View Single Post
  #3  
Old December 16th, 2020, 06:48 PM
oasis.g oasis.g is offline
Senior Member
 
Join Date: Sep 2005
Posts: 126
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020
Ran by Alex (administrator) on DESKTOP-H66SN7Q (16-12-2020 09:35:18)
Running from C:\Users\Alex\Downloads
Loaded Profiles: Alex
Platform: Windows 10 Home Version 20H2 19042.685 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe <22>
(CONTIVIO.COM CORPORATION -> Contivio.com) C:\Program Files (x86)\Contivio.com\Contivio.com Client\Contivio.Com.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(GeoComply USA, Inc. -> GeoComply) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\se rvice.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <86>
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <13>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_16005.13426.20316.0_x64__8wekyb3d8bbwe\HxOutlo ok.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_16005.13426.20316.0_x64__8wekyb3d8bbwe\HxTsr.e xe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.ex e
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvr fi.inf_amd64_b02057827c15e7cf\Display.NvContainer\ NVDisplay.Container.exe <2>
(PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\9.3\bin\pg_ctl.exe
(PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\9.3\bin\postgres.exe <7>
(Realtek Semiconductor Corp -> ) C:\Windows\runSW.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TunnelBear Inc -> TunnelBear) C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [337720 2020-11-12] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7992832 2020-12-01] (Dropbox, Inc -> Dropbox, Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-1271123810-21777831-3259583340-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1271123810-21777831-3259583340-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Alex\AppData\Local\Microsoft\Teams\Update .exe [1789768 2019-08-21] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1271123810-21777831-3259583340-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1271123810-21777831-3259583340-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1271123810-21777831-3259583340-1001\...\Run: [GoogleChromeAutoLaunch_8A9A309EEDEE8A1FE73391295BB 8D638] => C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe [2151080 2020-12-09] (Brave Software, Inc. -> Brave Software, Inc.)
HKU\S-1-5-21-1271123810-21777831-3259583340-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe [2151080 2020-12-09] (Brave Software, Inc. -> Brave Software, Inc.)
HKU\S-1-5-21-1271123810-21777831-3259583340-1001\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe [2151080 2020-12-09] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\...\Windows x64\Print Processors\hpcpp155: C:\Windows\System32\spool\prtprocs\x64\hpcpp155.DL L [597792 2013-09-04] (Hewlett-Packard Company -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Insta ller\chrmstp.exe [2020-12-02] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\87.1.18.70\Installer\chrmstp.e xe [2020-12-10] (Brave Software, Inc. -> Brave Software, Inc.)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02C9D8CB-5EDB-43A2-9C71-EDD9B58DC7F8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {2E1AE457-AD9F-4929-9526-9EB3E826B8CF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {3B1173DC-5CD1-47D9-9CCA-4D8A58EC5A20} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116584 2020-12-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {3BA30050-1805-4D53-A461-EC667647973D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3C438060-0D96-4691-A990-478059EDD55B} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-08-06] (Dropbox, Inc -> Dropbox, Inc.)
Task: {443CEC4A-CEC1-4207-A98F-A560AECB9524} - System32\Tasks\Agent Activation Runtime\S-1-5-21-1271123810-21777831-3259583340-1001 => C:\WINDOWS\System32\AgentActivationRuntimeStarter. exe [13312 2020-12-10] (Microsoft Windows -> )
Task: {6D3D2852-8F33-4DDE-A0D7-4DC7488B924D} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacks Helper.exe [752136 2020-10-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {8CA205DA-FF6C-449C-B4A2-783387AA9ED9} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116584 2020-12-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {96059511-F652-4E39-B26B-4B884AB3A701} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1149336 2020-12-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {9643A489-1E85-4A4B-BE70-6779AE96AAC4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B339A09E-8801-4B07-B35E-52FED80906DA} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [154056 2019-04-26] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {B4830B32-9928-4048-9928-B5D0C1C2204D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BC654DB8-D62D-4869-8039-CE6484E78317} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {CCE7FA17-256F-4CB8-A95A-2DAB28538EDF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-26] (Google Inc -> Google Inc.)
