 12:46 - 2021-01-28 03:58 - 000000000 ____D C:\Windows.old
2021-01-28 12:43 - 2021-01-28 12:43 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2021-01-28 12:42 - 2021-01-28 12:46 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-01-28 12:41 - 2021-01-28 12:42 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-01-28 12:41 - 2021-01-28 12:41 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-01-28 12:40 - 2021-01-28 12:40 - 000000000 ____D C:\ProgramData\ssh
2021-01-28 12:37 - 2021-01-28 12:37 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-01-28 12:37 - 2021-01-28 12:37 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-01-28 12:37 - 2021-01-28 12:37 - 001309504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-01-28 12:37 - 2021-01-28 12:37 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-28 12:37 - 2021-01-28 12:37 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-28 12:37 - 2021-01-28 12:37 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-28 12:37 - 2021-01-28 12:37 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-28 12:37 - 2021-01-28 12:37 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-28 12:37 - 2021-01-28 12:37 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-28 12:37 - 2021-01-28 12:37 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000111616 _____ C:\WINDOWS\system32\RDVGHelper.exe
2021-01-28 12:37 - 2021-01-28 12:37 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-28 12:37 - 2021-01-28 12:37 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-28 12:37 - 2021-01-28 12:37 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-28 12:37 - 2021-01-28 12:37 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-28 12:37 - 2021-01-28 12:37 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-28 12:36 - 2021-01-28 12:36 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-01-28 12:36 - 2021-01-28 12:36 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-01-28 12:36 - 2021-01-28 12:36 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-01-28 12:36 - 2021-01-28 12:36 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-28 12:36 - 2021-01-28 12:36 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000707544 _____ C:\WINDOWS\system32\TextShaping.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-28 12:36 - 2021-01-28 12:36 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-28 12:36 - 2021-01-2