Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Laptop regularly crashing with blue screen

Started by mortstiff , Feb 02 2021 09:15 AM

Please log in to reply

46 replies to this topic

#1 mortstiff

Advanced Member

Full Member
106 posts

Posted 02 February 2021 - 09:15 AM

I don't know if my current problem is a function of malware, virus, or hardware, but it's been getting worse with each Windows update - to the point where at least once a day, the computer regularly crashes with a blue screen and 'your PC has encountered a problem' message. Usually, after this happens, the boot drive is screwed up, and I get the message 'reboot and select proper boot device'. The laptop attempts to boot to P2: TSSTcorp CDDVW SN-208AB (which I assume is my optical DVD drive) instead of the HD, INTEL SSDSc2CW240A3. Today, for the first time after the crash, in addition to the reboot and select message, I received the following message:

For Bigfoot PCIE Ethernet Controller v2.1.1.1 (02/09/12) Check cable connection!

PXE-MOF: Exiting Intel PxE Rom

Since yesterday, the computer has been freezing up (with that little blue circle spinning) from time to time, often but not always followed by the blue screen.

My laptop was purchased in 2013 and has been very reliable to date, with some problems along the way that were solved. It's a custom made gaming laptop from Cyberpower, the Fang X-7 200, running Windows 10 x64 which was updated this past weekend. I tried to select an earlier restore point, but they were all wiped out by the latest update, and all I have is Jan. 31 2021. Any help will be greatly appreciated.

Here are the requested logs:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/2/21
Scan Time: 2:22 PM
Log File: a252fea6-6559-11eb-8e96-8c89a5091075.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.365
Update Package Version: 1.0.20010
License: Free

-System Information-
OS: Windows 10 (Build 19041.746)
CPU: x64
File System: NTFS
User: AJKIMMEL-PC\AJKimmel

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 411691
Threats Detected: 29
Threats Quarantined: 29
Time Elapsed: 6 min, 22 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 2
PUP.Optional.QuickSearcher.ChrPRST, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME, Quarantined, [10787], [-1],0.0.0
PUP.Optional.QuickSearcher.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME, Quarantined, [10787], [-1],0.0.0

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 5
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\hibernationPage\js, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\hibernationPage, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\_metadata, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\USERS\AJKIMMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\pbdpajcdgknpendpmecafmopknefafha, Quarantined, [10787], [526588],1.0.20010

File: 22
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\hibernationPage\js\main.js, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\hibernationPage\index.html, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\hibernationPage\style.css, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\_metadata\verified_contents.json, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\component.json, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\eventPage.js, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\icon128.png, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\icon16.png, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\icon19.png, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\icon38.png, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\icon48.png, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\manifest.json, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\README.md, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\0.1.3_0\underscore.js, Quarantined, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\USERS\AJKIMMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\USERS\AJKIMMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [10787], [526588],1.0.20010
PUP.Optional.QuickSearcher.ChrPRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\NTUSER.POL, Quarantined, [10787], [-1],0.0.0
PUP.Optional.QuickSearcher.ChrPRST, C:\PROGRAMDATA\NTUSER.POL, Quarantined, [10787], [-1],0.0.0
PUP.Optional.Delta, C:\USERS\AJKIMMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [615], [455070],1.0.20010
PUP.Optional.Delta, C:\USERS\AJKIMMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [615], [455070],1.0.20010
PUP.Optional.Delta, C:\USERS\AJKIMMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [615], [455070],1.0.20010
PUP.Optional.Delta, C:\USERS\AJKIMMEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [615], [455070],1.0.20010

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-01-2021
Ran by AJKimmel (administrator) on AJKIMMEL-PC ( GT70) (02-02-2021 14:32:36)
Running from F:\00SAVED\Malware software
Loaded Profiles: AJKimmel & UpdatusUser
Platform: Windows 10 Pro Version 20H2 19042.746 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\114.4.426\QtWebEngineProcess.exe <3>
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Foxit Software Incorporated -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(FSL - Freesoftland) [File not signed] C:\Program Files (x86)\FSL\IconRestorer\IconRestorer.exe
(Google Inc (TEST) -> Epic Privacy Browser) [File not signed] C:\Users\AJKimmel\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel® Upgrade Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lytro, Inc. -> ) [File not signed] C:\Program Files\Lytro\LytroService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Micro-Star International CO., LTD. -> ) [File not signed] C:\Program Files (x86)\SCM\SCM.exe
(Micro-Star International Co., Ltd.) [File not signed] C:\Program Files (x86)\S-Bar\MSIService.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <11>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics) C:\ProgramData\Samsung Apps\Portable SSD\SamsungPortableSSDMon.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe <2>
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.exe
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.Service.exe
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.ShadowsocksService.exe
(TechSmith Corporation) [File not signed] C:\Program Files (x86)\TechSmith\SnagIt 7\SnagIt32.exe
(TechSmith Corporation) [File not signed] C:\Program Files (x86)\TechSmith\SnagIt 7\TSCHelp.exe
(VideoLAN -> VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11577216 2012-08-27] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [301848 2017-06-08] (Micro-Star International CO., LTD. -> ) [File not signed]
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3347688 2016-04-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [337720 2020-11-12] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7992336 2021-01-25] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2428754776-3200477234-109872743-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company) [File not signed]
HKU\S-1-5-21-2428754776-3200477234-109872743-1000\...\Run: [Epic Privacy Browser Installer] => C:\Users\AJKimmel\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2019-07-11] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
HKU\S-1-5-21-2428754776-3200477234-109872743-1000\...\Run: [Surfshark] => C:\Program Files (x86)\Surfshark\Surfshark.exe [4358608 2021-01-25] (Surfshark Ltd. -> Surfshark)
HKU\S-1-5-21-2428754776-3200477234-109872743-1001\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1371648 2012-05-19] (Microsoft Corporation) [File not signed] [File is in use]
HKU\S-1-5-21-2428754776-3200477234-109872743-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company) [File not signed]
HKU\S-1-5-21-2428754776-3200477234-109872743-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google Inc -> Google)
HKU\S-1-5-21-2428754776-3200477234-109872743-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\CutePDF Writer Monitor: C:\WINDOWS\system32\cpwmon64.dll [85504 2007-07-12] (Acro Software Inc. -> )
HKLM\...\Print\Monitors\HP C611 Status Monitor: C:\WINDOWS\system32\hpinkstsC611LM.dll [333344 2013-05-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\PrintingScout Language Monitor for Xerox Phaser 6130: C:\WINDOWS\system32\XRZWSLAI.DLL [184320 2007-09-25] (Microsoft Windows Hardware Compatibility Publisher -> Xerox Co., Ltd.)
HKLM\...\Print\Monitors\PrintingScout Language Monitor for Xerox Phaser 6500 PCL 6: C:\WINDOWS\system32\XRXMPZIL.DLL [187904 2010-07-20] (Microsoft Windows Hardware Compatibility Publisher -> Xerox Co., Ltd.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\Users\AJKimmel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconRestorer.lnk [2016-08-20]
ShortcutTarget: IconRestorer.lnk -> C:\Program Files (x86)\FSL\IconRestorer\IconRestorer.exe (FSL - Freesoftland) [File not signed]
Startup: C:\Users\AJKimmel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar243.lnk [2021-02-02]
ShortcutTarget: Sidebar243.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) [File not signed] [File is in use]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 9.8 PE.lnk [2016-03-17]
ShortcutTarget: PHOTOfunSTUDIO 9.8 PE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation -> Panasonic Corporation)
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {006692F7-1EBD-4B4E-81A6-7D9E38003ADA} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {072546F2-EA60-4B3A-86D1-244BE05C83E8} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {07FEA12B-3416-46F4-97A7-4FE9D895B236} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1021C977-DEAB-4C64-BC79-63D499B23E83} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {16E3FF48-23B3-47AE-9D96-8358D62F98DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {1F22C044-B0B2-4706-91B3-CB9BF09C3B4B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1F566A43-E88F-4518-903D-656F2319817C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {22CB8F1D-549F-4174-A5D8-20D1DD07226C} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [677344 2021-01-27] (Mozilla Corporation -> Mozilla Foundation)
Task: {22DC6A1B-856D-4805-9666-08845666ED43} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
Task: {2322812F-A58A-403E-99FA-209E0AAC1D5F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {24A9D787-42F7-4C61-81BB-F30DDEB2B892} - System32\Tasks\DropboxUpdateTaskMachineCore1d662067361c6f9 => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
Task: {2D7298DE-A1B1-48CD-945A-01E517F15EE2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {327D4326-2CE2-40FD-99BC-E058164784AE} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {32873F5A-8C83-4E51-81FD-83BF010EAD11} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {36263298-B3F6-4863-AD16-F86A4FB5C17D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3780BB65-6780-4F13-96C2-54E9DB9FF416} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3EDA70EF-AC5F-431F-831A-334A46338004} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {419ED464-1266-4944-8E6F-19629B432D5E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_156_Plugin.exe [1457664 2019-03-13] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {4218F1AC-BA84-44C4-838B-8AC5070DA073} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4663FA9C-9D74-44B9-87BB-C9A01C47C3F1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {4B43AE99-459C-4657-BDBF-DBFB528B12FA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
Task: {4EE0DA4A-4F40-4601-B7B0-30D45E9347DF} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4FDC05A7-7F79-4FF0-9265-1A8B6409B643} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {510382C8-0AD1-42AE-81D9-9E6E66939A8D} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {53BA3101-C7D7-490B-B0F7-452AE5EBAE30} - System32\Tasks\{693768F4-BAB4-4359-BBB1-7AC3F4B06600} => C:\Windows\system32\pcalua.exe -a C:\Downloads\jxpiinstall(4).exe -d C:\Downloads
Task: {5429F5E5-BD85-437F-94C2-015E26C156BC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {554C5264-3221-4730-A606-16CCDBDE8F4A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {61B58E44-D5B5-4B94-9BF7-71173DA98C61} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6285F34B-781F-4A4F-84DC-95869276F39F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {62C7936F-3C2A-4296-9799-7553E7BCA0D0} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {6BC61AF0-052E-44F4-8471-7199FDA0F98F} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {70D633E5-C2AA-40BF-96F7-31AF35551E2C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7118A037-106A-462B-9B10-474C95907EC6} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {789572C6-BF32-4CB3-98D4-B701EFB38594} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Downloads\esetonlinescanner_enu.exe
Task: {7D70F6F1-5650-4303-AE2C-C8C460B087E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {7DA1C9F9-EB4B-4A69-BB15-34496FB7828F} - System32\Tasks\Samsung_PSSD_Registration => C:\ProgramData\Samsung Apps\Portable SSD\SamsungPortableSSDMon.exe [499184 2018-10-16] (Samsung Electronics Co., Ltd. -> Samsung Electronics)
Task: {84C26733-E6FB-41A7-8321-217CABD532F8} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {856C83F5-B10F-4061-91CD-E2C2DB8B4757} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8D380145-C032-4EE7-9B4F-4AB509B5547F} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {90697E13-65D9-4DA3-B094-EBDBB7793690} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {98650361-2BAC-432A-8845-EDD002981544} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {98BF00C5-8F38-4F89-BFBD-1C486447E3D9} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9C1AC2E2-108A-4748-A074-091C6BBE8A96} - System32\Tasks\EOSv3 Scheduler onTime => C:\Downloads\esetonlinescanner_enu.exe
Task: {9FB7D739-1521-49F1-996D-67597DB0F7B1} - System32\Tasks\{5A0C57BF-5F99-4D28-BB80-5DAB0C5986D3} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\J River\Media Jukebox 12\PackageInstaller.exe" -d C:\ -c /RegFileAssociations
Task: {A1405976-24B8-4DB6-8A0E-3FB7EC359DE5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A8430EC6-6BDB-4136-BEEE-E1C50CC05C5B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B31F665E-AE39-410A-802B-DE3AEF234815} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe
Task: {C0D93061-7EFA-48FC-8CEB-14DC67A56CB5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C14B9542-41B7-41C8-82FF-FDC24C38FA04} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {C24A3183-CA7B-4601-8FF5-1B0AA2922144} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C5200547-A3F3-4207-8123-75DE2D128F7B} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
Task: {D392E1D4-8957-43AF-A976-B27828568A58} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {D58AAEA8-2873-4D47-8469-4F973139CFBA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2019-03-13] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {D6B93678-C384-4733-BA74-C92DA6312AE2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DD18E705-E4E9-4306-8CFE-63DC7FAD9936} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
Task: {DEA0BF0F-5EEE-44E6-B42C-CAE65F1BAF11} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E0F90818-9585-4864-A351-C5717B7C28BA} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {E1161D16-16CC-4067-85CF-76687A707CF8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E7B51FCC-DB0B-441B-ADF6-471F6AA4CFE5} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E9F6959B-3ADE-4965-9E21-204800EC7DD0} - System32\Tasks\DropboxUpdateTaskMachineUA1d6620673698dca => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
Task: {EBEA78E3-0EA9-40DA-9A82-D72DB0983630} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {EDFDCE01-DF2B-4BA4-AC8F-AB16BA2F9F5F} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {F58129DF-28A0-4AB6-9279-AF52893DC9B7} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F6986AF9-364A-4291-A599-B1ED11B871A5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {F72C5B88-536C-4429-BD1A-A9972BC8C0AE} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {F8450148-0061-4C48-9DFC-D9EB8922489C} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F917E976-76D0-4C32-A366-EFB64E0AEBC7} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore1d662067361c6f9.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA1d6620673698dca.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{3c53f296-155f-47a1-9971-4c9fc62a5acf}: [DhcpNameServer] 162.252.172.57 149.154.159.92
Tcpip\..\Interfaces\{65fd769d-e176-48f6-b606-a01d4d3ef33a}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{65fd769d-e176-48f6-b606-a01d4d3ef33a}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6FD9DD12-B3D4-45E5-A715-45D6717E165B}: [NameServer] 162.252.172.57 149.154.159.92
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
=======
DownloadDir: C:\Users\AJKimmel\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-2428754776-3200477234-109872743-1000 -> hxxps://mail.google.com/mail/u/0/?pc=carousel-about-en#inbox
Edge Notifications: HKU\S-1-5-21-2428754776-3200477234-109872743-1000 -> hxxps://www.facebook.com
Edge Extension: (Video Downloader professional) -> EdgeExtension_Link64GmbHVideoDownloaderProfessionalforEdge_r8gm29f18mcyc => C:\Program Files\WindowsApps\Link64GmbH.VideoDownloaderProfessionalforEdge_1.0.12.0_neutral__r8gm29f18mcyc [2019-11-22]
Edge DefaultProfile: Default
Edge Profile: C:\Users\AJKimmel\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-02]
Edge HomePage: Default -> hxxps://mail.google.com/mail/u/0/?pc=carousel-about-en#inbox
Edge StartupUrls: Default -> "hxxps://news.google.com/?hl=en-US&gl=US&ceid=US:en"
Edge DefaultSearchURL: Default -> hxxps://www.google.fr/search?q={searchTerms}&ie={inputEncoding?}&oe={outputEncoding?}
Edge Extension: (All Video Downloader professional) - C:\Users\AJKimmel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mbpnbnogejaolbhfpfgagldkeahefbhd [2021-01-05]

FireFox:
========
FF DefaultProfile: 8beseft5.default
FF DefaultProfile: deiv6e28.default
FF ProfilePath: C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default [2021-02-02]
FF DownloadDir: C:\Downloads
FF Homepage: Mozilla\Firefox\Profiles\8beseft5.default -> hxxps://news.google.com/topstories?hl=en-US&gl=US&ceid=US:en
FF NetworkProxy: Mozilla\Firefox\Profiles\8beseft5.default -> ftp", "201.251.156.17"
FF HomepageOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: yayanotherspeeddial@bakadev.fr
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Enabled: newtaboverride@agenedia.com
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Enabled: {71ec5708-2489-11e8-8697-87e8af1da1d9}
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: custom-new-tab-page@mint.as
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: pavel.sherbakov@gmail.com
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: multilevelspeeddial@powercoder.org
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: yayanotherspeeddial@bakadev.fr
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: michal.simonfy@gmail.com
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: {241ffcc1-cc25-47e9-86e6-ab5e79147952}
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: admin@fastaddons.com_GroupSpeedDial
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: newtabtools@darktrojan.net
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Enabled: {6905b838-e843-4ee3-9df0-b4c79673b21c}
FF Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\@setupvpncom.xpi [2020-10-17]
FF Extension: (Group Speed Dial) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\admin@fastaddons.com_GroupSpeedDial.xpi [2020-12-28]
FF Extension: (Ant Video downloader) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\anttoolbar@ant.com.xpi [2021-01-28]
FF Extension: (Classic Theme Restorer) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2017-11-14] [Legacy]
FF Extension: (Custom New Tab Page) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\custom-new-tab-page@mint.as.xpi [2020-10-30]
FF Extension: (Xmarks Bookmark Sync) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\foxmarks@kei.com.xpi [2017-12-04]
FF Extension: (EverSync - Sync bookmarks, backup favorites) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\fvdmedia@gmail.com.xpi [2020-05-10]
FF Extension: (Bypass Paywalls) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\iamadamdev@hotmail.com.xpi [2018-11-12]
FF Extension: (google-weather) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\jid0-lQyK6JstbAGdiq1fp28Cl@jetpack.xpi [2018-12-30]
FF Extension: (Substital: Add Subtitles to Videos) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\jid1-Cn7LiNrWh4k6RA@jetpack.xpi [2020-10-28]
FF Extension: (New Tab Override) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\newtaboverride@agenedia.com.xpi [2019-12-31]
FF Extension: (New Tab Tools) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\newtabtools@darktrojan.net.xpi [2020-12-19]
FF Extension: (New Tab Page) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\pavel.sherbakov@gmail.com.xpi [2020-11-16]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\sp@avast.com.xpi [2020-07-03]
FF Extension: (Avast Online Security) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\wrc@avast.com.xpi [2020-06-17]
FF Extension: (Yay! Another Speed dial!) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\yayanotherspeeddial@bakadev.fr.xpi [2019-04-09]
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2018-04-13]
FF Extension: (SearchSubtitle) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{15690dc0-7102-4bec-94bd-ebf1f1ddea7b}.xpi [2018-12-26]
FF Extension: (404 Bookmarks) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{5f8d31ba-47fb-4b70-bf8d-d2113f6da22f}.xpi [2018-09-15]
FF Extension: (Save Video As) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{63f3b52d-7581-42cd-9e82-fb1b2cdb0043}.xpi [2017-11-16]
FF Extension: (Speed Dial) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2016-03-27] [Legacy]
FF Extension: (Classical Search Bar) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{6905b838-e843-4ee3-9df0-b4c79673b21c}.xpi [2020-11-07]
FF Extension: (Speed Dial Quantum) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{71ec5708-2489-11e8-8697-87e8af1da1d9}.xpi [2018-08-31]
FF Extension: (GetThemALL! 57+) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{78836ee1-63fc-4301-a7b0-75c48ac2166d}.xpi [2017-12-16]
FF Extension: (Googlebar Lite) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}.xpi [2017-04-22] [Legacy]
FF Extension: (Video DownloadHelper) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-12-16]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-01-29]
FF Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}.xpi [2017-09-22]
FF ProfilePath: C:\Users\AJKimmel\AppData\Roaming\Infogrid Pacific Pte. Ltd\AZARDI-2.0\Profiles\deiv6e28.default [2019-11-13]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_156.dll [2019-03-13] (Adobe Systems Incorporated -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_156.dll [2019-03-13] (Adobe Systems Incorporated -> )
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-08-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-08-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc -> Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-2428754776-3200477234-109872743-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\AJKimmel\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2019-07-11] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
FF Plugin HKU\S-1-5-21-2428754776-3200477234-109872743-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\AJKimmel\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2019-07-11] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]