Task: {D23D2EF1-2832-40D0-BCCF-CFA9238C79CA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-26] (Google Inc -> Google Inc.)
Task: {D2BC3E26-22ED-4F93-AD58-D9DE0A1A4D19} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-08-06] (Dropbox, Inc -> Dropbox, Inc.)
Task: {D543BDEB-14A1-4690-9204-342BCD45EA04} - System32\Tasks\GeoComply Update Task => C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Update\GeoCom plyUpdate.exe [3191272 2020-09-02] (GeoComply USA, Inc. -> GeoComply) -> /config=C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Update\GeoCom plyUpdate.xml
Task: {D5EAE071-1142-4AA8-AA87-1D74F330629E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E4944AA3-849C-43BE-98A9-25364CC3E77E} - System32\Tasks\GeoComply Service Check => "C:\Program Files (x86)\GeoComply/\PlayerLocationCheck\Application\PlayerLocationChe ckTask.cmd" 0
Task: {F0979DAB-62A7-418E-8DD2-68B44881BF47} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1741416 2020-09-17] (Avast Software s.r.o. -> Avast Software)
Task: {FF2488CA-1400-41F6-9853-AD1A527DCBA2} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [154056 2019-04-26] (Brave Software, Inc. -> BraveSoftware Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.86.1
Tcpip\..\Interfaces\{2200fe1e-8793-4f49-86f9-1519d0716f05}: [DhcpNameServer] 192.168.86.1
Tcpip\..\Interfaces\{8efb073f-860f-49fa-9a6f-aa36af3fc495}: [DhcpNameServer] 172.18.13.1

Edge:
======
Edge DefaultProfile: Profile 1
Edge Profile: C:\Users\Alex\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2020-12-16]
Edge Notifications: Profile 1 -> hxxps://www.reddit.com
Edge HomePage: Profile 1 -> hxxp://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSourc e=55&CUI=&UM=4&UP=SPE2F0C51B-D102-478C-8837-99A52DA8929A&SSPV=
Edge StartupUrls: Profile 1 -> "hxxps://mail.google.com/mail/u/1/#inbox","hxxps://coinmarketcap.com/","hxxps://www.schwab.com/public/schwab/client_home","hxxp://finance.google.com/"
Edge Extension: (Honey) - C:\Users\Alex\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2020-11-16]
Edge Extension: (Slickdeals: Automatic Coupons and Deals) - C:\Users\Alex\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\dbcjahjgmipefpapjkbcjeglciobkiih [2020-11-26]
Edge Extension: (HTTPS Everywhere) - C:\Users\Alex\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\fchjpkplmbeeeaaogdbhjbgbknjobohb [2020-11-20]
Edge Extension: (Lolli: Earn Bitcoin When You Shop) - C:\Users\Alex\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\fleenceagaplaefnklabikkmocalkcpo [2020-10-18]
Edge Extension: (Streak CRM for Gmail) - C:\Users\Alex\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\gjfnhcobilifnmokegginjeenmlmlccn [2020-05-23]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Alex\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2020-12-16]
Edge Extension: (UberConference Screen Sharing) - C:\Users\Alex\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\hcakmcggjddnhepfcajfcpkdjoggcnak [2020-05-23]
Edge Extension: (Better Bittrex) - C:\Users\Alex\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\hdchkkimlockolfnpkanppdldbmefkdn [2020-05-23]
Edge Extension: (Hunter: Find email addresses in seconds) - C:\Users\Alex\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\hgmhmanijnjhaffoampdlllchpolkdnj [2020-09-20]
Edge Extension: (Google Analytics Debugger) - C:\Users\Alex\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jnkmfdileelhofjcijamephohjechhna [2020-05-23]
Edge Extension: (Google Hangouts) - C:\Users\Alex\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2020-08-12]
Edge Extension: (MetaMask) - C:\Users\Alex\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2020-12-14]
Edge Extension: (Origin Deals) - C:\Users\Alex\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\pplcajdkcpaefgdadbbfchogccbieoae [2020-06-18]

FireFox:
========
FF DefaultProfile: 8vobr0ub.default
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Prof iles\8vobr0ub.default [2020-11-25]
FF NewTab: Mozilla\Firefox\Profiles\8vobr0ub.default -> hxxp://www.bing.com/?pc=COSP&ptag=D112418-N0600A9FCDBB39EF&form=CONMHP&conlogo=CT3335799
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Prof iles\8vobr0ub.default\Extensions\sp@avast.com.xpi [2020-10-09]
FF Extension: (MetaMask) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Prof iles\8vobr0ub.default\Extensions\webextension@meta mask.io.xpi [2020-10-09]
FF Extension: (Avast Online Security) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Prof iles\8vobr0ub.default\Extensions\wrc@avast.com.xpi [2020-10-09]
FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Prof iles\8vobr0ub.default\searchplugins\bing-lavasoft-ff59.xml [2018-11-23]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2018-03-19] [Legacy] [not signed]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-09-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3 .dll [2019-04-26] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3 .dll [2019-04-26] (Brave Software, Inc. -> BraveSoftware Inc.)