Chrome:
=======
CHR DefaultProfile: Default"},"rappor":{"cohort_seed":30,"last_daily_sample":"13142121292734674
CHR Profile: C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default [2021-01-05]
CHR Notifications: Default -> hxxps://mail.google.com
CHR HomePage: Default -> hxxp://news.google.com/?ar=1310991475
CHR StartupUrls: Default -> "hxxp://43marks.com/mortstiff","hxxps://mail.google.com/mail/#inbox","hxxp://avxhome.se/vidoe","hxxp://www.zone-telechargement.com/","hxxp://www.imdb.com/","hxxp://www.dailymail.co.uk/home/index.html","hxxp://lefooding.com/fr","hxxp://googlenews.com/"
CHR Extension: (Google Translate) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-02-09]
CHR Extension: (Google Translate Pad) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgpafgiahigeanbnnmdbnkdkllhjndl [2014-06-06]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-07-17]
CHR Extension: (Bookmarks Side Panel) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankkfflbgjokclfgfehiinnlijdlicdb [2014-06-08]
CHR Extension: (Google Drive) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-26]
CHR Extension: (YouTube) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-10]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-05-29]
CHR Extension: (Google Search) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-07-26]
CHR Extension: (Quick Find for Google Chrome™) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dejblhmebonldngnmeidliaifgiagcjj [2015-07-17]
CHR Extension: (Chroma) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gefgglgjdlddcpcapigheknbacbmmggp [2018-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-29]
CHR Extension: (Avast Online Security) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-05-29]
CHR Extension: (MLB.com Scoreboard) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ignfgamliophfaggapcolfgjiekgppld [2014-06-06]
CHR Extension: (Diigo Read Later) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jooajjfbnpnafgndfpeboaehpddfglaj [2015-07-17]
CHR Extension: (tab packager by tab.bz) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhheoejnijomhdjilifdbjeholikpnb [2016-07-26]
CHR Extension: (Numerics Calculator & Converter) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2014-06-06]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
CHR Extension: (French Dictionary) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnhkhjchchenblaemilhmkbdkkdkdchn [2015-07-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-01-06]
CHR Extension: (Print Friendly & PDF) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2020-05-29]
CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole [2015-03-31]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2014-06-06]
CHR Extension: (Evernote Web Clipper) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2020-05-29]
CHR Extension: (World Clocks 2) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjgoijhajhaahklokegbfnohialajpej [2015-03-31]
CHR Extension: (Gmail) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-01-06]
CHR Extension: (Chrome Media Router) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-05]
CHR Extension: (G App Launcher (Customizer for Google™)) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponjkmladgjfjgllmhnkhgbgocdigcjm [2020-05-29]
CHR HKU\S-1-5-21-2428754776-3200477234-109872743-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\AJKimmel\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-06-07]
CHR HKU\S-1-5-21-2428754776-3200477234-109872743-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2019-03-13] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44064 2021-01-25] (Dropbox, Inc -> Dropbox, Inc.)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1648840 2016-08-05] (Foxit Software Incorporated -> Foxit Software Inc.)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 LytroService; C:\Program Files\Lytro\lytroservice.exe [202336 2014-10-21] (Lytro, Inc. -> ) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes Corporation -> Malwarebytes)
S3 Media Jukebox 14 Service; C:\Program Files (x86)\J River\Media Jukebox 14\JRService.exe [379400 2010-07-15] (J. River Inc. -> J. River, Inc.)
R2 Micro Star SCM; C:\Program Files (x86)\S-Bar\MSIService.exe [160768 2011-11-02] (Micro-Star International Co., Ltd.) [File not signed]
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [490496 2012-07-23] () [File not signed]
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia -> Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia -> Secunia)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Surfshark Service; C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe [436688 2020-06-15] (Surfshark Ltd. -> Surfshark)
R2 Surfshark Shadowsocks Service; C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe [436688 2020-06-15] (Surfshark Ltd. -> Surfshark)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bflwfx64.sys [66928 2012-07-23] (Qualcomm Atheros, Inc. -> Qualcomm Atheros, Inc.)
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [14456 2013-06-05] (GFI Software Development Ltd. -> GFI Software)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2021-02-02] (Malwarebytes Corporation -> Malwarebytes)
R1 pango_netfilter2; C:\WINDOWS\System32\drivers\pango_netfilter2.sys [84168 2020-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Pango Inc)
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia -> Secunia)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-10-16] (Corel Corporation -> Corel Corporation)
R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [34512 2020-05-22] (NCH Software -> )
S3 SurfsharkSplitTunnelDriver; C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelCalloutDriver.sys [39648 2020-12-28] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [40664 2016-11-07] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapsurfshark; C:\WINDOWS\System32\drivers\tapsurfshark.sys [38728 2020-06-15] (WDKTestCert Lenovo,131775874531219913 -> The OpenVPN Project)
S3 visctap0901; C:\WINDOWS\System32\drivers\visctap0901.sys [39048 2015-08-26] (SparkLabs Pty Ltd -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 wintunshark; C:\WINDOWS\system32\DRIVERS\wintunshark.sys [31096 2020-09-17] (WDKTestCert nikod,132409123292239223 -> Surfshark Ltd)
U3 idsvc; no ImagePath
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-02 14:25 - 2021-02-02 14:31 - 000000000 ____D C:\Users\AJKimmel\Desktop\PC Problem 2-21
2021-02-02 14:20 - 2021-02-02 14:20 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-02-02 14:20 - 2021-02-02 14:20 - 000001912 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-02-02 14:20 - 2021-02-02 14:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2021-02-02 14:20 - 2021-02-02 14:20 - 000000000 ____D C:\ProgramData\MB2Migration
2021-02-02 14:20 - 2021-02-02 14:20 - 000000000 ____D C:\Program Files\Malwarebytes
2021-02-02 14:20 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-02-01 15:21 - 2021-02-01 15:21 - 000000000 ___HD C:\$SysReset
2021-02-01 15:18 - 2021-02-01 15:18 - 001003084 _____ C:\WINDOWS\Minidump\020121-47500-01.dmp
2021-02-01 14:07 - 2021-02-02 14:33 - 000000000 ____D C:\FRST
2021-01-31 23:42 - 2021-01-31 23:42 - 000000842 _____ C:\Users\AJKimmel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-01-31 23:42 - 2021-01-31 23:42 - 000000714 _____ C:\Users\AJKimmel\Desktop\ESET Online Scanner.lnk
2021-01-31 23:39 - 2021-01-31 23:39 - 000999972 _____ C:\WINDOWS\Minidump\013121-13687-01.dmp
2021-01-31 00:43 - 2021-01-31 00:43 - 001980444 _____ C:\WINDOWS\Minidump\013121-45937-01.dmp
2021-01-29 16:14 - 2021-01-29 16:14 - 000000000 ____D C:\Users\AJKimmel\Desktop\Washburn
2021-01-29 14:12 - 2021-02-02 02:30 - 000000000 ____D C:\Users\AJKimmel\Desktop\Treavor Comp
2021-01-29 01:37 - 2021-01-29 01:37 - 000000847 _____ C:\Users\AJKimmel\AppData\Local\recently-used.xbel
2021-01-28 15:27 - 2021-02-01 15:19 - 000000000 ____D C:\WINDOWS\Minidump
2021-01-28 15:27 - 2021-01-28 15:27 - 001003108 _____ C:\WINDOWS\Minidump\012821-39843-01.dmp
2021-01-28 13:10 - 2021-01-28 13:10 - 000000000 ____D C:\Users\AJKimmel\AppData\Local\OneDrive
2021-01-28 13:09 - 2021-01-28 13:09 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-01-28 12:46 - 2021-01-28 03:58 - 000000000 ____D C:\Windows.old
2021-01-28 12:43 - 2021-01-28 12:43 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2021-01-28 12:42 - 2021-01-28 12:46 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-01-28 12:41 - 2021-01-28 12:42 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-01-28 12:41 - 2021-01-28 12:41 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-01-28 12:40 - 2021-01-28 12:40 - 000000000 ____D C:\ProgramData\ssh
2021-01-28 12:37 - 2021-01-28 12:37 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-01-28 12:37 - 2021-01-28 12:37 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-01-28 12:37 - 2021-01-28 12:37 - 001309504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-01-28 12:37 - 2021-01-28 12:37 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-28 12:37 - 2021-01-28 12:37 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-28 12:37 - 2021-01-28 12:37 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-28 12:37 - 2021-01-28 12:37 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-28 12:37 - 2021-01-28 12:37 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-28 12:37 - 2021-01-28 12:37 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-28 12:37 - 2021-01-28 12:37 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000111616 _____ C:\WINDOWS\system32\RDVGHelper.exe
2021-01-28 12:37 - 2021-01-28 12:37 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-28 12:37 - 2021-01-28 12:37 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-28 12:37 - 2021-01-28 12:37 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-28 12:37 - 2021-01-28 12:37 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-28 12:37 - 2021-01-28 12:37 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-28 12:36 - 2021-01-28 12:36 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-01-28 12:36 - 2021-01-28 12:36 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-01-28 12:36 - 2021-01-28 12:36 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-01-28 12:36 - 2021-01-28 12:36 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-28 12:36 - 2021-01-28 12:36 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000707544 _____ C:\WINDOWS\system32\TextShaping.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-28 12:36 - 2021-01-28 12:36 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-28 12:36 - 2021-01-2

#2 nasdaq

Forum Deity

Global Moderator
49,408 posts

Posted 02 February 2021 - 10:27 AM

Hello, Welcome to SpywareInfoForum.

I'm nasdaq and will be helping you.

I'm reviewing our logs and will get back to you this PM or early tomorrow morning.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 mortstiff

Advanced Member

Full Member
106 posts

Posted 02 February 2021 - 11:18 AM

Great, thanks. Just to add, I ran some malware programs (eg. esetonline), a registry scan, and the command sfc/scannow - nothing came up.

#4 nasdaq

Forum Deity

Global Moderator
49,408 posts

Posted 02 February 2021 - 01:21 PM

Hello, Welcome to SpywareInfoForum.

I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.

===

Adove Flash Player has been discontinued.

Remove this program in bold using the Control Panel > Programs > Programs and Features...

Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.156 - Adobe Systems Incorporated)

<<<>>>

Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.

Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.

start::
 
CreateRestorePoint:
CloseProcesses:
 
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {07FEA12B-3416-46F4-97A7-4FE9D895B236} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1021C977-DEAB-4C64-BC79-63D499B23E83} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2D7298DE-A1B1-48CD-945A-01E517F15EE2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {36263298-B3F6-4863-AD16-F86A4FB5C17D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3780BB65-6780-4F13-96C2-54E9DB9FF416} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4218F1AC-BA84-44C4-838B-8AC5070DA073} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5429F5E5-BD85-437F-94C2-015E26C156BC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {6285F34B-781F-4A4F-84DC-95869276F39F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {856C83F5-B10F-4061-91CD-E2C2DB8B4757} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A8430EC6-6BDB-4136-BEEE-E1C50CC05C5B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {C0D93061-7EFA-48FC-8CEB-14DC67A56CB5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C14B9542-41B7-41C8-82FF-FDC24C38FA04} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {DEA0BF0F-5EEE-44E6-B42C-CAE65F1BAF11} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E1161D16-16CC-4067-85CF-76687A707CF8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
CHR Extension: (tab packager by tab.bz) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhheoejnijomhdjilifdbjeholikpnb [2016-07-26]
CHR Extension: (World Clocks 2) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjgoijhajhaahklokegbfnohialajpej [2015-03-31]
U3 idsvc; no ImagePath
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
 
 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  -> No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  -> No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  -> No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} =>  -> No File
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [240]
HKU\S-1-5-21-2428754776-3200477234-109872743-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://fr.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2428754776-3200477234-109872743-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://fr.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2428754776-3200477234-109872743-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2428754776-3200477234-109872743-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
 
Hosts:
 
CMD: netsh int ip reset
CMD: ipconfig /flushDNS
 
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "C:\Windows\SYSTEM32\lodctr.exe" /R
CMD: "C:\Windows\SysWOW64\lodctr.exe" /R
 
cmd: DISM.exe /Online /Cleanup-image /Restorehealth
 
EmptyTemp:
 
End::

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.

The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Download Farbar's Service Scanner utility

http://www.bleepingc...-scanner/dl/62/

and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

Internet Services

Windows Firewall

System Restore

Security Center/Action Center

Windows Update

Windows Defender

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

<<<>>>

Please post the Fixlog.txt and the FSS.txt logs for my review.

Let me know what problem persists.

#5 mortstiff

Advanced Member

Full Member
106 posts

Posted 02 February 2021 - 03:32 PM

Thanks for your help.

Below is he FRST fixlog.txt. I tried to download the Farbar Service Scanner utility from the bleepingcomputer site at both firefox and Edge, but both attempts were unsuccessful. It downloaded from firefox, but when I tried to move it to the Desktop, it disappeared. At Edge, it wouldn't download because 'it will harm the computer'.

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-01-2021
Ran by AJKimmel (02-02-2021 22:04:14) Run:1
Running from F:\00SAVED\Malware software
Loaded Profiles: AJKimmel & UpdatusUser
Boot Mode: Normal
==============================================

fixlist content:
*****************

CreateRestorePoint:
CloseProcesses:

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {07FEA12B-3416-46F4-97A7-4FE9D895B236} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1021C977-DEAB-4C64-BC79-63D499B23E83} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2D7298DE-A1B1-48CD-945A-01E517F15EE2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {36263298-B3F6-4863-AD16-F86A4FB5C17D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3780BB65-6780-4F13-96C2-54E9DB9FF416} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4218F1AC-BA84-44C4-838B-8AC5070DA073} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5429F5E5-BD85-437F-94C2-015E26C156BC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {6285F34B-781F-4A4F-84DC-95869276F39F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {856C83F5-B10F-4061-91CD-E2C2DB8B4757} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A8430EC6-6BDB-4136-BEEE-E1C50CC05C5B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {C0D93061-7EFA-48FC-8CEB-14DC67A56CB5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C14B9542-41B7-41C8-82FF-FDC24C38FA04} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {DEA0BF0F-5EEE-44E6-B42C-CAE65F1BAF11} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E1161D16-16CC-4067-85CF-76687A707CF8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
CHR Extension: (tab packager by tab.bz) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhheoejnijomhdjilifdbjeholikpnb [2016-07-26]
CHR Extension: (World Clocks 2) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjgoijhajhaahklokegbfnohialajpej [2015-03-31]
U3 idsvc; no ImagePath
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => -> No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => -> No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => -> No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => -> No File
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [240]
HKU\S-1-5-21-2428754776-3200477234-109872743-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://fr.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2428754776-3200477234-109872743-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://fr.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2428754776-3200477234-109872743-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2428754776-3200477234-109872743-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)

Hosts:

CMD: netsh int ip reset
CMD: ipconfig /flushDNS

CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "C:\Windows\SYSTEM32\lodctr.exe" /R
CMD: "C:\Windows\SysWOW64\lodctr.exe" /R

cmd: DISM.exe /Online /Cleanup-image /Restorehealth

EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{07FEA12B-3416-46F4-97A7-4FE9D895B236}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07FEA12B-3416-46F4-97A7-4FE9D895B236}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1021C977-DEAB-4C64-BC79-63D499B23E83}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1021C977-DEAB-4C64-BC79-63D499B23E83}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D7298DE-A1B1-48CD-945A-01E517F15EE2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D7298DE-A1B1-48CD-945A-01E517F15EE2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36263298-B3F6-4863-AD16-F86A4FB5C17D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36263298-B3F6-4863-AD16-F86A4FB5C17D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3780BB65-6780-4F13-96C2-54E9DB9FF416}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3780BB65-6780-4F13-96C2-54E9DB9FF416}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4218F1AC-BA84-44C4-838B-8AC5070DA073}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4218F1AC-BA84-44C4-838B-8AC5070DA073}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5429F5E5-BD85-437F-94C2-015E26C156BC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5429F5E5-BD85-437F-94C2-015E26C156BC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6285F34B-781F-4A4F-84DC-95869276F39F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6285F34B-781F-4A4F-84DC-95869276F39F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{856C83F5-B10F-4061-91CD-E2C2DB8B4757}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{856C83F5-B10F-4061-91CD-E2C2DB8B4757}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8430EC6-6BDB-4136-BEEE-E1C50CC05C5B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8430EC6-6BDB-4136-BEEE-E1C50CC05C5B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C0D93061-7EFA-48FC-8CEB-14DC67A56CB5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0D93061-7EFA-48FC-8CEB-14DC67A56CB5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C14B9542-41B7-41C8-82FF-FDC24C38FA04}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C14B9542-41B7-41C8-82FF-FDC24C38FA04}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DEA0BF0F-5EEE-44E6-B42C-CAE65F1BAF11}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DEA0BF0F-5EEE-44E6-B42C-CAE65F1BAF11}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1161D16-16CC-4067-85CF-76687A707CF8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1161D16-16CC-4067-85CF-76687A707CF8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
CHR Extension: (tab packager by tab.bz) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhheoejnijomhdjilifdbjeholikpnb [2016-07-26] => Error: No automatic fix found for this entry.
CHR Extension: (World Clocks 2) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjgoijhajhaahklokegbfnohialajpej [2015-03-31] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\idsvc => removed successfully
idsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\intaud_WaveExtensible => removed successfully
intaud_WaveExtensible => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SugarSync => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\SugarSync => removed successfully
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully
HKU\S-1-5-21-2428754776-3200477234-109872743-1000\Software\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft..../?LinkId=54896"=> value restored successfully
HKU\S-1-5-21-2428754776-3200477234-109872743-1001\Software\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft..../?LinkId=54896"=> value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => removed successfully
HKU\S-1-5-21-2428754776-3200477234-109872743-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => removed successfully
HKU\S-1-5-21-2428754776-3200477234-109872743-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => removed successfully
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) => Error: No automatic fix found for this entry.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= netsh int ip reset =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= ipconfig /flushDNS =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========

Error: Unable to rebuild performance counter setting from system backup store, error code is 2
========= End of CMD: =========

========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========

Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========

========= "C:\Windows\SYSTEM32\lodctr.exe" /R =========

Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========

========= "C:\Windows\SysWOW64\lodctr.exe" /R =========

Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========

========= DISM.exe /Online /Cleanup-image /Restorehealth =========

Deployment Image Servicing and Management tool
Version: 10.0.19041.746

Image Version: 10.0.19042.746

[==                         3.8%                           ]

[==                         4.4%                           ]

[===                        5.2%                           ]

[===                        6.0%                           ]

[====                       7.0%                           ]

[====                       7.8%                           ]

[=====                      8.8%                           ]

[=====                      9.7%                           ]

[======                     10.7%                          ]

[======                     11.7%                          ]

[=======                    12.7%                          ]

[=======                    13.7%                          ]

[========                   14.6%                          ]

[=========                  15.6%                          ]

[=========                  16.6%                          ]

[==========                 17.6%                          ]

[==========                 18.3%                          ]

[===========                19.2%                          ]

[===========                19.5%                          ]

[===========                20.2%                          ]

[============               20.8%                          ]

[============               20.9%                          ]

[============               21.0%                          ]

[============               21.8%                          ]

[=============              22.8%                          ]

[=============              23.8%                          ]

[==============             24.8%                          ]

[==============             25.7%                          ]

[===============            26.7%                          ]

[================           27.7%                          ]

[================           28.7%                          ]

[=================          29.7%                          ]

[=================          30.6%                          ]

[==================         31.6%                          ]

[==================         32.6%                          ]

[===================        33.0%                          ]

[===================        33.4%                          ]

[===================        34.0%                          ]

[====================       34.6%                          ]

[====================       35.3%                          ]

[====================       35.9%                          ]

[=====================      36.8%                          ]

[=====================      37.1%                          ]

[=====================      37.5%                          ]

[======================     38.0%                          ]

[======================     38.6%                          ]

[======================     38.6%                          ]

[======================     38.9%                          ]

[=======================    39.7%                          ]

[=======================    40.7%                          ]

[========================   41.6%                          ]

[========================   42.0%                          ]

[========================   42.5%                          ]

[========================   42.9%                          ]

[========================= 43.8%                          ]

[========================= 44.3%                          ]

[========================== 45.0%                          ]

[========================== 46.0%                          ]

[===========================46.9%                          ]

[===========================47.9%                          ]

[===========================48.9%                          ]

[===========================49.9%                          ]

[===========================50.9%                          ]

[===========================51.2%                          ]

[===========================51.3%                          ]

[===========================51.5%                          ]

[===========================51.6%                          ]

[===========================51.6%                          ]

[===========================51.6%                          ]

[===========================51.7%                          ]

[===========================51.7%                          ]

[===========================51.7%                          ]

[===========================51.8%                          ]

[===========================51.8%                          ]

[===========================51.8%                          ]

[===========================51.8%                          ]

[===========================51.9%                          ]

[===========================52.0%                          ]

[===========================52.1%                          ]

[===========================52.1%                          ]

[===========================52.2%                          ]

[===========================52.2%                          ]

[===========================52.3%                          ]

[===========================52.5%                          ]

[===========================52.5%                          ]

[===========================52.6%                          ]

[===========================52.6%                          ]

[===========================52.7%                          ]

[===========================52.8%                          ]

[===========================52.8%                          ]

[===========================52.9%                          ]

[===========================53.0%                          ]

[===========================53.0%                          ]

[===========================53.1%                          ]

[===========================53.1%                          ]

[===========================53.1%                          ]

[===========================53.1%                          ]

[===========================53.2%                          ]

[===========================53.2%                          ]

[===========================53.3%                          ]

[===========================53.3%                          ]

[===========================53.4%                          ]

[===========================53.4%                          ]

[===========================53.4%                          ]

[===========================53.5%                          ]

[===========================53.6%                          ]

[===========================53.7%                          ]

[===========================54.0%                          ]

[===========================54.0%                          ]

[===========================54.1%                          ]

[===========================54.2%                          ]

[===========================54.2%                          ]

[===========================54.3%                          ]

[===========================54.5%                          ]

[===========================54.6%                          ]

[===========================54.6%                          ]

[===========================54.6%                          ]

[===========================55.5%                          ]

[===========================56.0%                          ]

[===========================56.5%                          ]

[===========================57.4%=                         ]

[===========================58.4%=                         ]

[===========================59.4%==                        ]

[===========================60.4%===                       ]

[===========================62.3%====                      ]

[===========================84.9%=================         ]

[==========================100.0%==========================]
The restore operation completed successfully.
The operation completed successfully.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20161216 B
Java, Flash, Steam htmlcache => 1331 B
Windows/system/drivers => 1311595 B
Edge => 1614786 B
Chrome => 41281819 B
Firefox => 1430258599 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6144 B
Users => 6144 B
ProgramData => 6144 B
Public => 6144 B
systemprofile => 6144 B
systemprofile32 => 6144 B
LocalService => 13406 B
NetworkService => 46652 B
AJKimmel => 283636478 B
UpdatusUser => 283642622 B
DefaultAppPool => 283648766 B

RecycleBin => 0 B
EmptyTemp: => 2.2 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 22:11:03 ====

#6 nasdaq

Forum Deity

Global Moderator
49,408 posts

Posted 03 February 2021 - 08:30 AM

Hi,

The Farbar program is updated often.

If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.

OR, you should restore the program from the Quarantine folder.

===

How it the computer running?

#7 mortstiff

Advanced Member

Full Member
106 posts

Posted 03 February 2021 - 08:59 AM

No matter what I try, I can't get that Farbar program to run - I get a Windows pop-up box that says the following:

C:\Downloads\FSS.exe

Operation did not complete successfully because the file contains a virus or potentially unwanted software

So far, I haven't had a crash since the repair. Do you have any idea what caused the problem? Was it malware?

Also, last night (probably stupidly), I downloaded a pretty heavy music mastering studio software, with a bunch of plugins - I hope that doesn't screw things up again, but as I said, there hasn't been a crash since the repair.

How crucial is it that I run that Farbar program?

Once again, I really appreciate your help.

#8 nasdaq

Forum Deity

Global Moderator
49,408 posts

Posted 03 February 2021 - 02:15 PM

Hi,

You used Windows Defender.

Restore the programs.

How to Delete/Restore quarantined files.

https://docs.microso...ender-antivirus

Follow the directives on the page to Restore all the files in the quarantine folder.

<<<>>>

p.s.

If all is well there is no need to run these programs.

When you download programs and Windows Defender sees some possible malware it will quarantine the file.

Check the notice that you would normally get from it. The notice may not be obvious but it's showing in the bottom of the screen.

#9 mortstiff

Advanced Member

Full Member
106 posts

Posted 03 February 2021 - 03:38 PM

This is what is detected with the FSS.exe program, after following your instructions. It scares me to run this program.

Trojan:Win32/Wacatac.D3!ml

I did have a slight freeze up after my last post, but it resolved itself and I didn't get a blue screen.

#10 mortstiff

Advanced Member

Full Member
106 posts

Posted 03 February 2021 - 07:23 PM

Looks like I'm back to square one. After a full day of use, the laptop crashed twice, with the blue screen, and the subsequent boot sequence screwed up. Any suggestions?

Edited by mortstiff, 03 February 2021 - 08:05 PM.

#11 nasdaq

Forum Deity

Global Moderator
49,408 posts

Posted 04 February 2021 - 09:28 AM

Hi,

This error was reported on Feb. 01

Error: (02/01/2021 03:18:58 PM) (Source: BugCheck) (

Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff80753c11bcf, 0xffffb203c3405958, 0xffffb203c3405190)

If you got the same error it could be caused by a Wrong Driver or some Disk problems.

Check the integrity of the Hard disk.

Log into Windows 10.

Press the Windows key to open the Start Menu.

Select Search.

Type-in cmd.

Right-click on Command Prompt from the search results list.

Click Run as administrator.

When Command Prompt launches, type the command: chkdsk C: /r (There is a space after the C: and before the /r

Restart the computer normally.

===

Follow the directives on this page.

Update drivers in Windows 10

https://support.micr...t Update Driver.

Restart the computer normally.

Can you now download and run the C:\Downloads\FSS.exe program?

#12 mortstiff

Advanced Member

Full Member
106 posts

Posted 04 February 2021 - 09:33 AM

Thanks. I'll try your recommendations tonight.

In the meantime, this is what I previously posted about that FSS program. I'm loathe to run something that is identified as a trojan:

This is what is detected with the FSS.exe program, after following your instructions. It scares me to run this program.

Trojan:Win32/Wacatac.D3!ml

#13 Rocket Grannie

SWI Australian Rebel

Administrators
8,005 posts

Posted 04 February 2021 - 04:45 PM

Hello mortstiff

I also write computer security programs. If you run this program of mine windows will flag it as unsafe but all it does is scan the security programs on the computer and tell you if any are out of date.
https://www.spywarei...ie/#entry802056

The FSS.exe program is told to look for programs such as Trojan:Win32/Wacatac.D3!ml and identify them as bad.
That is why windows is warning you about it.

The bottom line is:
Do you trust nasdaq? And if you do then be assured that he would not ask you to run a program that contained malware.

As long as you downloaded the program from the link he gave to you and not from any other site.

I hope this is a help to you.

Rocket Grannie

My help is free however if you wish to make a donation please see Here

#14 mortstiff

Advanced Member

Full Member
106 posts

Posted 04 February 2021 - 07:08 PM

Thanks, Rocket Grannie. I come to this forum because I trust the moderators, and have confidence that they wouldn't lead me to a virus. But my fear was that maybe there was a recent iteration of the program that was dangerous. At any rate, I'll give it a shot.

#15 Rocket Grannie

SWI Australian Rebel

Administrators
8,005 posts

Posted 04 February 2021 - 07:33 PM

This is the link at Bleeping Computer. They too are a reliable, safe site.

My security programs had a nervous breakdown when I downloaded it also but I just kept pressing allow or ignore. :tongue:

https://www.bleeping...-scanner/dl/62/

My help is free however if you wish to make a donation please see Here

#16 mortstiff

Advanced Member

Full Member
106 posts

Posted 04 February 2021 - 08:07 PM

Can you now download and run the C:\Downloads\FSS.exe program?

No! I followed the recommendations for restoring quarantined files, but wasn't given any options for taking action (step 4). Very frustrating.

Ran the chkdsk, still had one crash today (again, late at night). Will next try the driver updates.

#17 mortstiff

Advanced Member

Full Member
106 posts

Posted 04 February 2021 - 08:09 PM

This is the link at Bleeping Computer. They too are a reliable, safe site.

My security programs had a nervous breakdown when I downloaded it also but I just kept pressing allow or ignore.

https://www.bleeping...-scanner/dl/62/

That's where I've gotten it, about 50 times now.

#18 nasdaq

Forum Deity

Global Moderator
49,408 posts

Posted 05 February 2021 - 09:19 AM

HI,

Your log show that Windows Defender is your default Security program.

Did you ever install an other Virus protection software on this computer?

Is so which one(s).

Can you run now the Farbar Programs that you first used to submit your logs?

If yes then please post fresh logs for my review.

#19 mortstiff

Advanced Member

Full Member
106 posts

Posted 05 February 2021 - 11:09 AM

I used Avast for some time, until maybe sometime last year.

I'll post the logs for you tonight.

I checked the driver updates, and everything was up to date. I also ran the chkdsk procedure a couple of times - no logs (that I'm aware of) or anything saying whether there were problems that were fixed.

#20 nasdaq

Forum Deity

Global Moderator
49,408 posts

Posted 05 February 2021 - 02:27 PM

Hi,

Avast

Download and run their uninstaller tool from this site.

https://www.avast.co...install-utility

Restart the computer when the removal is completed.

-----

Let me know if you now can download the programs I suggested.

#21 mortstiff

Advanced Member

Full Member
106 posts

Posted 05 February 2021 - 06:17 PM

Still can't run the Farbar Service Security, as I've explained above. Did the Avast uninstall, although twice while trying to enter Safe Mode, the blue screen popped up. The Rocket Grannie claims that Java is out of date, but I removed the current version and installed the latest version from here (x64): https://www.java.com...load/manual.jsp

This morning (6 Feb.), when I attempted to boot up, the boot sequence was screwed up, with the laptop set on booting from the CD drive.

The logs follow.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-02-2021
Ran by AJKimmel (administrator) on AJKIMMEL-PC ( GT70) (06-02-2021 00:49:04)
Running from F:\00SAVED\Malware software
Loaded Profiles: AJKimmel & UpdatusUser
Platform: Windows 10 Pro Version 20H2 19042.746 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\115.4.601\QtWebEngineProcess.exe <3>
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Foxit Software Incorporated -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(FSL - Freesoftland) [File not signed] C:\Program Files (x86)\FSL\IconRestorer\IconRestorer.exe
(Google Inc (TEST) -> Epic Privacy Browser) [File not signed] C:\Users\AJKimmel\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel® Upgrade Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lytro, Inc. -> ) [File not signed] C:\Program Files\Lytro\LytroService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Micro-Star International CO., LTD. -> ) [File not signed] C:\Program Files (x86)\SCM\SCM.exe
(Micro-Star International Co., Ltd.) [File not signed] C:\Program Files (x86)\S-Bar\MSIService.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <12>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics) C:\ProgramData\Samsung Apps\Portable SSD\SamsungPortableSSDMon.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe <2>
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.exe
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.Service.exe
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.ShadowsocksService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11577216 2012-08-27] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [301848 2017-06-08] (Micro-Star International CO., LTD. -> ) [File not signed]
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3347688 2016-04-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [337720 2020-11-12] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7992336 2021-02-03] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2428754776-3200477234-109872743-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company) [File not signed]
HKU\S-1-5-21-2428754776-3200477234-109872743-1000\...\Run: [Epic Privacy Browser Installer] => C:\Users\AJKimmel\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2019-07-11] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
HKU\S-1-5-21-2428754776-3200477234-109872743-1000\...\Run: [Surfshark] => C:\Program Files (x86)\Surfshark\Surfshark.exe [4358608 2021-01-25] (Surfshark Ltd. -> Surfshark)
HKU\S-1-5-21-2428754776-3200477234-109872743-1001\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1371648 2012-05-19] (Microsoft Corporation) [File not signed] [File is in use]
HKU\S-1-5-21-2428754776-3200477234-109872743-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company) [File not signed]
HKU\S-1-5-21-2428754776-3200477234-109872743-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google Inc -> Google)
HKU\S-1-5-21-2428754776-3200477234-109872743-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\CutePDF Writer Monitor: C:\WINDOWS\system32\cpwmon64.dll [85504 2007-07-12] (Acro Software Inc. -> )
HKLM\...\Print\Monitors\HP C611 Status Monitor: C:\WINDOWS\system32\hpinkstsC611LM.dll [333344 2013-05-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\PrintingScout Language Monitor for Xerox Phaser 6130: C:\WINDOWS\system32\XRZWSLAI.DLL [184320 2007-09-25] (Microsoft Windows Hardware Compatibility Publisher -> Xerox Co., Ltd.)
HKLM\...\Print\Monitors\PrintingScout Language Monitor for Xerox Phaser 6500 PCL 6: C:\WINDOWS\system32\XRXMPZIL.DLL [187904 2010-07-20] (Microsoft Windows Hardware Compatibility Publisher -> Xerox Co., Ltd.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\Users\AJKimmel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconRestorer.lnk [2016-08-20]
ShortcutTarget: IconRestorer.lnk -> C:\Program Files (x86)\FSL\IconRestorer\IconRestorer.exe (FSL - Freesoftland) [File not signed]
Startup: C:\Users\AJKimmel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar813.lnk [2021-02-06]
ShortcutTarget: Sidebar813.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) [File not signed] [File is in use]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 9.8 PE.lnk [2016-03-17]
ShortcutTarget: PHOTOfunSTUDIO 9.8 PE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation -> Panasonic Corporation)
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {006692F7-1EBD-4B4E-81A6-7D9E38003ADA} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {072546F2-EA60-4B3A-86D1-244BE05C83E8} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {1008D95F-0EBD-494C-A8B0-7A44FC806D1B} - System32\Tasks\NCH Software\SoundTapSevenDays => C:\Program Files (x86)\NCH Software\SoundTap\SoundTap.exe [1082944 2019-03-01] (NCH Software Pty Ltd -> NCH Software)
Task: {16E3FF48-23B3-47AE-9D96-8358D62F98DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {1F22C044-B0B2-4706-91B3-CB9BF09C3B4B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1F566A43-E88F-4518-903D-656F2319817C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {22CB8F1D-549F-4174-A5D8-20D1DD07226C} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [677344 2021-01-27] (Mozilla Corporation -> Mozilla Foundation)
Task: {22DC6A1B-856D-4805-9666-08845666ED43} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
Task: {2322812F-A58A-403E-99FA-209E0AAC1D5F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {24A9D787-42F7-4C61-81BB-F30DDEB2B892} - System32\Tasks\DropboxUpdateTaskMachineCore1d662067361c6f9 => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
Task: {327D4326-2CE2-40FD-99BC-E058164784AE} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {32873F5A-8C83-4E51-81FD-83BF010EAD11} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3EDA70EF-AC5F-431F-831A-334A46338004} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4663FA9C-9D74-44B9-87BB-C9A01C47C3F1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {4B43AE99-459C-4657-BDBF-DBFB528B12FA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
Task: {4EE0DA4A-4F40-4601-B7B0-30D45E9347DF} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4FDC05A7-7F79-4FF0-9265-1A8B6409B643} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {510382C8-0AD1-42AE-81D9-9E6E66939A8D} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {53BA3101-C7D7-490B-B0F7-452AE5EBAE30} - System32\Tasks\{693768F4-BAB4-4359-BBB1-7AC3F4B06600} => C:\Windows\system32\pcalua.exe -a C:\Downloads\jxpiinstall(4).exe -d C:\Downloads
Task: {554C5264-3221-4730-A606-16CCDBDE8F4A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {61B58E44-D5B5-4B94-9BF7-71173DA98C61} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {62C7936F-3C2A-4296-9799-7553E7BCA0D0} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {6BC61AF0-052E-44F4-8471-7199FDA0F98F} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {70D633E5-C2AA-40BF-96F7-31AF35551E2C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7118A037-106A-462B-9B10-474C95907EC6} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {789572C6-BF32-4CB3-98D4-B701EFB38594} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Downloads\esetonlinescanner_enu.exe
Task: {7D70F6F1-5650-4303-AE2C-C8C460B087E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {7DA1C9F9-EB4B-4A69-BB15-34496FB7828F} - System32\Tasks\Samsung_PSSD_Registration => C:\ProgramData\Samsung Apps\Portable SSD\SamsungPortableSSDMon.exe [499184 2018-10-16] (Samsung Electronics Co., Ltd. -> Samsung Electronics)
Task: {84C26733-E6FB-41A7-8321-217CABD532F8} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8D380145-C032-4EE7-9B4F-4AB509B5547F} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {90697E13-65D9-4DA3-B094-EBDBB7793690} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {98650361-2BAC-432A-8845-EDD002981544} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {98BF00C5-8F38-4F89-BFBD-1C486447E3D9} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9C1AC2E2-108A-4748-A074-091C6BBE8A96} - System32\Tasks\EOSv3 Scheduler onTime => C:\Downloads\esetonlinescanner_enu.exe
Task: {9FB7D739-1521-49F1-996D-67597DB0F7B1} - System32\Tasks\{5A0C57BF-5F99-4D28-BB80-5DAB0C5986D3} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\J River\Media Jukebox 12\PackageInstaller.exe" -d C:\ -c /RegFileAssociations
Task: {A1405976-24B8-4DB6-8A0E-3FB7EC359DE5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B31F665E-AE39-410A-802B-DE3AEF234815} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe
Task: {C24A3183-CA7B-4601-8FF5-1B0AA2922144} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C5200547-A3F3-4207-8123-75DE2D128F7B} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
Task: {D392E1D4-8957-43AF-A976-B27828568A58} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {D6B93678-C384-4733-BA74-C92DA6312AE2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DD18E705-E4E9-4306-8CFE-63DC7FAD9936} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
Task: {E0F90818-9585-4864-A351-C5717B7C28BA} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {E7B51FCC-DB0B-441B-ADF6-471F6AA4CFE5} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E9F6959B-3ADE-4965-9E21-204800EC7DD0} - System32\Tasks\DropboxUpdateTaskMachineUA1d6620673698dca => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
Task: {EBEA78E3-0EA9-40DA-9A82-D72DB0983630} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {EDFDCE01-DF2B-4BA4-AC8F-AB16BA2F9F5F} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {F58129DF-28A0-4AB6-9279-AF52893DC9B7} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F6986AF9-364A-4291-A599-B1ED11B871A5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {F72C5B88-536C-4429-BD1A-A9972BC8C0AE} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {F8450148-0061-4C48-9DFC-D9EB8922489C} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F917E976-76D0-4C32-A366-EFB64E0AEBC7} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore1d662067361c6f9.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA1d6620673698dca.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{36FD2394-9D62-47AF-9B6E-7EA0D1F89B99}: [NameServer] 162.252.172.57 149.154.159.92
Tcpip\..\Interfaces\{3c53f296-155f-47a1-9971-4c9fc62a5acf}: [DhcpNameServer] 162.252.172.57 149.154.159.92
Tcpip\..\Interfaces\{65fd769d-e176-48f6-b606-a01d4d3ef33a}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{65fd769d-e176-48f6-b606-a01d4d3ef33a}: [DhcpNameServer] 192.168.1.1