Chrome:
=======
CHR DefaultProfile: Profile 2
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default [2020-12-16]
CHR Notifications: Default -> hxxps://fortnitetracker.com; hxxps://www.draftkings.com; hxxps://www.pdfmerge.com
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSourc e=55&CUI=&UM=4&UP=SPE2F0C51B-D102-478C-8837-99A52DA8929A&SSPV=
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/1/#inbox","hxxps://coinmarketcap.com/","hxxps://www.schwab.com/public/schwab/client_home","hxxp://finance.google.com/"
CHR Extension: (Slides) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2017-10-14]
CHR Extension: (Entanglement Web App) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchp hgkefd [2017-08-26]
CHR Extension: (Docs) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2020-11-14]
CHR Extension: (Ledger Manager) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\beimhnaefocolcplfimocfiaie fpkgbf [2020-09-03]
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2017-08-26]
CHR Extension: (Honey) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbko oimhnj [2020-11-20]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddi lifddb [2020-12-15]
CHR Extension: (Swash) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmndjbecilbocjfkibfbifhngk dmjgog [2020-12-15]
CHR Extension: (Google Finance) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnneh hocbfp [2017-08-26]
CHR Extension: (Sheets) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2017-10-17]
CHR Extension: (Lolli: Earn Bitcoin When You Shop) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\fleenceagaplaefnklabikkmoc alkcpo [2020-10-18]
CHR Extension: (HTTPS Everywhere) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonp mejbdp [2020-11-20]
CHR Extension: (Google Docs Offline) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2020-11-20]
CHR Extension: (UberConference Screen Sharing) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcakmcggjddnhepfcajfcpkdjo ggcnak [2017-08-26]
CHR Extension: (Better Bittrex) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdchkkimlockolfnpkanppdldb mefkdn [2018-05-03]
CHR Extension: (Hunter: Find email addresses in seconds) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmhmanijnjhaffoampdlllchp olkdnj [2020-09-21]
CHR Extension: (Mahjong Words) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmefkohhpkdnaieghlijadogfa pogebe [2017-08-26]
CHR Extension: (Ledger Wallet Ethereum) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmlhkialjkaldndjnlcdfdphcg eadkkm [2019-03-20]
CHR Extension: (Dropbox) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhaf glcjdl [2018-04-11]
CHR Extension: (Google Analytics Debugger) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkmfdileelhofjcijamephohj echhna [2019-07-29]
CHR Extension: (Grammarly for Chrome) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobk ghlhen [2020-12-12]
CHR Extension: (EasyHome Homestyler) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeek heafkb [2017-08-26]
CHR Extension: (SparkChess) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgale anedem [2017-08-26]
CHR Extension: (Ledger Wallet Bitcoin) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdpmhnladdopljabkgpacgpli ggeeaf [2020-09-03]
CHR Extension: (Google Hangouts) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanao iihapd [2020-09-08]
CHR Extension: (No Name) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejc ehkggg [2017-10-31]
CHR Extension: (MetaMask) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbef gpgknn [2020-12-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2020-11-20]
CHR Extension: (Streak CRM for Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnnfemgpilpdaojpnkjdgfgbnn jojfik [2020-09-08]
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2 [2020-12-16]
CHR Notifications: Profile 2 -> hxxps://live-wire.slack.com; hxxps://mail.protonmail.com; hxxps://usweb2.contivio.com
CHR StartupUrls: Profile 2 -> "hxxps://mail.google.com/mail/u/0/#inbox/FMfcgxwCgpWhLVFbBQgghwQkBbPLJRpp?projector=1&messa gePartId=0.1","hxxps://calendar.google.com/calendar/r?tab=mc#main_7","hxxps://502106.app.netsuite.com/app/accounting/transactions/salesord.nl?id=2243864&whence=&cmid=1558565423717_ 12950","hxxps://dashboard.tawk.to/#/chat","hxxps://live-wire.slack.com/messages/DJNCN0HC0/","hxxps://docs.google.com/spreadsheets/d/16zmlHpFTm1TMW2yRzQevRNwvUvQzAy0fbwyIp0FABbs/edit#gid=1387715261","hxxps://tsl.tradeservice.com/"