Edge:
=======
DownloadDir: C:\Users\AJKimmel\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-2428754776-3200477234-109872743-1000 -> hxxps://mail.google.com/mail/u/0/?pc=carousel-about-en#inbox
Edge Notifications: HKU\S-1-5-21-2428754776-3200477234-109872743-1000 -> hxxps://www.facebook.com
Edge Extension: (Video Downloader professional) -> EdgeExtension_Link64GmbHVideoDownloaderProfessionalforEdge_r8gm29f18mcyc => C:\Program Files\WindowsApps\Link64GmbH.VideoDownloaderProfessionalforEdge_1.0.12.0_neutral__r8gm29f18mcyc [2019-11-22]
Edge DefaultProfile: Default
Edge Profile: C:\Users\AJKimmel\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-05]
Edge HomePage: Default -> hxxps://mail.google.com/mail/u/0/?pc=carousel-about-en#inbox
Edge StartupUrls: Default -> "hxxps://news.google.com/?hl=en-US&gl=US&ceid=US:en"
Edge DefaultSearchURL: Default -> hxxps://www.google.fr/search?q={searchTerms}&ie={inputEncoding?}&oe={outputEncoding?}
Edge Extension: (All Video Downloader professional) - C:\Users\AJKimmel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mbpnbnogejaolbhfpfgagldkeahefbhd [2021-01-05]

FireFox:
========
FF DefaultProfile: 8beseft5.default
FF DefaultProfile: deiv6e28.default
FF ProfilePath: C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default [2021-02-06]
FF DownloadDir: C:\Downloads
FF Homepage: Mozilla\Firefox\Profiles\8beseft5.default -> hxxps://news.google.com/topstories?hl=en-US&gl=US&ceid=US:en
FF NetworkProxy: Mozilla\Firefox\Profiles\8beseft5.default -> ftp", "201.251.156.17"
FF HomepageOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: yayanotherspeeddial@bakadev.fr
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Enabled: newtaboverride@agenedia.com
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Enabled: {71ec5708-2489-11e8-8697-87e8af1da1d9}
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: custom-new-tab-page@mint.as
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: pavel.sherbakov@gmail.com
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: multilevelspeeddial@powercoder.org
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: yayanotherspeeddial@bakadev.fr
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: michal.simonfy@gmail.com
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: {241ffcc1-cc25-47e9-86e6-ab5e79147952}
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: admin@fastaddons.com_GroupSpeedDial
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: newtabtools@darktrojan.net
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Enabled: {6905b838-e843-4ee3-9df0-b4c79673b21c}
FF Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\@setupvpncom.xpi [2020-10-17]
FF Extension: (Group Speed Dial) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\admin@fastaddons.com_GroupSpeedDial.xpi [2020-12-28]
FF Extension: (Ant Video downloader) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\anttoolbar@ant.com.xpi [2021-02-02]
FF Extension: (Classic Theme Restorer) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2017-11-14] [Legacy]
FF Extension: (Custom New Tab Page) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\custom-new-tab-page@mint.as.xpi [2020-10-30]
FF Extension: (Xmarks Bookmark Sync) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\foxmarks@kei.com.xpi [2017-12-04]
FF Extension: (EverSync - Sync bookmarks, backup favorites) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\fvdmedia@gmail.com.xpi [2020-05-10]
FF Extension: (Bypass Paywalls) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\iamadamdev@hotmail.com.xpi [2018-11-12]
FF Extension: (google-weather) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\jid0-lQyK6JstbAGdiq1fp28Cl@jetpack.xpi [2018-12-30]
FF Extension: (Substital: Add Subtitles to Videos) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\jid1-Cn7LiNrWh4k6RA@jetpack.xpi [2020-10-28]
FF Extension: (New Tab Override) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\newtaboverride@agenedia.com.xpi [2019-12-31]
FF Extension: (New Tab Tools) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\newtabtools@darktrojan.net.xpi [2020-12-19]
FF Extension: (New Tab Page) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\pavel.sherbakov@gmail.com.xpi [2020-11-16]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\sp@avast.com.xpi [2020-07-03]
FF Extension: (Avast Online Security) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\wrc@avast.com.xpi [2020-06-17]
FF Extension: (Yay! Another Speed dial!) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\yayanotherspeeddial@bakadev.fr.xpi [2019-04-09]
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2018-04-13]
FF Extension: (SearchSubtitle) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{15690dc0-7102-4bec-94bd-ebf1f1ddea7b}.xpi [2018-12-26]
FF Extension: (404 Bookmarks) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{5f8d31ba-47fb-4b70-bf8d-d2113f6da22f}.xpi [2018-09-15]
FF Extension: (Save Video As) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{63f3b52d-7581-42cd-9e82-fb1b2cdb0043}.xpi [2017-11-16]
FF Extension: (Speed Dial) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2016-03-27] [Legacy]
FF Extension: (Classical Search Bar) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{6905b838-e843-4ee3-9df0-b4c79673b21c}.xpi [2020-11-07]
FF Extension: (Speed Dial Quantum) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{71ec5708-2489-11e8-8697-87e8af1da1d9}.xpi [2018-08-31]
FF Extension: (GetThemALL! 57+) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{78836ee1-63fc-4301-a7b0-75c48ac2166d}.xpi [2017-12-16]
FF Extension: (Googlebar Lite) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}.xpi [2017-04-22] [Legacy]
FF Extension: (Video DownloadHelper) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-12-16]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-01-29]
FF Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}.xpi [2017-09-22]
FF ProfilePath: C:\Users\AJKimmel\AppData\Roaming\Infogrid Pacific Pte. Ltd\AZARDI-2.0\Profiles\deiv6e28.default [2019-11-13]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-02-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-02-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc -> Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-2428754776-3200477234-109872743-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\AJKimmel\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2019-07-11] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
FF Plugin HKU\S-1-5-21-2428754776-3200477234-109872743-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\AJKimmel\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2019-07-11] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]

Chrome:
=======
CHR DefaultProfile: Default"},"rappor":{"cohort_seed":30,"last_daily_sample":"13142121292734674
CHR Profile: C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default [2021-02-02]
CHR Notifications: Default -> hxxps://mail.google.com
CHR HomePage: Default -> hxxp://news.google.com/?ar=1310991475
CHR StartupUrls: Default -> "hxxp://43marks.com/mortstiff","hxxps://mail.google.com/mail/#inbox","hxxp://avxhome.se/vidoe","hxxp://www.zone-telechargement.com/","hxxp://www.imdb.com/","hxxp://www.dailymail.co.uk/home/index.html","hxxp://lefooding.com/fr","hxxp://googlenews.com/"
CHR Extension: (Google Translate) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-02-09]
CHR Extension: (Google Translate Pad) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgpafgiahigeanbnnmdbnkdkllhjndl [2014-06-06]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-07-17]
CHR Extension: (Bookmarks Side Panel) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankkfflbgjokclfgfehiinnlijdlicdb [2014-06-08]
CHR Extension: (Google Drive) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-26]
CHR Extension: (YouTube) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-10]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-05-29]
CHR Extension: (Google Search) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-07-26]
CHR Extension: (Quick Find for Google Chrome™) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dejblhmebonldngnmeidliaifgiagcjj [2015-07-17]
CHR Extension: (Chroma) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gefgglgjdlddcpcapigheknbacbmmggp [2018-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-29]
CHR Extension: (Avast Online Security) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-05-29]
CHR Extension: (MLB.com Scoreboard) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ignfgamliophfaggapcolfgjiekgppld [2014-06-06]
CHR Extension: (Diigo Read Later) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jooajjfbnpnafgndfpeboaehpddfglaj [2015-07-17]
CHR Extension: (tab packager by tab.bz) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhheoejnijomhdjilifdbjeholikpnb [2016-07-26]
CHR Extension: (Numerics Calculator & Converter) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2014-06-06]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
CHR Extension: (French Dictionary) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnhkhjchchenblaemilhmkbdkkdkdchn [2015-07-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-01-06]
CHR Extension: (Print Friendly & PDF) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2020-05-29]
CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole [2015-03-31]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2014-06-06]
CHR Extension: (Evernote Web Clipper) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2020-05-29]
CHR Extension: (World Clocks 2) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjgoijhajhaahklokegbfnohialajpej [2015-03-31]
CHR Extension: (Gmail) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-01-06]
CHR Extension: (Chrome Media Router) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-05]
CHR Extension: (G App Launcher (Customizer for Google™)) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponjkmladgjfjgllmhnkhgbgocdigcjm [2020-05-29]
CHR HKU\S-1-5-21-2428754776-3200477234-109872743-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\AJKimmel\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-06-07]
CHR HKU\S-1-5-21-2428754776-3200477234-109872743-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44064 2021-02-03] (Dropbox, Inc -> Dropbox, Inc.)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1648840 2016-08-05] (Foxit Software Incorporated -> Foxit Software Inc.)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 LytroService; C:\Program Files\Lytro\lytroservice.exe [202336 2014-10-21] (Lytro, Inc. -> ) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-04] (Malwarebytes Inc -> Malwarebytes)
S3 Media Jukebox 14 Service; C:\Program Files (x86)\J River\Media Jukebox 14\JRService.exe [379400 2010-07-15] (J. River Inc. -> J. River, Inc.)
R2 Micro Star SCM; C:\Program Files (x86)\S-Bar\MSIService.exe [160768 2011-11-02] (Micro-Star International Co., Ltd.) [File not signed]
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [490496 2012-07-23] () [File not signed]
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia -> Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia -> Secunia)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Surfshark Service; C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe [436688 2020-06-15] (Surfshark Ltd. -> Surfshark)
R2 Surfshark Shadowsocks Service; C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe [436688 2020-06-15] (Surfshark Ltd. -> Surfshark)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bflwfx64.sys [66928 2012-07-23] (Qualcomm Atheros, Inc. -> Qualcomm Atheros, Inc.)
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [14456 2013-06-05] (GFI Software Development Ltd. -> GFI Software)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220600 2021-02-06] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-02-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-02-06] (Malwarebytes Inc -> Malwarebytes)
R1 pango_netfilter2; C:\WINDOWS\System32\drivers\pango_netfilter2.sys [84168 2020-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Pango Inc)
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia -> Secunia)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-10-16] (Corel Corporation -> Corel Corporation)
R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [54664 2021-02-02] (NCH Software Pty Ltd -> )
S3 SurfsharkSplitTunnelDriver; C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelCalloutDriver.sys [39648 2020-12-28] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [40664 2016-11-07] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapsurfshark; C:\WINDOWS\System32\drivers\tapsurfshark.sys [38728 2020-06-15] (WDKTestCert Lenovo,131775874531219913 -> The OpenVPN Project)
S3 visctap0901; C:\WINDOWS\System32\drivers\visctap0901.sys [39048 2015-08-26] (SparkLabs Pty Ltd -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 wintunshark; C:\WINDOWS\system32\DRIVERS\wintunshark.sys [31096 2020-09-17] (WDKTestCert nikod,132409123292239223 -> Surfshark Ltd)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-06 00:36 - 2021-02-06 00:36 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-02-06 00:35 - 2021-02-06 00:37 - 000374306 _____ C:\WINDOWS\ntbtlog.txt
2021-02-06 00:32 - 2021-02-06 00:32 - 000949012 _____ C:\WINDOWS\Minidump\020621-19421-01.dmp
2021-02-06 00:28 - 2021-02-06 00:28 - 000951284 _____ C:\WINDOWS\Minidump\020621-19437-01.dmp
2021-02-05 17:35 - 2021-02-05 17:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-02-05 02:27 - 2021-02-05 02:27 - 000165032 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2021-02-05 02:27 - 2021-02-05 02:27 - 000000000 ____D C:\Users\AJKimmel\AppData\Roaming\Sun
2021-02-05 02:27 - 2021-02-05 02:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-02-04 02:22 - 2021-02-06 00:37 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-02-04 02:22 - 2021-02-06 00:36 - 000220600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-02-04 02:22 - 2021-02-04 02:22 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-02-04 02:22 - 2021-02-04 02:22 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-02-04 02:22 - 2021-02-04 02:22 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-02-04 02:22 - 2021-02-04 02:22 - 000000000 ____D C:\Users\AJKimmel\AppData\Local\mbam
2021-02-03 12:50 - 2021-02-03 12:50 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-02-03 12:50 - 2021-02-03 12:50 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-02-03 12:50 - 2021-02-03 12:50 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-02-03 12:50 - 2021-02-03 12:50 - 000044064 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-02-03 01:45 - 2021-02-03 02:15 - 000000000 ____D C:\Users\AJKimmel\Documents\Studio One
2021-02-03 01:42 - 2021-02-03 01:43 - 000000000 ____D C:\ProgramData\PreSonus
2021-02-03 01:42 - 2021-02-03 01:42 - 000000000 ____D C:\Users\AJKimmel\AppData\Roaming\PreSonus
2021-02-03 01:38 - 2021-02-03 01:38 - 000001038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Studio One 5.lnk
2021-02-03 01:38 - 2021-02-03 01:38 - 000001026 _____ C:\Users\Public\Desktop\Studio One 5.lnk
2021-02-03 01:38 - 2021-02-03 01:38 - 000001026 _____ C:\ProgramData\Desktop\Studio One 5.lnk
2021-02-03 01:38 - 2021-02-03 01:38 - 000000000 ____D C:\ProgramData\Package Cache
2021-02-03 01:38 - 2021-02-03 01:38 - 000000000 ____D C:\Program Files\PreSonus
2021-02-03 01:38 - 2021-02-03 01:38 - 000000000 ____D C:\Program Files\Common Files\Propellerhead Software
2021-02-03 01:38 - 2020-11-30 14:20 - 000033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2021-02-02 16:24 - 2021-02-02 16:24 - 000001243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundTap Streaming Audio Recorder.lnk
2021-02-02 16:24 - 2021-02-02 16:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2021-02-02 14:25 - 2021-02-04 14:15 - 000000000 ____D C:\Users\AJKimmel\Desktop\PC Problem 2-21
2021-02-02 14:20 - 2021-02-02 14:20 - 000000000 ____D C:\ProgramData\MB2Migration
2021-02-02 14:20 - 2021-02-02 14:20 - 000000000 ____D C:\Program Files\Malwarebytes
2021-02-01 15:21 - 2021-02-01 15:21 - 000000000 ___HD C:\$SysReset
2021-02-01 15:18 - 2021-02-01 15:18 - 001003084 _____ C:\WINDOWS\Minidump\020121-47500-01.dmp
2021-02-01 14:07 - 2021-02-06 00:49 - 000000000 ____D C:\FRST
2021-01-31 23:42 - 2021-02-02 16:22 - 000000850 _____ C:\Users\AJKimmel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-01-31 23:39 - 2021-01-31 23:39 - 000999972 _____ C:\WINDOWS\Minidump\013121-13687-01.dmp
2021-01-31 00:43 - 2021-01-31 00:43 - 001980444 _____ C:\WINDOWS\Minidump\013121-45937-01.dmp
2021-01-29 14:12 - 2021-02-02 02:30 - 000000000 ____D C:\Users\AJKimmel\Desktop\Treavor Comp
2021-01-29 01:37 - 2021-01-29 01:37 - 000000847 _____ C:\Users\AJKimmel\AppData\Local\recently-used.xbel
2021-01-28 15:27 - 2021-02-06 00:33 - 000000000 ____D C:\WINDOWS\Minidump
2021-01-28 15:27 - 2021-01-28 15:27 - 001003108 _____ C:\WINDOWS\Minidump\012821-39843-01.dmp
2021-01-28 13:10 - 2021-01-28 13:10 - 000000000 ____D C:\Users\AJKimmel\AppData\Local\OneDrive
2021-01-28 13:09 - 2021-01-28 13:09 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-01-28 12:46 - 2021-01-28 03:58 - 000000000 ____D C:\Windows.old
2021-01-28 12:43 - 2021-01-28 12:43 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2021-01-28 12:42 - 2021-01-28 12:46 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-01-28 12:41 - 2021-01-28 12:42 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-01-28 12:41 - 2021-01-28 12:41 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-01-28 12:40 - 2021-01-28 12:40 - 000000000 ____D C:\ProgramData\ssh
2021-01-28 12:37 - 2021-01-28 12:37 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-01-28 12:37 - 2021-01-28 12:37 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-01-28 12:37 - 2021-01-28 12:37 - 001309504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-01-28 12:37 - 2021-01-28 12:37 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-28 12:37 - 2021-01-28 12:37 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-28 12:37 - 2021-01-28 12:37 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-28 12:37 - 2021-01-28 12:37 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-28 12:37 - 2021-01-28 12:37 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-28 12:37 - 2021-01-28 12:37 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-28 12:37 - 2021-01-28 12:37 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000111616 _____ C:\WINDOWS\system32\RDVGHelper.exe
2021-01-28 12:37 - 2021-01-28 12:37 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-28 12:37 - 2021-01-28 12:37 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-28 12:37 - 2021-01-28 12:37 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-28 12:37 - 2021-01-28 12:37 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-28 12:37 - 2021-01-28 12:37 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-28 12:36 - 2021-01-28 12:36 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-01-28 12:36 - 2021-01-28 12:36 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-01-28 12:36 - 2021-01-28 12:36 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-01-28 12:36 - 2021-01-28 12:36 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-28 12:36 - 2021-01-28 12:36 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000707544 _____ C:\WINDOWS\system32\TextShaping.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-28 12:36 - 2021-01-28 12:36 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-28 12:36 - 2021-01-28 12:36 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-28 12:36 - 2021-01-28 12:36 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-28 12:36 - 2021-01-28 12:36 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2021-01-28 12:36 - 2021-01-28 12:36 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-01-28 12:36 - 2021-01-28 12:36 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-01-28 12:36 - 2021-01-28 12:36 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-01-28 12:36 - 2021-01-28 12:36 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv
2021-01-28 12:36 - 2021-01-28 12:36 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-01-28 12:36 - 2021-01-28 12:36 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-01-28 12:36 - 2021-01-28 12:36 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-01-28 12:32 - 2021-01-28 12:32 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2021-01-28 12:32 - 2021-01-28 12:32 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2021-01-28 12:29 - 2021-01-28 12:46 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-01-28 12:29 - 2021-01-28 12:29 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2021-01-28 12:29 - 2021-01-28 12:29 - 000000000 ____D C:\WINDOWS\system32\msmq
2021-01-28 12:29 - 2021-01-28 12:29 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2021-01-28 12:29 - 2021-01-28 12:29 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-01-28 12:29 - 2021-01-28 12:29 - 000000000 ____D C:\Program Files\MSBuild
2021-01-28 12:29 - 2021-01-28 12:29 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-01-28 12:29 - 2021-01-28 12:29 - 000000000 ____D C:\inetpub
2021-01-28 03:58 - 2021-02-06 00:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-28 03:58 - 2021-02-02 16:24 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2021-01-28 03:58 - 2021-01-28 13:10 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2428754776-3200477234-109872743-1000
2021-01-28 03:58 - 2021-01-28 03:58 - 000015243 _____ C:\WINDOWS\diagwrn.xml
2021-01-28 03:58 - 2021-01-28 03:58 - 000015243 _____ C:\WINDOWS\diagerr.xml
2021-01-28 03:58 - 2021-01-28 03:58 - 000003510 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2021-01-28 03:58 - 2021-01-28 03:58 - 000003484 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA1d6620673698dca
2021-01-28 03:58 - 2021-01-28 03:58 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-28 03:58 - 2021-01-28 03:58 - 000003404 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-01-28 03:58 - 2021-01-28 03:58 - 000003386 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineUA
2021-01-28 03:58 - 2021-01-28 03:58 - 000003366 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{AFC88D8B-87A1-4B29-A1D2-AFF0402CDBE4}
2021-01-28 03:58 - 2021-01-28 03:58 - 000003286 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2021-01-28 03:58 - 2021-01-28 03:58 - 000003260 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore1d662067361c6f9
2021-01-28 03:58 - 2021-01-28 03:58 - 000003248 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-01-28 03:58 - 2021-01-28 03:58 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-28 03:58 - 2021-01-28 03:58 - 000003180 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-28 03:58 - 2021-01-28 03:58 - 000003162 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineCore
2021-01-28 03:58 - 2021-01-28 03:58 - 000003118 _____ C:\WINDOWS\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2021-01-28 03:58 - 2021-01-28 03:58 - 000002950 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2021-01-28 03:58 - 2021-01-28 03:58 - 000002636 _____ C:\WINDOWS\system32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2021-01-28 03:58 - 2021-01-28 03:58 - 000002570 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2021-01-28 03:58 - 2021-01-28 03:58 - 000002404 _____ C:\WINDOWS\system32\Tasks\{5A0C57BF-5F99-4D28-BB80-5DAB0C5986D3}
2021-01-28 03:58 - 2021-01-28 03:58 - 000002392 _____ C:\WINDOWS\system32\Tasks\Samsung_PSSD_Registration
2021-01-28 03:58 - 2021-01-28 03:58 - 000002296 _____ C:\WINDOWS\system32\Tasks\{693768F4-BAB4-4359-BBB1-7AC3F4B06600}
2021-01-28 03:58 - 2021-01-28 03:58 - 000000020 ___SH C:\Users\AJKimmel\ntuser.ini
2021-01-28 03:58 - 2021-01-28 03:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\WPD
2021-01-28 03:58 - 2021-01-28 03:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\OfficeSoftwareProtectionPlatform
2021-01-28

Edited by mortstiff, 06 February 2021 - 08:01 AM.

#22 nasdaq

Forum Deity

Global Moderator
49,408 posts

Posted 06 February 2021 - 09:25 AM

Hi,

Did you execute my all instructions in my post No 11?

Are you able to look in the Quarantined folder or your default Virus protection software?

What do you see?

Do you only have Windows Defender or an other one, now or previously?

#23 mortstiff

Advanced Member

Full Member
106 posts

Posted 06 February 2021 - 09:45 AM

Yes to your post 11 (I responded in my posts 16 and 19).

I managed to get to the quarantined folder, found the FSS file, but couldn't figure out how to take action on it to restore. I just tried it again, and for the first time (yes!!), I was given the option to restore it, and you'll find the log below.

Again, as I said before, I've used Avast in the past, completed the full uninstall, as per your instructions.

Farbar Service Scanner Version: 23-12-2020
Ran by AJKimmel (administrator) on 06-02-2021 at 16:43:38
Running from "C:\Downloads"
Microsoft Windows 10 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
WAN connected
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Windows Security:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Edited by mortstiff, 06 February 2021 - 09:47 AM.

#24 nasdaq

Forum Deity

Global Moderator
49,408 posts

Posted 07 February 2021 - 08:38 AM

Hi,

Good work.

Th FSS log is clean.

What problem persists?

#25 mortstiff

Advanced Member

Full Member
106 posts

Posted 07 February 2021 - 08:43 AM

Yesterday, no crashes, but I had a couple of short freezes. Today, about 5 mintues after booting up, a crash. Otherwise, acting normally. I once again ran the chkdsk for C drive. Do you think the HD is on its way out?

#26 nasdaq

Forum Deity

Global Moderator
49,408 posts

Posted 07 February 2021 - 02:16 PM

Hi,

Possibly.

Next time it happens make a note of the Error message ( the number 0xxxxxxxxx and let me know if it's still 0x0000007e or something else.

It may be a RAM issue.

This may help.

https://www.howtogee...m-for-problems/

This is not caused by Malware and not my Forte.

If you need advice of this RAM issue I suggest you start a new topic in the Windows 10 Forum at BleepingComputer.

https://www.bleeping...ows-10-support/

p.s.

Let me know what you find about the error message.

#27 mortstiff

Advanced Member

Full Member
106 posts

Posted 08 February 2021 - 07:33 AM

OK, once again, as yesterday, 10 mins. after booting up, the laptop crashed. No error message - where do I find it?

Just thought I'd mention, I checked the Windows notification after the last crash and had a couple messages about having to reconnect a drive - 'your file history drive was disconnected for too long. Reconnect it to keep saving copies of your files.' and 'the last backup did not succeed.' Might this have something to do with the crashes?

Also, last night I ran a bunch of diagnostics on the C drive and RAM - everything turned up clean.

Edited by mortstiff, 08 February 2021 - 07:47 AM.

#28 nasdaq

Forum Deity

Global Moderator
49,408 posts

Posted 08 February 2021 - 08:42 AM

Hi,

a couple messages about having to reconnect a drive - 'your file history drive was disconnected for too long.

Reconnect your File History drive.

https://support.micr...b2-9ed4b3db8bb7

Restart the computer normally after the fix.

====

Run the Farbar program and post fresh logs for my review.

#29 mortstiff

Advanced Member

Full Member
106 posts

Posted 08 February 2021 - 09:23 AM

I've attached the logs below, after reconnecting the backup drive.

Prior to your last post, I deleted the backup on that drive, tried to get another backup, but nothing happened. After that, Firefox froze up a couple times.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-02-2021
Ran by AJKimmel (administrator) on AJKIMMEL-PC ( GT70) (08-02-2021 16:15:50)
Running from F:\00SAVED\Malware software
Loaded Profiles: AJKimmel & UpdatusUser
Platform: Windows 10 Pro Version 20H2 19042.746 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\115.4.601\QtWebEngineProcess.exe <3>
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Foxit Software Incorporated -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(FSL - Freesoftland) [File not signed] C:\Program Files (x86)\FSL\IconRestorer\IconRestorer.exe
(Google Inc (TEST) -> Epic Privacy Browser) [File not signed] C:\Users\AJKimmel\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel® Upgrade Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lytro, Inc. -> ) [File not signed] C:\Program Files\Lytro\LytroService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Micro-Star International CO., LTD. -> ) [File not signed] C:\Program Files (x86)\SCM\SCM.exe
(Micro-Star International Co., Ltd.) [File not signed] C:\Program Files (x86)\S-Bar\MSIService.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <12>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics) C:\ProgramData\Samsung Apps\Portable SSD\SamsungPortableSSDMon.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe <2>
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.exe
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.Service.exe
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.ShadowsocksService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11577216 2012-08-27] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [301848 2017-06-08] (Micro-Star International CO., LTD. -> ) [File not signed]
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3347688 2016-04-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [337720 2020-11-12] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7992336 2021-02-03] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2428754776-3200477234-109872743-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company) [File not signed]
HKU\S-1-5-21-2428754776-3200477234-109872743-1000\...\Run: [Epic Privacy Browser Installer] => C:\Users\AJKimmel\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2019-07-11] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
HKU\S-1-5-21-2428754776-3200477234-109872743-1000\...\Run: [Surfshark] => C:\Program Files (x86)\Surfshark\Surfshark.exe [4358608 2021-01-25] (Surfshark Ltd. -> Surfshark)
HKU\S-1-5-21-2428754776-3200477234-109872743-1001\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1371648 2012-05-19] (Microsoft Corporation) [File not signed] [File is in use]
HKU\S-1-5-21-2428754776-3200477234-109872743-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company) [File not signed]
HKU\S-1-5-21-2428754776-3200477234-109872743-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google Inc -> Google)
HKU\S-1-5-21-2428754776-3200477234-109872743-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\CutePDF Writer Monitor: C:\WINDOWS\system32\cpwmon64.dll [85504 2007-07-12] (Acro Software Inc. -> )
HKLM\...\Print\Monitors\HP C611 Status Monitor: C:\WINDOWS\system32\hpinkstsC611LM.dll [333344 2013-05-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\PrintingScout Language Monitor for Xerox Phaser 6130: C:\WINDOWS\system32\XRZWSLAI.DLL [184320 2007-09-25] (Microsoft Windows Hardware Compatibility Publisher -> Xerox Co., Ltd.)
HKLM\...\Print\Monitors\PrintingScout Language Monitor for Xerox Phaser 6500 PCL 6: C:\WINDOWS\system32\XRXMPZIL.DLL [187904 2010-07-20] (Microsoft Windows Hardware Compatibility Publisher -> Xerox Co., Ltd.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\Users\AJKimmel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconRestorer.lnk [2016-08-20]
ShortcutTarget: IconRestorer.lnk -> C:\Program Files (x86)\FSL\IconRestorer\IconRestorer.exe (FSL - Freesoftland) [File not signed]
Startup: C:\Users\AJKimmel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar742.lnk [2021-02-08]
ShortcutTarget: Sidebar742.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) [File not signed] [File is in use]
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {006692F7-1EBD-4B4E-81A6-7D9E38003ADA} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {072546F2-EA60-4B3A-86D1-244BE05C83E8} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {1008D95F-0EBD-494C-A8B0-7A44FC806D1B} - System32\Tasks\NCH Software\SoundTapSevenDays => C:\Program Files (x86)\NCH Software\SoundTap\SoundTap.exe [1082944 2019-03-01] (NCH Software Pty Ltd -> NCH Software)
Task: {16E3FF48-23B3-47AE-9D96-8358D62F98DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {1F22C044-B0B2-4706-91B3-CB9BF09C3B4B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1F566A43-E88F-4518-903D-656F2319817C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {22CB8F1D-549F-4174-A5D8-20D1DD07226C} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [677344 2021-01-27] (Mozilla Corporation -> Mozilla Foundation)
Task: {22DC6A1B-856D-4805-9666-08845666ED43} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
Task: {2322812F-A58A-403E-99FA-209E0AAC1D5F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {24A9D787-42F7-4C61-81BB-F30DDEB2B892} - System32\Tasks\DropboxUpdateTaskMachineCore1d662067361c6f9 => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
Task: {327D4326-2CE2-40FD-99BC-E058164784AE} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {32873F5A-8C83-4E51-81FD-83BF010EAD11} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3EDA70EF-AC5F-431F-831A-334A46338004} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4663FA9C-9D74-44B9-87BB-C9A01C47C3F1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {4B43AE99-459C-4657-BDBF-DBFB528B12FA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
Task: {4EE0DA4A-4F40-4601-B7B0-30D45E9347DF} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4FDC05A7-7F79-4FF0-9265-1A8B6409B643} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {510382C8-0AD1-42AE-81D9-9E6E66939A8D} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {53BA3101-C7D7-490B-B0F7-452AE5EBAE30} - System32\Tasks\{693768F4-BAB4-4359-BBB1-7AC3F4B06600} => C:\Windows\system32\pcalua.exe -a C:\Downloads\jxpiinstall(4).exe -d C:\Downloads
Task: {554C5264-3221-4730-A606-16CCDBDE8F4A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {61B58E44-D5B5-4B94-9BF7-71173DA98C61} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {62C7936F-3C2A-4296-9799-7553E7BCA0D0} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {6BC61AF0-052E-44F4-8471-7199FDA0F98F} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {70D633E5-C2AA-40BF-96F7-31AF35551E2C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7118A037-106A-462B-9B10-474C95907EC6} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {789572C6-BF32-4CB3-98D4-B701EFB38594} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Downloads\esetonlinescanner_enu.exe
Task: {7D70F6F1-5650-4303-AE2C-C8C460B087E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {7DA1C9F9-EB4B-4A69-BB15-34496FB7828F} - System32\Tasks\Samsung_PSSD_Registration => C:\ProgramData\Samsung Apps\Portable SSD\SamsungPortableSSDMon.exe [499184 2018-10-16] (Samsung Electronics Co., Ltd. -> Samsung Electronics)
Task: {84C26733-E6FB-41A7-8321-217CABD532F8} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8D380145-C032-4EE7-9B4F-4AB509B5547F} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {90697E13-65D9-4DA3-B094-EBDBB7793690} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {98650361-2BAC-432A-8845-EDD002981544} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {98BF00C5-8F38-4F89-BFBD-1C486447E3D9} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9C1AC2E2-108A-4748-A074-091C6BBE8A96} - System32\Tasks\EOSv3 Scheduler onTime => C:\Downloads\esetonlinescanner_enu.exe
Task: {9FB7D739-1521-49F1-996D-67597DB0F7B1} - System32\Tasks\{5A0C57BF-5F99-4D28-BB80-5DAB0C5986D3} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\J River\Media Jukebox 12\PackageInstaller.exe" -d C:\ -c /RegFileAssociations
Task: {A1405976-24B8-4DB6-8A0E-3FB7EC359DE5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B31F665E-AE39-410A-802B-DE3AEF234815} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe
Task: {C24A3183-CA7B-4601-8FF5-1B0AA2922144} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C5200547-A3F3-4207-8123-75DE2D128F7B} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
Task: {D392E1D4-8957-43AF-A976-B27828568A58} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {D6B93678-C384-4733-BA74-C92DA6312AE2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DD18E705-E4E9-4306-8CFE-63DC7FAD9936} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
Task: {E0F90818-9585-4864-A351-C5717B7C28BA} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {E7B51FCC-DB0B-441B-ADF6-471F6AA4CFE5} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E9F6959B-3ADE-4965-9E21-204800EC7DD0} - System32\Tasks\DropboxUpdateTaskMachineUA1d6620673698dca => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
Task: {EBEA78E3-0EA9-40DA-9A82-D72DB0983630} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {EDFDCE01-DF2B-4BA4-AC8F-AB16BA2F9F5F} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {F58129DF-28A0-4AB6-9279-AF52893DC9B7} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F6986AF9-364A-4291-A599-B1ED11B871A5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {F72C5B88-536C-4429-BD1A-A9972BC8C0AE} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {F8450148-0061-4C48-9DFC-D9EB8922489C} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F917E976-76D0-4C32-A366-EFB64E0AEBC7} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore1d662067361c6f9.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA1d6620673698dca.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3c53f296-155f-47a1-9971-4c9fc62a5acf}: [DhcpNameServer] 162.252.172.57 149.154.159.92
Tcpip\..\Interfaces\{3CF873F9-61A7-4829-AA67-B5EC05E97464}: [NameServer] 162.252.172.57 149.154.159.92
Tcpip\..\Interfaces\{65fd769d-e176-48f6-b606-a01d4d3ef33a}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{65fd769d-e176-48f6-b606-a01d4d3ef33a}: [DhcpNameServer] 192.168.1.1

Edge:
=======
DownloadDir: C:\Users\AJKimmel\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-2428754776-3200477234-109872743-1000 -> hxxps://mail.google.com/mail/u/0/?pc=carousel-about-en#inbox
Edge Notifications: HKU\S-1-5-21-2428754776-3200477234-109872743-1000 -> hxxps://www.facebook.com
Edge Extension: (Video Downloader professional) -> EdgeExtension_Link64GmbHVideoDownloaderProfessionalforEdge_r8gm29f18mcyc => C:\Program Files\WindowsApps\Link64GmbH.VideoDownloaderProfessionalforEdge_1.0.12.0_neutral__r8gm29f18mcyc [2019-11-22]
Edge DefaultProfile: Default
Edge Profile: C:\Users\AJKimmel\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-08]
Edge HomePage: Default -> hxxps://mail.google.com/mail/u/0/?pc=carousel-about-en#inbox
Edge StartupUrls: Default -> "hxxps://news.google.com/?hl=en-US&gl=US&ceid=US:en"
Edge DefaultSearchURL: Default -> hxxps://www.google.fr/search?q={searchTerms}&ie={inputEncoding?}&oe={outputEncoding?}
Edge Extension: (All Video Downloader professional) - C:\Users\AJKimmel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mbpnbnogejaolbhfpfgagldkeahefbhd [2021-01-05]

FireFox:
========
FF DefaultProfile: 8beseft5.default
FF DefaultProfile: deiv6e28.default
FF ProfilePath: C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default [2021-02-08]
FF DownloadDir: C:\Downloads
FF Homepage: Mozilla\Firefox\Profiles\8beseft5.default -> hxxps://news.google.com/topstories?hl=en-US&gl=US&ceid=US:en
FF NetworkProxy: Mozilla\Firefox\Profiles\8beseft5.default -> ftp", "201.251.156.17"
FF HomepageOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: yayanotherspeeddial@bakadev.fr
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Enabled: newtaboverride@agenedia.com
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Enabled: {71ec5708-2489-11e8-8697-87e8af1da1d9}
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: custom-new-tab-page@mint.as
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: pavel.sherbakov@gmail.com
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: multilevelspeeddial@powercoder.org
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: yayanotherspeeddial@bakadev.fr
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: michal.simonfy@gmail.com
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: {241ffcc1-cc25-47e9-86e6-ab5e79147952}
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: admin@fastaddons.com_GroupSpeedDial
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: newtabtools@darktrojan.net
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Enabled: {6905b838-e843-4ee3-9df0-b4c79673b21c}
FF Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\@setupvpncom.xpi [2020-10-17]
FF Extension: (Group Speed Dial) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\admin@fastaddons.com_GroupSpeedDial.xpi [2020-12-28]
FF Extension: (Ant Video downloader) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\anttoolbar@ant.com.xpi [2021-02-02]
FF Extension: (Classic Theme Restorer) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2017-11-14] [Legacy]
FF Extension: (Custom New Tab Page) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\custom-new-tab-page@mint.as.xpi [2020-10-30]
FF Extension: (Xmarks Bookmark Sync) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\foxmarks@kei.com.xpi [2017-12-04]
FF Extension: (EverSync - Sync bookmarks, backup favorites) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\fvdmedia@gmail.com.xpi [2020-05-10]
FF Extension: (Bypass Paywalls) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\iamadamdev@hotmail.com.xpi [2018-11-12]
FF Extension: (google-weather) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\jid0-lQyK6JstbAGdiq1fp28Cl@jetpack.xpi [2018-12-30]
FF Extension: (Substital: Add Subtitles to Videos) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\jid1-Cn7LiNrWh4k6RA@jetpack.xpi [2020-10-28]
FF Extension: (New Tab Override) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\newtaboverride@agenedia.com.xpi [2019-12-31]
FF Extension: (New Tab Tools) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\newtabtools@darktrojan.net.xpi [2020-12-19]
FF Extension: (New Tab Page) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\pavel.sherbakov@gmail.com.xpi [2020-11-16]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\sp@avast.com.xpi [2020-07-03]
FF Extension: (Avast Online Security) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\wrc@avast.com.xpi [2020-06-17]
FF Extension: (Yay! Another Speed dial!) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\yayanotherspeeddial@bakadev.fr.xpi [2019-04-09]
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2018-04-13]
FF Extension: (SearchSubtitle) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{15690dc0-7102-4bec-94bd-ebf1f1ddea7b}.xpi [2018-12-26]
FF Extension: (404 Bookmarks) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{5f8d31ba-47fb-4b70-bf8d-d2113f6da22f}.xpi [2018-09-15]
FF Extension: (Save Video As) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{63f3b52d-7581-42cd-9e82-fb1b2cdb0043}.xpi [2017-11-16]
FF Extension: (Speed Dial) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2016-03-27] [Legacy]
FF Extension: (Classical Search Bar) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{6905b838-e843-4ee3-9df0-b4c79673b21c}.xpi [2020-11-07]
FF Extension: (Speed Dial Quantum) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{71ec5708-2489-11e8-8697-87e8af1da1d9}.xpi [2018-08-31]
FF Extension: (GetThemALL! 57+) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{78836ee1-63fc-4301-a7b0-75c48ac2166d}.xpi [2017-12-16]
FF Extension: (Googlebar Lite) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}.xpi [2017-04-22] [Legacy]
FF Extension: (Video DownloadHelper) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-12-16]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-01-29]
FF Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}.xpi [2017-09-22]
FF ProfilePath: C:\Users\AJKimmel\AppData\Roaming\Infogrid Pacific Pte. Ltd\AZARDI-2.0\Profiles\deiv6e28.default [2019-11-13]
FF Plugin: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-02-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-02-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-02-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-02-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc -> Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-2428754776-3200477234-109872743-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\AJKimmel\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2019-07-11] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
FF Plugin HKU\S-1-5-21-2428754776-3200477234-109872743-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\AJKimmel\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2019-07-11] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]