CHR NewTab: Profile 2 -> Not-active:"chrome-extension://mgbgmpedgogkhiabhggmolokofjgcbmi/snippet.html"
CHR DefaultSearchURL: Profile 2 -> hxxps://presearch.org/extsearch?term={searchTerms}
CHR DefaultSearchKeyword: Profile 2 -> Presearch.org
CHR DefaultSuggestURL: Profile 2 -> hxxps://engine-api.presearch.org/autocomplete?query={searchTerms}
CHR Extension: (Slides) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-19]
CHR Extension: (Docs) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-19]
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-23]
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-19]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-12-15]
CHR Extension: (Contivio.com) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cllddeadkmgcppmjgibnnfaimcjjljoo [2018-09-19]
CHR Extension: (Sheets) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-19]
CHR Extension: (Google Docs Offline) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-18]
CHR Extension: (UberConference Screen Sharing) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hcakmcggjddnhepfcajfcpkdjoggcnak [2018-09-19]
CHR Extension: (Presearch) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\inpoelmimmiplkcldmdljiboidfkcfbh [2020-03-21]
CHR Extension: (Grammarly for Chrome) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-12-12]
CHR Extension: (Snippets by The Hustle) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mgbgmpedgogkhiabhggmolokofjgcbmi [2018-09-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Data Scraper - Easy Web Scraping) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nndknepjnldbdbepjfgmncbggmopgden [2018-11-30]
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-19]
CHR Extension: (Streak CRM for Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pnnfemgpilpdaojpnkjdgfgbnnjojfik [2020-08-10]
CHR Extension: (Checker Plus for Google Drive™) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pppfmbnpgflleackdcojndfgpiboghga [2020-10-29]
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\System Profile [2019-08-15]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8736880 2020-10-21] (BattlEye Innovations e.K. -> )
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [154056 2019-04-26] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [154056 2019-04-26] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9105800 2020-11-23] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-08-06] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-08-06] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-12-01] (Dropbox, Inc -> Dropbox, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818304 2020-12-10] (EasyAntiCheat Oy -> Epic Games, Inc)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Player Location Check; C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\se rvice.exe [3141608 2020-09-02] (GeoComply USA, Inc. -> GeoComply)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 postgresql-x64-9.3; C:\Program Files\PostgreSQL\9.3\bin\pg_ctl.exe [92672 2017-05-08] (PostgreSQL Global Development Group) [File not signed]
R2 RunSwUSB; C:\Windows\runSW.exe [44760 2014-12-12] (Realtek Semiconductor Corp -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13103632 2020-09-17] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [137376 2020-11-16] (TunnelBear Inc -> TunnelBear)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvr fi.inf_amd64_b02057827c15e7cf\Display.NvContainer\ NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvr fi.inf_amd64_b02057827c15e7cf\Display.NvContainer\ plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv_bgp.sys [315976 2020-10-04] (Bluestack Systems, Inc -> Bluestack System Inc.)
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [9860088 2019-07-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2017-09-06] (TunnelBear, Inc. -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-03] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-03] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================
Reply With Quote