Chrome:
=======
CHR DefaultProfile: Default"},"rappor":{"cohort_seed":30,"last_daily_sample":"13142121292734674
CHR Profile: C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default [2021-02-02]
CHR Notifications: Default -> hxxps://mail.google.com
CHR HomePage: Default -> hxxp://news.google.com/?ar=1310991475
CHR StartupUrls: Default -> "hxxp://43marks.com/mortstiff","hxxps://mail.google.com/mail/#inbox","hxxp://avxhome.se/vidoe","hxxp://www.zone-telechargement.com/","hxxp://www.imdb.com/","hxxp://www.dailymail.co.uk/home/index.html","hxxp://lefooding.com/fr","hxxp://googlenews.com/"
CHR Extension: (Google Translate) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-02-09]
CHR Extension: (Google Translate Pad) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgpafgiahigeanbnnmdbnkdkllhjndl [2014-06-06]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-07-17]
CHR Extension: (Bookmarks Side Panel) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankkfflbgjokclfgfehiinnlijdlicdb [2014-06-08]
CHR Extension: (Google Drive) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-26]
CHR Extension: (YouTube) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-10]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-05-29]
CHR Extension: (Google Search) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-07-26]
CHR Extension: (Quick Find for Google Chrome™) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dejblhmebonldngnmeidliaifgiagcjj [2015-07-17]
CHR Extension: (Chroma) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gefgglgjdlddcpcapigheknbacbmmggp [2018-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-29]
CHR Extension: (Avast Online Security) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-05-29]
CHR Extension: (MLB.com Scoreboard) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ignfgamliophfaggapcolfgjiekgppld [2014-06-06]
CHR Extension: (Diigo Read Later) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jooajjfbnpnafgndfpeboaehpddfglaj [2015-07-17]
CHR Extension: (tab packager by tab.bz) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhheoejnijomhdjilifdbjeholikpnb [2016-07-26]
CHR Extension: (Numerics Calculator & Converter) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2014-06-06]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
CHR Extension: (French Dictionary) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnhkhjchchenblaemilhmkbdkkdkdchn [2015-07-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-01-06]
CHR Extension: (Print Friendly & PDF) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2020-05-29]
CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole [2015-03-31]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2014-06-06]
CHR Extension: (Evernote Web Clipper) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2020-05-29]
CHR Extension: (World Clocks 2) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjgoijhajhaahklokegbfnohialajpej [2015-03-31]
CHR Extension: (Gmail) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-01-06]
CHR Extension: (Chrome Media Router) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-05]
CHR Extension: (G App Launcher (Customizer for Google™)) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponjkmladgjfjgllmhnkhgbgocdigcjm [2020-05-29]
CHR HKU\S-1-5-21-2428754776-3200477234-109872743-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\AJKimmel\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-06-07]
CHR HKU\S-1-5-21-2428754776-3200477234-109872743-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44064 2021-02-03] (Dropbox, Inc -> Dropbox, Inc.)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1648840 2016-08-05] (Foxit Software Incorporated -> Foxit Software Inc.)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 LytroService; C:\Program Files\Lytro\lytroservice.exe [202336 2014-10-21] (Lytro, Inc. -> ) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-04] (Malwarebytes Inc -> Malwarebytes)
S3 Media Jukebox 14 Service; C:\Program Files (x86)\J River\Media Jukebox 14\JRService.exe [379400 2010-07-15] (J. River Inc. -> J. River, Inc.)
R2 Micro Star SCM; C:\Program Files (x86)\S-Bar\MSIService.exe [160768 2011-11-02] (Micro-Star International Co., Ltd.) [File not signed]
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [490496 2012-07-23] () [File not signed]
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia -> Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia -> Secunia)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Surfshark Service; C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe [436688 2020-06-15] (Surfshark Ltd. -> Surfshark)
R2 Surfshark Shadowsocks Service; C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe [436688 2020-06-15] (Surfshark Ltd. -> Surfshark)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bflwfx64.sys [66928 2012-07-23] (Qualcomm Atheros, Inc. -> Qualcomm Atheros, Inc.)
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [14456 2013-06-05] (GFI Software Development Ltd. -> GFI Software)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220600 2021-02-07] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-02-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-02-06] (Malwarebytes Inc -> Malwarebytes)
R3 MpKsl219267e5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A07CD40B-0320-4D61-BB8D-F3DE4C40B297}\MpKslDrv.sys [47344 2021-02-08] (Microsoft Windows -> Microsoft Corporation)
R1 pango_netfilter2; C:\WINDOWS\System32\drivers\pango_netfilter2.sys [84168 2020-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Pango Inc)
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia -> Secunia)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-10-16] (Corel Corporation -> Corel Corporation)
R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [54664 2021-02-02] (NCH Software Pty Ltd -> )
S3 SurfsharkSplitTunnelDriver; C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelCalloutDriver.sys [39648 2020-12-28] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [40664 2016-11-07] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapsurfshark; C:\WINDOWS\System32\drivers\tapsurfshark.sys [38728 2020-06-15] (WDKTestCert Lenovo,131775874531219913 -> The OpenVPN Project)
S3 visctap0901; C:\WINDOWS\System32\drivers\visctap0901.sys [39048 2015-08-26] (SparkLabs Pty Ltd -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 wintunshark; C:\WINDOWS\system32\DRIVERS\wintunshark.sys [31096 2020-09-17] (WDKTestCert nikod,132409123292239223 -> Surfshark Ltd)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-08 00:43 - 2021-02-08 00:44 - 000000000 ____D C:\Program Files\Defraggler
2021-02-07 04:30 - 2021-02-07 04:31 - 012317228 _____ C:\Users\AJKimmel\Desktop\b059P5_4544.wav
2021-02-07 03:23 - 2021-02-07 03:23 - 000220600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-02-06 03:51 - 2021-02-07 15:40 - 000000000 ____D C:\Users\AJKimmel\Desktop\Loren Conors
2021-02-06 01:15 - 2021-02-06 01:15 - 000192168 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2021-02-06 01:14 - 2021-02-06 01:14 - 000000000 ____D C:\Program Files\Java
2021-02-06 00:55 - 2021-02-06 01:09 - 000000000 ____D C:\Users\AJKimmel\AppData\LocalLow\IGDump
2021-02-06 00:36 - 2021-02-06 00:36 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-02-06 00:35 - 2021-02-06 00:37 - 000374306 _____ C:\WINDOWS\ntbtlog.txt
2021-02-06 00:32 - 2021-02-06 00:32 - 000949012 _____ C:\WINDOWS\Minidump\020621-19421-01.dmp
2021-02-06 00:28 - 2021-02-06 00:28 - 000951284 _____ C:\WINDOWS\Minidump\020621-19437-01.dmp
2021-02-05 02:27 - 2021-02-05 02:27 - 000165032 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2021-02-05 02:27 - 2021-02-05 02:27 - 000000000 ____D C:\Users\AJKimmel\AppData\Roaming\Sun
2021-02-04 02:22 - 2021-02-06 00:37 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-02-04 02:22 - 2021-02-04 02:22 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-02-04 02:22 - 2021-02-04 02:22 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-02-04 02:22 - 2021-02-04 02:22 - 000000000 ____D C:\Users\AJKimmel\AppData\Local\mbam
2021-02-03 12:50 - 2021-02-03 12:50 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-02-03 12:50 - 2021-02-03 12:50 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-02-03 12:50 - 2021-02-03 12:50 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-02-03 12:50 - 2021-02-03 12:50 - 000044064 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-02-03 01:45 - 2021-02-03 02:15 - 000000000 ____D C:\Users\AJKimmel\Documents\Studio One
2021-02-03 01:42 - 2021-02-03 01:42 - 000000000 ____D C:\Users\AJKimmel\AppData\Roaming\PreSonus
2021-02-03 01:38 - 2021-02-03 01:38 - 000000000 ____D C:\Program Files\PreSonus
2021-02-03 01:38 - 2021-02-03 01:38 - 000000000 ____D C:\Program Files\Common Files\Propellerhead Software
2021-02-03 01:38 - 2020-11-30 14:20 - 000033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2021-02-02 14:25 - 2021-02-04 14:15 - 000000000 ____D C:\Users\AJKimmel\Desktop\PC Problem 2-21
2021-02-02 14:20 - 2021-02-02 14:20 - 000000000 ____D C:\Program Files\Malwarebytes
2021-02-01 15:21 - 2021-02-01 15:21 - 000000000 ___HD C:\$SysReset
2021-02-01 15:18 - 2021-02-01 15:18 - 001003084 _____ C:\WINDOWS\Minidump\020121-47500-01.dmp
2021-02-01 14:07 - 2021-02-08 16:17 - 000000000 ____D C:\FRST
2021-01-31 23:42 - 2021-02-02 16:22 - 000000850 _____ C:\Users\AJKimmel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-01-31 23:39 - 2021-01-31 23:39 - 000999972 _____ C:\WINDOWS\Minidump\013121-13687-01.dmp
2021-01-31 00:43 - 2021-01-31 00:43 - 001980444 _____ C:\WINDOWS\Minidump\013121-45937-01.dmp
2021-01-29 14:12 - 2021-02-02 02:30 - 000000000 ____D C:\Users\AJKimmel\Desktop\Treavor Comp
2021-01-29 01:37 - 2021-01-29 01:37 - 000000847 _____ C:\Users\AJKimmel\AppData\Local\recently-used.xbel
2021-01-28 15:27 - 2021-02-06 00:33 - 000000000 ____D C:\WINDOWS\Minidump
2021-01-28 15:27 - 2021-01-28 15:27 - 001003108 _____ C:\WINDOWS\Minidump\012821-39843-01.dmp
2021-01-28 13:10 - 2021-01-28 13:10 - 000000000 ____D C:\Users\AJKimmel\AppData\Local\OneDrive
2021-01-28 12:46 - 2021-01-28 03:58 - 000000000 ____D C:\Windows.old
2021-01-28 12:43 - 2021-01-28 12:43 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2021-01-28 12:42 - 2021-01-28 12:46 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-01-28 12:41 - 2021-01-28 12:42 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-01-28 12:41 - 2021-01-28 12:41 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-01-28 12:37 - 2021-01-28 12:37 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-01-28 12:37 - 2021-01-28 12:37 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-01-28 12:37 - 2021-01-28 12:37 - 001309504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-01-28 12:37 - 2021-01-28 12:37 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-28 12:37 - 2021-01-28 12:37 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-28 12:37 - 2021-01-28 12:37 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-28 12:37 - 2021-01-28 12:37 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-28 12:37 - 2021-01-28 12:37 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-28 12:37 - 2021-01-28 12:37 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-28 12:37 - 2021-01-28 12:37 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000111616 _____ C:\WINDOWS\system32\RDVGHelper.exe
2021-01-28 12:37 - 2021-01-28 12:37 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-28 12:37 - 2021-01-28 12:37 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-28 12:37 - 2021-01-28 12:37 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-28 12:37 - 2021-01-28 12:37 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-28 12:37 - 2021-01-28 12:37 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-28 12:36 - 2021-01-28 12:36 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-01-28 12:36 - 2021-01-28 12:36 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-01-28 12:36 - 2021-01-28 12:36 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-01-28 12:36 - 2021-01-28 12:36 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-28 12:36 - 2021-01-28 12:36 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000707544 _____ C:\WINDOWS\system32\TextShaping.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-28 12:36 - 2021-01-28 12:36 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-28 12:36 - 2021-01-28 12:36 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-28 12:36 - 2021-01-28 12:36 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-28 12:36 - 2021-01-28 12:36 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2021-01-28 12:36 - 2021-01-28 12:36 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-01-28 12:36 - 2021-01-28 12:36 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-01-28 12:36 - 2021-01-28 12:36 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-01-28 12:36 - 2021-01-28 12:36 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv
2021-01-28 12:36 - 2021-01-28 12:36 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-01-28 12:36 - 2021-01-28 12:36 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-01-28 12:36 - 2021-01-28 12:36 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-01-28 12:32 - 2021-01-28 12:32 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2021-01-28 12:32 - 2021-01-28 12:32 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2021-01-28 12:29 - 2021-01-28 12:46 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-01-28 12:29 - 2021-01-28 12:29 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2021-01-28 12:29 - 2021-01-28 12:29 - 000000000 ____D C:\WINDOWS\system32\msmq
2021-01-28 12:29 - 2021-01-28 12:29 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2021-01-28 12:29 - 2021-01-28 12:29 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-01-28 12:29 - 2021-01-28 12:29 - 000000000 ____D C:\Program Files\MSBuild
2021-01-28 12:29 - 2021-01-28 12:29 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-01-28 12:29 - 2021-01-28 12:29 - 000000000 ____D C:\inetpub
2021-01-28 03:58 - 2021-02-08 14:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-28 03:58 - 2021-02-08 14:01 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2428754776-3200477234-109872743-1000
2021-01-28 03:58 - 2021-02-02 16:24 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2021-01-28 03:58 - 2021-01-28 03:58 - 000015243 _____ C:\WINDOWS\diagwrn.xml
2021-01-28 03:58 - 2021-01-28 03:58 - 000015243 _____ C:\WINDOWS\diagerr.xml
2021-01-28 03:58 - 2021-01-28 03:58 - 000003510 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2021-01-28 03:58 - 2021-01-28 03:58 - 000003484 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA1d6620673698dca
2021-01-28 03:58 - 2021-01-28 03:58 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-28 03:58 - 2021-01-28 03:58 - 000003404 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-01-28 03:58 - 2021-01-28 03:58 - 000003386 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineUA
2021-01-28 03:58 - 2021-01-28 03:58 - 000003366 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{AFC88D8B-87A1-4B29-A1D2-AFF0402CDBE4}
2021-01-28 03:58 - 2021-01-28 03:58 - 000003286 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2021-01-28 03:58 - 2021-01-28 03:58 - 000003260 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore1d662067361c6f9
2021-01-28 03:58 - 2021-01-28 03:58 - 000003248 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-01-28 03:58 - 2021-01-28 03:58 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-28 03:58 - 2021-01-28 03:58 - 000003180 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-28 03:58 - 2021-01-28 03:58 - 000003162 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineCore
2021-01-28 03:58 - 2021-01-28 03:58 - 000003118 _____ C:\WINDOWS\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2021-01-28 03:58 - 2021-01-28 03:58 - 000002950 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2021-01-28 03:58 - 2021-01-28 03:58 - 000002636 _____ C:\WINDOWS\system32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2021-01-28 03:58 - 2021-01-28 03:58 - 000002570 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2021-01-28 03:58 - 2021-01-28 03:58 - 000002404 _____ C:\WINDOWS\system32\Tasks\{5A0C57BF-5F99-4D28-BB80-5DAB0C5986D3}
2021-01-28 03:58 - 2021-01-28 03:58 - 000002392 _____ C:\WINDOWS\system32\Tasks\Samsung_PSSD_Registration
2021-01-28 03:58 - 2021-01-28 03:58 - 000002296 _____ C:\WINDOWS\system32\Tasks\{693768F4-BAB4-4359-BBB1-7AC3F4B06600}
2021-01-28 03:58 - 2021-01-28 03:58 - 000000020 ___SH C:\Users\AJKimmel\ntuser.ini
2021-01-28 03:58 - 2021-01-28 03:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\WPD
2021-01-28 03:58 - 2021-01-28 03:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\OfficeSoftwareProtectionPlatform
2021-01-28 03:58 - 2021-01-28 03:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-01-28 03:58 - 2021-01-28 03:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\Leader Technologies
2021-01-28 03:58 - 2021-01-28 03:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2021-01-28 03:57 - 2021-02-08 14:24 - 000837568 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-28 03:52 - 2021-01-28 03:52 - 000000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2021-01-28 03:49 - 2021-02-08 14:16 - 000000000 ____D C:\Users\UpdatusUser
2021-01-28 03:49 - 2021-02-08 14:16 - 000000000 ____D C:\Users\AJKimmel
2021-01-28 03:49 - 2021-02-08 14:01 - 000002413 _____ C:\Users\AJKimmel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

#30 nasdaq

Forum Deity

Global Moderator
49,408 posts

Posted 08 February 2021 - 02:39 PM

Hi,

Disable all your Firefox Extensions.

Restart the computer normally.

Does Firefox froze up on you?

#31 mortstiff

Advanced Member

Full Member
106 posts

Posted 08 February 2021 - 03:57 PM

Alright, I'll do that, but will wait to get back to you until tomorrow, after I've given it a chance to screw up again. In the meantime, I'm unable to get a backup to replace the one I deleted.

#32 nasdaq

Forum Deity

Global Moderator
49,408 posts

Posted 09 February 2021 - 09:19 AM

Hi,

Not sure about that but you should create a new backup to a different folder.

#33 mortstiff

Advanced Member

Full Member
106 posts

Posted 09 February 2021 - 09:44 AM

I've really been pushing the laptop hard today, running a lot of programs, etc. and so far everything is fine - no crashes, no Firefox freezes. Maybe it's time to start enabling Firefox extensions one by one?

Still having trouble with backups to an external drive. I keep getting the message that the backup failed because of a virus or unwanted software. At first, the file Win32/Wacapew.C!ml popped up, but I quarantined that, did a scan and was free of anything on Windows, ran the backup again, same message.

#34 nasdaq

Forum Deity

Global Moderator
49,408 posts

Posted 09 February 2021 - 10:32 AM

Hi,

To save time you can enable 1/2 of the Extension.

Restart the computer and if all is well then one or more of the other extensions are the culprit.

If you find which one(s) I would appreciate being infom of which is or are the culprits.

---

This Win32/Wacapew.C!ml is reported as quaranted by Windows Defender in your Addition.txt log.

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

https://go.microsoft...44&enterprise=0

Name: Program:Win32/Wacapew.C!ml

ID: 265744

Severity: Low

Category: Potentially Unwanted Software

Path: file:_C:\Program Files (x86)\YouTube.Downloader.4.0.5\keygen\Keygen.exe I do not see this file in your logs. Do you need it?

Detection Origin: Local machine

Detection Type: FastPath

Detection Source: Real-Time Protection

Process Name: C:\Users\AJKimmel\Downloads\esetonlinescanner (1).exe - Strar up entries in your logs.

Security intelligence Version: AV: 1.329.3261.0, AS: 1.329.3261.0, NIS: 1.329.3261.0

Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4

Windows Defender...

How to Delete/Restore quarantined files.

https://docs.microso...ender-antivirus

Follow the directives on the page to delete all the files in the quarantine folder.

<<<>>>

At after a restart and knowing that all the enable extensions are good if the problem persists exedute this.

Remove this program in bold using the Control Panel > Programs > Programs and Features...

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )

Then,

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.

Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.

start
 
CreateRestorePoint:
CloseProcesses:
 
Task: {789572C6-BF32-4CB3-98D4-B701EFB38594} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Downloads\esetonlinescanner_enu.exe
Task: {9C1AC2E2-108A-4748-A074-091C6BBE8A96} - System32\Tasks\EOSv3 Scheduler onTime => C:\Downloads\esetonlinescanner_enu.exe
 
C:\Downloads\esetonlinescanner_enu.exe
 
Restart:
 
End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.

The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Let me know if the problem is solved?

#35 mortstiff

Advanced Member

Full Member
106 posts

Posted 09 February 2021 - 11:22 AM

I really appreciate your help and all the time you've spent on my problems.

Everything is still running smoothly - I'll get to the extensions tonight and the other stuff tomorrow when I have more time than I have now. Will post results.

#36 mortstiff

Advanced Member

Full Member
106 posts

Posted 09 February 2021 - 06:43 PM

Did everything you suggested in your last post. Prior to the FBAR fix, I got about halfway with the backup before the red bar popped up saying it stopped early, but looking at the size of the backup, it looks like it might have been complete.

No crashes or freezes to report. As for suspect extensions, there's one that looks suspicious - Avast Safe Price.

Others: 404 bookmarks, Ant video downloader, Bypass Paywalls, New Tab Override, SetUp VPN,

Here's the log.

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-02-2021 01
Ran by AJKimmel (10-02-2021 01:33:30) Run:2
Running from F:\00SAVED\Malware software
Loaded Profiles: AJKimmel & UpdatusUser
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
CloseProcesses:

Task: {789572C6-BF32-4CB3-98D4-B701EFB38594} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Downloads\esetonlinescanner_enu.exe
Task: {9C1AC2E2-108A-4748-A074-091C6BBE8A96} - System32\Tasks\EOSv3 Scheduler onTime => C:\Downloads\esetonlinescanner_enu.exe

C:\Downloads\esetonlinescanner_enu.exe

Restart:

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{789572C6-BF32-4CB3-98D4-B701EFB38594}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{789572C6-BF32-4CB3-98D4-B701EFB38594}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C1AC2E2-108A-4748-A074-091C6BBE8A96}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C1AC2E2-108A-4748-A074-091C6BBE8A96}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
"C:\Downloads\esetonlinescanner_enu.exe" => not found

The system needed a reboot.

==== End of Fixlog 01:33:46 ====

#37 nasdaq

Forum Deity

Global Moderator
49,408 posts

Posted 10 February 2021 - 09:34 AM

Hi,

Form some unknown reason I do not see you Addition.txt log.

I can only check on the Others: 404 bookmarks, Ant video downloader, Bypass Paywalls, New Tab Override, SetUp VPN,

If I see fresh logs.

Run the Farbar program and post fresh FRST.TXT and Addition.txt logs for my review.

#38 mortstiff

Advanced Member

Full Member
106 posts

Posted 10 February 2021 - 11:26 AM

I lost that file last time, sorry. I have so many of these logs now that I had to create a separate folder.

This morning I tried another backup and at least I got a different error message - that it failed to read from the shadow copy on one of the volumes being backed up. Error code 0x81000037

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-02-2021 01
Ran by AJKimmel (administrator) on AJKIMMEL-PC ( GT70) (10-02-2021 18:18:16)
Running from C:\Users\AJKimmel\Desktop\PC Problem 2-21\3rd round
Loaded Profiles: AJKimmel & UpdatusUser
Platform: Windows 10 Pro Version 20H2 19042.746 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\115.4.601\QtWebEngineProcess.exe <3>
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Foxit Software Incorporated -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(FSL - Freesoftland) [File not signed] C:\Program Files (x86)\FSL\IconRestorer\IconRestorer.exe
(Google Inc (TEST) -> Epic Privacy Browser) [File not signed] C:\Users\AJKimmel\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel® Upgrade Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lytro, Inc. -> ) [File not signed] C:\Program Files\Lytro\LytroService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Micro-Star International CO., LTD. -> ) [File not signed] C:\Program Files (x86)\SCM\SCM.exe
(Micro-Star International Co., Ltd.) [File not signed] C:\Program Files (x86)\S-Bar\MSIService.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <13>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics) C:\ProgramData\Samsung Apps\Portable SSD\SamsungPortableSSDMon.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe <2>
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.exe
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.Service.exe
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.ShadowsocksService.exe
(TechSmith Corporation) [File not signed] C:\Program Files (x86)\TechSmith\SnagIt 7\SnagIt32.exe
(TechSmith Corporation) [File not signed] C:\Program Files (x86)\TechSmith\SnagIt 7\TSCHelp.exe
(VideoLAN -> VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11577216 2012-08-27] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [301848 2017-06-08] (Micro-Star International CO., LTD. -> ) [File not signed]
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3347688 2016-04-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [337720 2020-11-12] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7992336 2021-02-03] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2428754776-3200477234-109872743-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company) [File not signed]
HKU\S-1-5-21-2428754776-3200477234-109872743-1000\...\Run: [Epic Privacy Browser Installer] => C:\Users\AJKimmel\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2019-07-11] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
HKU\S-1-5-21-2428754776-3200477234-109872743-1000\...\Run: [Surfshark] => C:\Program Files (x86)\Surfshark\Surfshark.exe [4358608 2021-01-25] (Surfshark Ltd. -> Surfshark)
HKU\S-1-5-21-2428754776-3200477234-109872743-1001\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1371648 2012-05-19] (Microsoft Corporation) [File not signed] [File is in use]
HKU\S-1-5-21-2428754776-3200477234-109872743-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company) [File not signed]
HKU\S-1-5-21-2428754776-3200477234-109872743-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google Inc -> Google)
HKU\S-1-5-21-2428754776-3200477234-109872743-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\CutePDF Writer Monitor: C:\WINDOWS\system32\cpwmon64.dll [85504 2007-07-12] (Acro Software Inc. -> )
HKLM\...\Print\Monitors\HP C611 Status Monitor: C:\WINDOWS\system32\hpinkstsC611LM.dll [333344 2013-05-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\PrintingScout Language Monitor for Xerox Phaser 6130: C:\WINDOWS\system32\XRZWSLAI.DLL [184320 2007-09-25] (Microsoft Windows Hardware Compatibility Publisher -> Xerox Co., Ltd.)
HKLM\...\Print\Monitors\PrintingScout Language Monitor for Xerox Phaser 6500 PCL 6: C:\WINDOWS\system32\XRXMPZIL.DLL [187904 2010-07-20] (Microsoft Windows Hardware Compatibility Publisher -> Xerox Co., Ltd.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\Users\AJKimmel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconRestorer.lnk [2016-08-20]
ShortcutTarget: IconRestorer.lnk -> C:\Program Files (x86)\FSL\IconRestorer\IconRestorer.exe (FSL - Freesoftland) [File not signed]
Startup: C:\Users\AJKimmel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar200.lnk [2021-02-10]
ShortcutTarget: Sidebar200.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) [File not signed] [File is in use]
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {006692F7-1EBD-4B4E-81A6-7D9E38003ADA} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {072546F2-EA60-4B3A-86D1-244BE05C83E8} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {16E3FF48-23B3-47AE-9D96-8358D62F98DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {1F22C044-B0B2-4706-91B3-CB9BF09C3B4B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1F566A43-E88F-4518-903D-656F2319817C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {22DC6A1B-856D-4805-9666-08845666ED43} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
Task: {2322812F-A58A-403E-99FA-209E0AAC1D5F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {24A9D787-42F7-4C61-81BB-F30DDEB2B892} - System32\Tasks\DropboxUpdateTaskMachineCore1d662067361c6f9 => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
Task: {327D4326-2CE2-40FD-99BC-E058164784AE} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {32873F5A-8C83-4E51-81FD-83BF010EAD11} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3EDA70EF-AC5F-431F-831A-334A46338004} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4663FA9C-9D74-44B9-87BB-C9A01C47C3F1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {4B43AE99-459C-4657-BDBF-DBFB528B12FA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
Task: {4EE0DA4A-4F40-4601-B7B0-30D45E9347DF} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4FDC05A7-7F79-4FF0-9265-1A8B6409B643} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {510382C8-0AD1-42AE-81D9-9E6E66939A8D} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {53BA3101-C7D7-490B-B0F7-452AE5EBAE30} - System32\Tasks\{693768F4-BAB4-4359-BBB1-7AC3F4B06600} => C:\Windows\system32\pcalua.exe -a C:\Downloads\jxpiinstall(4).exe -d C:\Downloads
Task: {554C5264-3221-4730-A606-16CCDBDE8F4A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {61B58E44-D5B5-4B94-9BF7-71173DA98C61} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {62C7936F-3C2A-4296-9799-7553E7BCA0D0} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {6BC61AF0-052E-44F4-8471-7199FDA0F98F} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {70D633E5-C2AA-40BF-96F7-31AF35551E2C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7118A037-106A-462B-9B10-474C95907EC6} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {78C84B4E-DA43-460D-BC2F-84DD7C6E39C7} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [677344 2021-02-10] (Mozilla Corporation -> Mozilla Foundation)
Task: {7D70F6F1-5650-4303-AE2C-C8C460B087E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {7DA1C9F9-EB4B-4A69-BB15-34496FB7828F} - System32\Tasks\Samsung_PSSD_Registration => C:\ProgramData\Samsung Apps\Portable SSD\SamsungPortableSSDMon.exe [499184 2018-10-16] (Samsung Electronics Co., Ltd. -> Samsung Electronics)
Task: {84C26733-E6FB-41A7-8321-217CABD532F8} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8D380145-C032-4EE7-9B4F-4AB509B5547F} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {90697E13-65D9-4DA3-B094-EBDBB7793690} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {98650361-2BAC-432A-8845-EDD002981544} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {98BF00C5-8F38-4F89-BFBD-1C486447E3D9} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9FB7D739-1521-49F1-996D-67597DB0F7B1} - System32\Tasks\{5A0C57BF-5F99-4D28-BB80-5DAB0C5986D3} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\J River\Media Jukebox 12\PackageInstaller.exe" -d C:\ -c /RegFileAssociations
Task: {A1405976-24B8-4DB6-8A0E-3FB7EC359DE5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B31F665E-AE39-410A-802B-DE3AEF234815} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe
Task: {C24A3183-CA7B-4601-8FF5-1B0AA2922144} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C5200547-A3F3-4207-8123-75DE2D128F7B} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
Task: {D392E1D4-8957-43AF-A976-B27828568A58} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {D6B93678-C384-4733-BA74-C92DA6312AE2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DD18E705-E4E9-4306-8CFE-63DC7FAD9936} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
Task: {E0F90818-9585-4864-A351-C5717B7C28BA} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {E7B51FCC-DB0B-441B-ADF6-471F6AA4CFE5} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E9F6959B-3ADE-4965-9E21-204800EC7DD0} - System32\Tasks\DropboxUpdateTaskMachineUA1d6620673698dca => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
Task: {EBEA78E3-0EA9-40DA-9A82-D72DB0983630} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {EDFDCE01-DF2B-4BA4-AC8F-AB16BA2F9F5F} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {F58129DF-28A0-4AB6-9279-AF52893DC9B7} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F6986AF9-364A-4291-A599-B1ED11B871A5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {F72C5B88-536C-4429-BD1A-A9972BC8C0AE} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {F8450148-0061-4C48-9DFC-D9EB8922489C} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F917E976-76D0-4C32-A366-EFB64E0AEBC7} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore1d662067361c6f9.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA1d6620673698dca.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{3c53f296-155f-47a1-9971-4c9fc62a5acf}: [DhcpNameServer] 162.252.172.57 149.154.159.92
Tcpip\..\Interfaces\{65fd769d-e176-48f6-b606-a01d4d3ef33a}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{65fd769d-e176-48f6-b606-a01d4d3ef33a}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9218BF6D-8627-482D-8423-6760ED6E652B}: [NameServer] 162.252.172.57 149.154.159.92

Edge:
=======
DownloadDir: C:\Users\AJKimmel\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-2428754776-3200477234-109872743-1000 -> hxxps://mail.google.com/mail/u/0/?pc=carousel-about-en#inbox
Edge Notifications: HKU\S-1-5-21-2428754776-3200477234-109872743-1000 -> hxxps://www.facebook.com
Edge Extension: (Video Downloader professional) -> EdgeExtension_Link64GmbHVideoDownloaderProfessionalforEdge_r8gm29f18mcyc => C:\Program Files\WindowsApps\Link64GmbH.VideoDownloaderProfessionalforEdge_1.0.12.0_neutral__r8gm29f18mcyc [2019-11-22]
Edge DefaultProfile: Default
Edge Profile: C:\Users\AJKimmel\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-10]
Edge HomePage: Default -> hxxps://mail.google.com/mail/u/0/?pc=carousel-about-en#inbox
Edge StartupUrls: Default -> "hxxps://news.google.com/?hl=en-US&gl=US&ceid=US:en"
Edge DefaultSearchURL: Default -> hxxps://www.google.fr/search?q={searchTerms}&ie={inputEncoding?}&oe={outputEncoding?}
Edge Extension: (All Video Downloader professional) - C:\Users\AJKimmel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mbpnbnogejaolbhfpfgagldkeahefbhd [2021-01-05]

FireFox:
========
FF DefaultProfile: 8beseft5.default
FF DefaultProfile: deiv6e28.default
FF ProfilePath: C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default [2021-02-10]
FF DownloadDir: C:\Downloads
FF Homepage: Mozilla\Firefox\Profiles\8beseft5.default -> hxxps://news.google.com/
FF NetworkProxy: Mozilla\Firefox\Profiles\8beseft5.default -> ftp", "201.251.156.17"
FF HomepageOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: yayanotherspeeddial@bakadev.fr
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: newtaboverride@agenedia.com
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: custom-new-tab-page@mint.as
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: {71ec5708-2489-11e8-8697-87e8af1da1d9}
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: pavel.sherbakov@gmail.com
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: multilevelspeeddial@powercoder.org
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: yayanotherspeeddial@bakadev.fr
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: michal.simonfy@gmail.com
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: {241ffcc1-cc25-47e9-86e6-ab5e79147952}
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: admin@fastaddons.com_GroupSpeedDial
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Disabled: newtabtools@darktrojan.net
FF NewTabOverride: Mozilla\Firefox\Profiles\8beseft5.default -> Enabled: {6905b838-e843-4ee3-9df0-b4c79673b21c}
FF Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\@setupvpncom.xpi [2020-10-17]
FF Extension: (Group Speed Dial) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\admin@fastaddons.com_GroupSpeedDial.xpi [2020-12-28]
FF Extension: (Ant Video downloader) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\anttoolbar@ant.com.xpi [2021-02-02]
FF Extension: (Classic Theme Restorer) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2017-11-14] [Legacy]
FF Extension: (Custom New Tab Page) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\custom-new-tab-page@mint.as.xpi [2020-10-30]
FF Extension: (Xmarks Bookmark Sync) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\foxmarks@kei.com.xpi [2017-12-04]
FF Extension: (EverSync - Sync bookmarks, backup favorites) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\fvdmedia@gmail.com.xpi [2020-05-10]
FF Extension: (Bypass Paywalls) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\iamadamdev@hotmail.com.xpi [2018-11-12]
FF Extension: (google-weather) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\jid0-lQyK6JstbAGdiq1fp28Cl@jetpack.xpi [2018-12-30]
FF Extension: (Substital: Add Subtitles to Videos) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\jid1-Cn7LiNrWh4k6RA@jetpack.xpi [2020-10-28]
FF Extension: (New Tab Override) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\newtaboverride@agenedia.com.xpi [2019-12-31]
FF Extension: (New Tab Tools) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\newtabtools@darktrojan.net.xpi [2020-12-19]
FF Extension: (New Tab Page) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\pavel.sherbakov@gmail.com.xpi [2020-11-16]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\sp@avast.com.xpi [2020-07-03]
FF Extension: (Symbaloo Bookmarker) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\symbaloo-ff-extension@symbaloo.com.xpi [2021-02-09]
FF Extension: (Yay! Another Speed dial!) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\yayanotherspeeddial@bakadev.fr.xpi [2019-04-09]
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2018-04-13]
FF Extension: (SearchSubtitle) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{15690dc0-7102-4bec-94bd-ebf1f1ddea7b}.xpi [2018-12-26]
FF Extension: (404 Bookmarks) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{5f8d31ba-47fb-4b70-bf8d-d2113f6da22f}.xpi [2018-09-15]
FF Extension: (Save Video As) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{63f3b52d-7581-42cd-9e82-fb1b2cdb0043}.xpi [2017-11-16]
FF Extension: (Speed Dial) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2016-03-27] [Legacy]
FF Extension: (Classical Search Bar) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{6905b838-e843-4ee3-9df0-b4c79673b21c}.xpi [2020-11-07]
FF Extension: (Speed Dial Quantum) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{71ec5708-2489-11e8-8697-87e8af1da1d9}.xpi [2018-08-31]
FF Extension: (Googlebar Lite) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}.xpi [2017-04-22] [Legacy]
FF Extension: (Video DownloadHelper) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-12-16]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-01-29]
FF Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\AJKimmel\AppData\Roaming\Mozilla\Firefox\Profiles\8beseft5.default\Extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}.xpi [2017-09-22]
FF ProfilePath: C:\Users\AJKimmel\AppData\Roaming\Infogrid Pacific Pte. Ltd\AZARDI-2.0\Profiles\deiv6e28.default [2019-11-13]
FF Plugin: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-02-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-02-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-02-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-02-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc -> Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-2428754776-3200477234-109872743-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\AJKimmel\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2019-07-11] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
FF Plugin HKU\S-1-5-21-2428754776-3200477234-109872743-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\AJKimmel\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2019-07-11] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]

Chrome:
=======
CHR DefaultProfile: Default"},"rappor":{"cohort_seed":30,"last_daily_sample":"13142121292734674
CHR Profile: C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default [2021-02-02]
CHR Notifications: Default -> hxxps://mail.google.com
CHR HomePage: Default -> hxxp://news.google.com/?ar=1310991475
CHR StartupUrls: Default -> "hxxp://43marks.com/mortstiff","hxxps://mail.google.com/mail/#inbox","hxxp://avxhome.se/vidoe","hxxp://www.zone-telechargement.com/","hxxp://www.imdb.com/","hxxp://www.dailymail.co.uk/home/index.html","hxxp://lefooding.com/fr","hxxp://googlenews.com/"
CHR Extension: (Google Translate) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-02-09]
CHR Extension: (Google Translate Pad) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgpafgiahigeanbnnmdbnkdkllhjndl [2014-06-06]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-07-17]
CHR Extension: (Bookmarks Side Panel) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankkfflbgjokclfgfehiinnlijdlicdb [2014-06-08]
CHR Extension: (Google Drive) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-26]
CHR Extension: (YouTube) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-10]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-05-29]
CHR Extension: (Google Search) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-07-26]
CHR Extension: (Quick Find for Google Chrome™) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dejblhmebonldngnmeidliaifgiagcjj [2015-07-17]
CHR Extension: (Chroma) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gefgglgjdlddcpcapigheknbacbmmggp [2018-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-29]
CHR Extension: (Avast Online Security) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-05-29]
CHR Extension: (MLB.com Scoreboard) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ignfgamliophfaggapcolfgjiekgppld [2014-06-06]
CHR Extension: (Diigo Read Later) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jooajjfbnpnafgndfpeboaehpddfglaj [2015-07-17]
CHR Extension: (tab packager by tab.bz) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhheoejnijomhdjilifdbjeholikpnb [2016-07-26]
CHR Extension: (Numerics Calculator & Converter) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2014-06-06]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
CHR Extension: (French Dictionary) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnhkhjchchenblaemilhmkbdkkdkdchn [2015-07-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-01-06]
CHR Extension: (Print Friendly & PDF) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2020-05-29]
CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole [2015-03-31]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2014-06-06]
CHR Extension: (Evernote Web Clipper) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2020-05-29]
CHR Extension: (World Clocks 2) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjgoijhajhaahklokegbfnohialajpej [2015-03-31]
CHR Extension: (Gmail) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-01-06]
CHR Extension: (Chrome Media Router) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-05]
CHR Extension: (G App Launcher (Customizer for Google™)) - C:\Users\AJKimmel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponjkmladgjfjgllmhnkhgbgocdigcjm [2020-05-29]
CHR HKU\S-1-5-21-2428754776-3200477234-109872743-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\AJKimmel\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-06-07]
CHR HKU\S-1-5-21-2428754776-3200477234-109872743-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-09] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44064 2021-02-03] (Dropbox, Inc -> Dropbox, Inc.)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1648840 2016-08-05] (Foxit Software Incorporated -> Foxit Software Inc.)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 LytroService; C:\Program Files\Lytro\lytroservice.exe [202336 2014-10-21] (Lytro, Inc. -> ) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-04] (Malwarebytes Inc -> Malwarebytes)
S3 Media Jukebox 14 Service; C:\Program Files (x86)\J River\Media Jukebox 14\JRService.exe [379400 2010-07-15] (J. River Inc. -> J. River, Inc.)
R2 Micro Star SCM; C:\Program Files (x86)\S-Bar\MSIService.exe [160768 2011-11-02] (Micro-Star International Co., Ltd.) [File not signed]
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [490496 2012-07-23] () [File not signed]
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia -> Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia -> Secunia)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Surfshark Service; C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe [436688 2020-06-15] (Surfshark Ltd. -> Surfshark)
R2 Surfshark Shadowsocks Service; C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe [436688 2020-06-15] (Surfshark Ltd. -> Surfshark)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bflwfx64.sys [66928 2012-07-23] (Qualcomm Atheros, Inc. -> Qualcomm Atheros, Inc.)
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [14456 2013-06-05] (GFI Software Development Ltd. -> GFI Software)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220600 2021-02-07] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-02-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-02-06] (Malwarebytes Inc -> Malwarebytes)
R3 MpKsl15039911; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1377129A-C580-44B5-A4A9-157D3273EEA9}\MpKslDrv.sys [47344 2021-02-10] (Microsoft Windows -> Microsoft Corporation)
R1 pango_netfilter2; C:\WINDOWS\System32\drivers\pango_netfilter2.sys [84168 2020-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Pango Inc)
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia -> Secunia)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-10-16] (Corel Corporation -> Corel Corporation)
R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [54664 2021-02-02] (NCH Software Pty Ltd -> )
S3 SurfsharkSplitTunnelDriver; C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelCalloutDriver.sys [39648 2020-12-28] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [40664 2016-11-07] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapsurfshark; C:\WINDOWS\System32\drivers\tapsurfshark.sys [38728 2020-06-15] (WDKTestCert Lenovo,131775874531219913 -> The OpenVPN Project)
S3 visctap0901; C:\WINDOWS\System32\drivers\visctap0901.sys [39048 2015-08-26] (SparkLabs Pty Ltd -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 wintunshark; C:\WINDOWS\system32\DRIVERS\wintunshark.sys [31096 2020-09-17] (WDKTestCert nikod,132409123292239223 -> Surfshark Ltd)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-10 14:21 - 2021-02-10 14:23 - 000000000 ____D C:\Users\AJKimmel\Desktop\Symbaloo
2021-02-10 13:40 - 2021-02-10 13:40 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-02-10 02:29 - 2021-02-10 02:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-02-10 01:32 - 2021-02-10 01:32 - 000000923 _____ C:\Users\AJKimmel\Desktop\SALog.txt
2021-02-08 23:28 - 2021-02-09 14:54 - 000000000 ____D C:\Users\AJKimmel\Desktop\Desktop Documents
2021-02-08 00:43 - 2021-02-08 00:44 - 000000000 ____D C:\Program Files\Defraggler
2021-02-07 03:23 - 2021-02-07 03:23 - 000220600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-02-06 01:15 - 2021-02-06 01:15 - 000192168 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2021-02-06 01:14 - 2021-02-06 01:14 - 000000000 ____D C:\Program Files\Java
2021-02-06 00:55 - 2021-02-06 01:09 - 000000000 ____D C:\Users\AJKimmel\AppData\LocalLow\IGDump
2021-02-06 00:36 - 2021-02-06 00:36 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-02-06 00:35 - 2021-02-06 00:37 - 000374306 _____ C:\WINDOWS\ntbtlog.txt
2021-02-06 00:32 - 2021-02-06 00:32 - 000949012 _____ C:\WINDOWS\Minidump\020621-19421-01.dmp
2021-02-06 00:28 - 2021-02-06 00:28 - 000951284 _____ C:\WINDOWS\Minidump\020621-19437-01.dmp
2021-02-05 02:27 - 2021-02-05 02:27 - 000165032 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2021-02-05 02:27 - 2021-02-05 02:27 - 000000000 ____D C:\Users\AJKimmel\AppData\Roaming\Sun
2021-02-04 02:22 - 2021-02-06 00:37 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-02-04 02:22 - 2021-02-04 02:22 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-02-04 02:22 - 2021-02-04 02:22 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-02-04 02:22 - 2021-02-04 02:22 - 000000000 ____D C:\Users\AJKimmel\AppData\Local\mbam
2021-02-03 12:50 - 2021-02-03 12:50 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-02-03 12:50 - 2021-02-03 12:50 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-02-03 12:50 - 2021-02-03 12:50 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-02-03 12:50 - 2021-02-03 12:50 - 000044064 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-02-03 01:45 - 2021-02-03 02:15 - 000000000 ____D C:\Users\AJKimmel\Documents\Studio One
2021-02-03 01:42 - 2021-02-03 01:42 - 000000000 ____D C:\Users\AJKimmel\AppData\Roaming\PreSonus
2021-02-03 01:38 - 2021-02-03 01:38 - 000000000 ____D C:\Program Files\PreSonus
2021-02-03 01:38 - 2021-02-03 01:38 - 000000000 ____D C:\Program Files\Common Files\Propellerhead Software
2021-02-03 01:38 - 2020-11-30 14:20 - 000033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2021-02-02 14:25 - 2021-02-10 18:18 - 000000000 ____D C:\Users\AJKimmel\Desktop\PC Problem 2-21
2021-02-02 14:20 - 2021-02-02 14:20 - 000000000 ____D C:\Program Files\Malwarebytes
2021-02-01 15:21 - 2021-02-01 15:21 - 000000000 ___HD C:\$SysReset
2021-02-01 15:18 - 2021-02-01 15:18 - 001003084 _____ C:\WINDOWS\Minidump\020121-47500-01.dmp
2021-02-01 14:07 - 2021-02-10 18:18 - 000000000 ____D C:\FRST
2021-01-31 23:42 - 2021-02-02 16:22 - 000000850 _____ C:\Users\AJKimmel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-01-31 23:39 - 2021-01-31 23:39 - 000999972 _____ C:\WINDOWS\Minidump\013121-13687-01.dmp
2021-01-31 00:43 - 2021-01-31 00:43 - 001980444 _____ C:\WINDOWS\Minidump\013121-45937-01.dmp
2021-01-29 14:12 - 2021-02-09 23:04 - 000000000 ____D C:\Users\AJKimmel\Desktop\Treavor Comp
2021-01-29 01:37 - 2021-01-29 01:37 - 000000847 _____ C:\Users\AJKimmel\AppData\Local\recently-used.xbel
2021-01-28 15:27 - 2021-02-06 00:33 - 000000000 ____D C:\WINDOWS\Minidump
2021-01-28 15:27 - 2021-01-28 15:27 - 001003108 _____ C:\WINDOWS\Minidump\012821-39843-01.dmp
2021-01-28 13:10 - 2021-01-28 13:10 - 000000000 ____D C:\Users\AJKimmel\AppData\Local\OneDrive
2021-01-28 12:43 - 2021-01-28 12:43 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2021-01-28 12:42 - 2021-01-28 12:46 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-01-28 12:41 - 2021-01-28 12:42 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-01-28 12:41 - 2021-01-28 12:41 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-01-28 12:37 - 2021-01-28 12:37 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-01-28 12:37 - 2021-01-28 12:37 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-01-28 12:37 - 2021-01-28 12:37 - 001309504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-01-28 12:37 - 2021-01-28 12:37 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-28 12:37 - 2021-01-28 12:37 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-28 12:37 - 2021-01-28 12:37 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-28 12:37 - 2021-01-28 12:37 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-28 12:37 - 2021-01-28 12:37 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-28 12:37 - 2021-01-28 12:37 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-28 12:37 - 2021-01-28 12:37 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-28 12:37 - 2021-01-28 12:37 - 000111616 _____ C:\WINDOWS\system32\RDVGHelper.exe
2021-01-28 12:37 - 2021-01-28 12:37 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-28 12:37 - 2021-01-28 12:37 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-28 12:37 - 2021-01-28 12:37 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-28 12:37 - 2021-01-28 12:37 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-28 12:37 - 2021-01-28 12:37 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-01-28 12:37 - 2021-01-28 12:37 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-28 12:36 - 2021-01-28 12:36 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-01-28 12:36 - 2021-01-28 12:36 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-01-28 12:36 - 2021-01-28 12:36 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-01-28 12:36 - 2021-01-28 12:36 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-28 12:36 - 2021-01-28 12:36 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000707544 _____ C:\WINDOWS\system32\TextShaping.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-28 12:36 - 2021-01-28 12:36 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-28 12:36 - 2021-01-28 12:36 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-28 12:36 - 2021-01-28 12:36 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-28 12:36 - 2021-01-28 12:36 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2021-01-28 12:36 - 2021-01-28 12:36 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-01-28 12:36 - 2021-01-28 12:36 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-01-28 12:36 - 2021-01-28 12:36 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-01-28 12:36 - 2021-01-28 12:36 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-01-28 12:36 - 2021-01-28 12:36 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2021-01-28 12:36 - 2021-01-28 12:36 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv
2021-01-28 12:36 - 2021-01-28 12:36 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-01-28 12:36 - 2021-01-28 12:36 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-01-28 12:36 - 2021-01-28 12:36 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-01-28 12:32 - 2021-01-28 12:32 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2021-01-28 12:32 - 2021-01-28 12:32 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2021-01-28 12:29 - 2021-01-28 12:46 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-01-28 12:29 - 2021-01-28 12:29 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2021-01-28 12:29 - 2021-01-28 12:29 - 000000000 ____D C:\WINDOWS\system32\msmq
2021-01-28 12:29 - 2021-01-28 12:29 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2021-01-28 12:29 - 2021-01-28 12:29 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-01-28 12:29 - 2021-01-28 12:29 - 000000000 ____D C:\Program Files\MSBuild
2021-01-28 12:29 - 2021-01-28 12:29 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-01-28 12:29 - 2021-01-28 12:29 - 000000000 ____D C:\inetpub
2021-01-28 03:58 - 2021-02-10 01:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-28 03:58 - 2021-02-09 16:24 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2021-01-28 03:58 - 2021-02-08 14:01 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2428754776-3200477234-109872743-1000
2021-01-28 03:58 - 2021-01-28 03:58 - 000015243 _____ C:\WINDOWS\diagwrn.xml
2021-01-28 03:58 - 2021-01-28 03:58 - 000015243 _____ C:\WINDOWS\diagerr.xml
2021-01-28 03:58 - 2021-01-28 03:58 - 000003510 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2021-01-28 03:58 - 2021-01-28 03:58 - 000003484 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA1d6620673698dca
2021-01-28 03:58 - 2021-01-28 03:58 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-28 03:58 - 2021-01-28 03:58 - 000003404 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-01-28 03:58 - 2021-01-28 03:58 - 000003386 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineUA
2021-01-28 03:58 - 2021-01-28 03:58 - 000003366 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{AFC88D8B-87A1-4B29-A1D2-AFF0402CDBE4}
2021-01-28 03:58 - 2021-01-28 03:58 - 000003286 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2021-01-28 03:58 - 2021-01-28 03:58 - 000003260 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore1d662067361c6f9
2021-01-28 03:58 - 2021-01-28 03:58 - 000003248 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-01-28 03:58 - 2021-01-28 03:58 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-28 03:58 - 2021-01-28 03:58 - 000003180 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-28 03:58 - 2021-01-28 03:58 - 000003162 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineCore
2021-01-28 03:58 - 2021-01-28 03:58 - 000003118 _____ C:\WINDOWS\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2021-01-28 03:58 - 2021-01-28 03:58 - 000002636 _____ C:\WINDOWS\system32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2021-01-28 03:58 - 2021-01-28 03:58 - 000002404 _____ C:\WINDOWS\system32\Tasks\{5A0C57BF-5F99-4D28-BB80-5DAB0C5986D3}
2021-01-28 03:58 - 2021-01-28 03:58 - 000002392 _____ C:\WINDOWS\system32\Tasks\Samsung_PSSD_Registration
2021-01-28 03:58 - 2021-01-28 03:58 - 000002296 _____ C:\WINDOWS\system32\Tasks\{693768F4-BAB4-4359-BBB1-7AC3F4B06600}
2021-01-28 03:58 - 2021-01-28 03:58 - 000000020 ___SH C:\Users\AJKimmel\ntuser.ini
2021-01-28 03:58 - 2021-01-28 03:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\WPD
2021-01-28 03:58 - 2021-01-28 03:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\OfficeSoftwareProtectionPlatform
2021-01-28 03:58 - 2021-01-28 03:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\Leader Technologies
2021-01-28 03:58 - 2021-01-28 03:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2021-01-28 03:57 - 2021-02-10 01:42 - 000837568 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-28 03:52 - 2021-01-28 03:52 - 000000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2021-01-28 03:49 - 2021-02-08 23:07 - 000000000 ____D C:\Users\UpdatusUser
2021-01-28 03:49 - 2021-02-08 23:07 - 000000000 ____D C:\Users\AJKimmel
2021-01-28 03:49 - 2021-02-08 14:01 - 000002413 _____ C:\Users\AJKimmel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-01-28 03:49 - 2021-01-28 03:55 - 000000000 ____D C:\Users\DefaultAppPool
2021-01-28 03:49 - 2019-12-07 10:10 - 000001105 _____ C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-01-28 03:49 - 2019-12-07 10:10 - 000001105 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-01-28 03:47 - 2021-02-10 18:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-28 03:47 - 2021-02-10 01:34 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-28 03:47 - 2021-01-28 15:27 - 000636616 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-28 03:47 - 2016-05-11

#39 nasdaq

Forum Deity

Global Moderator
49,408 posts

Posted 11 February 2021 - 08:52 AM

HI,

This issue occurs if the reparse point points to a mount point or a directory junction to the root of another volume.

Repair it with this tool.

Follow carefully the instructions on this page.

If at any time you need help ask before proceeding.

Execute the instructions given by Administrator Boopme to Repair Reparse Points or Repair Environment Variables tools at the bottom of this Window if needed. <- this is in step 3. Make sure your run the R switch and select Add to next boot.

https://www.bleeping...problems/page-2

<<<>>>

p.s.

It will help you a lot if you can print the topic or have the screen available on other computer or phone.

#40 mortstiff

Advanced Member

Full Member
106 posts

Posted 11 February 2021 - 06:43 PM

I'm lost.

You are referring to the backup issue?

Still no crashes, but this morning when I booted up I was greeted by this message: 'A disk read error occurred Press Ctrl-Alt-Del to restart'.

#41 mortstiff

Advanced Member

Full Member
106 posts

Posted 12 February 2021 - 07:50 AM

Booted up today, after another Windows update when I went to shut off the laptop last night, and this time I got the blue screen right away. Booted up again normally. Firefox has frozen a couple of times. What's different, other than the update? Yesterday, I enabled another extension, Custom New Tab Page. When I disabled my extensions, I lost Symbaloo - the bookmark tiles, which I am heavily reliant on. Last night I enabled the custom tab page and got Symbaloo back, but only after checking 'remove iframe headers', but still couldn't get it (except via the URL) to open on a new tab in private browser. Now I've disabled it again to see if the Firefox problems persist. I really need Symbaloo, though.

#42 nasdaq

Forum Deity

Global Moderator
49,408 posts

Posted 12 February 2021 - 08:54 AM

Hi,

Did you try to set your home page at Symbaboo?

https://www.symbaloo.com/startLogin.do

or delete the current Firefox Extension and install the latest

https://addons.mozil...loo-bookmarker/

Keep me posted.

#43 mortstiff

Advanced Member

Full Member
106 posts

Posted 13 February 2021 - 07:37 AM

I set symbaloo as the home page. Every time I open a new tab, I have to hit the home button, but I guess I can live with that, although it's not what I had before the disabling of the extensions.

The real problem is the start up, which gets worse and worse. Today, it took me about 10 tries to boot up. I immediately get the message about inserting a boot disk, so I keep hitting F11 to get to the boot order to select the HD with the OS. A few times, that didn't work, and it was looking like booting up was going to be impossible. So, in essence, the laptop is in bad shape and in serious need of either a fix or a replacement.

#44 nasdaq

Forum Deity

Global Moderator
49,408 posts

Posted 13 February 2021 - 08:49 AM

Hi,

As you know the BIOS controls the start sequence.

I suggest you start a new topic in the Internal Hardware Forum.

https://www.bleeping...ernal-hardware/

Explain you problem with this boot sequence.

An expert should be able to guide you better that I can.

This is not malware and not my forte.

I will leave this topic open for 6 days.

#45 mortstiff

Advanced Member

Full Member
106 posts

Posted 13 February 2021 - 09:29 AM

OK, I'll do that. Thanks again.

#46 mortstiff

Advanced Member

Full Member
106 posts

Posted 19 February 2021 - 07:19 AM

Just to provide closure: went to bleepingcomputer and the decision was that my problem was hardware related. The computer wasn't recognizing the SSD that included the OS. At certain points, after going through all the blue screen crap and getting to safe mode, I was able to boot up normally into Windows by restarting in safe mode. Ultimately, it was suggested that the best I could hope for was to open up the computer and clean the inside, get rid of dust etc. Did that. The first time, I removed the SSD, cleaned, rebooted - worse than before. Couldn't get the laptop to recognize the drive at all. Second time, removed the SSD, then removed the small piece that it connected to (held by two screws), blew away any dust (no obvious dust apparent), put everything back, making sure the SSD and the connecting piece were snug in place. Now the laptop is working normally, Firefox is faster, no freezing, no blue screens, no problems not opening up. This has been two days since the fix, and could turn out to be temporary - in the meantime, I've ordered another laptop - but so far, so good.

#47 nasdaq

Forum Deity

Global Moderator
49,408 posts

Posted 19 February 2021 - 09:01 AM

Hi,

Good news.

Thanks.

Back to Malware Removal

Laptop regularly crashing with blue screen

#1 mortstiff

#2 nasdaq

#3 mortstiff

#4 nasdaq

#5 mortstiff

#6 nasdaq

#7 mortstiff

#8 nasdaq

#9 mortstiff

#10 mortstiff

#11 nasdaq

#12 mortstiff

#13 Rocket Grannie

#14 mortstiff

#15 Rocket Grannie

#16 mortstiff

#17 mortstiff

#18 nasdaq

#19 mortstiff

#20 nasdaq

#21 mortstiff

#22 nasdaq

#23 mortstiff

#24 nasdaq

#25 mortstiff

#26 nasdaq

#27 mortstiff

#28 nasdaq

#29 mortstiff

#30 nasdaq

#31 mortstiff

#32 nasdaq

#33 mortstiff

#34 nasdaq

#35 mortstiff

#36 mortstiff

#37 nasdaq

#38 mortstiff

#39 nasdaq

#40 mortstiff

#41 mortstiff

#42 nasdaq

#43 mortstiff

#44 nasdaq

#45 mortstiff

#46 mortstiff

#47 nasdaq

Sign In