Just want to make sure I'm safe. Thanks for any help you can give.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018
Ran by Drew (administrator) on DREW (22-10-2018 18:42:46)
Running from C:\Users\Drew\Downloads
Loaded Profiles: Drew (Available Profiles: Drew)
Platform: Windows 10 Home Version 1803 17134.345 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\DriverStore\FileRepository\c0323831.inf_amd64_1212be4b9fe2386c\atiesrxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\MsMpEng.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(SoundSwitch) C:\Program Files\SoundSwitch\SoundSwitch.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaRenderer.exe
() C:\Program Files (x86)\qBittorrent\qbittorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11809.1001.8.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2017-03-29] (Logitech Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2017-04-10] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9228800 2017-06-29] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2867712 2017-01-09] (Dominik Reichl)
HKLM-x32\...\Run: [Google Japanese Input Prelauncher] => C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe [1806800 2018-05-22] (Google Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKU\S-1-5-21-619396438-2450706291-207795060-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3208992 2018-10-12] (Valve Corporation)
HKU\S-1-5-21-619396438-2450706291-207795060-1001\...\Run: [SoundSwitch] => C:\Program Files\SoundSwitch\SoundSwitch.exe [1816768 2018-06-08] (SoundSwitch)
HKU\S-1-5-21-619396438-2450706291-207795060-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18594760 2018-09-19] (Piriform Ltd)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{02909200-05bf-4fe3-8eb4-a2f653214056}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{b3510a2e-45aa-4320-bdc2-1b4e6659b452}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-619396438-2450706291-207795060-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=U220DHP&pc=U220
HKU\S-1-5-21-619396438-2450706291-207795060-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-14] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-14] (Oracle Corporation)
FireFox:
========
FF DefaultProfile: dsgdew9w.default-1522896207997
FF DefaultProfile: 7j0vtojg.default
FF ProfilePath: C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997 [2018-10-22]
FF Homepage: Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997 -> about:home
FF Extension: (Nimbus Screen Capture: Screenshots, Annotate) - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2018-10-09]
FF Extension: (S3.Translator) - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997\Extensions\s3google@translator.xpi [2018-10-10]
FF Extension: (uBlock Origin) - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997\Extensions\uBlock0@raymondhill.net.xpi [2018-10-18]
FF Extension: (Youtube Checker) - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997\Extensions\youtube-subscription-checker@xrxr.xpi [2018-09-18]
FF Extension: (NoScript) - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-10-16]
FF Extension: (Greasemonkey) - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-08-28]
FF Extension: (Telemetry coverage) - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997\features\{56895a34-384c-4d13-8c09-7863ac197743}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-11] [Legacy]
FF ProfilePath: C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default [2018-10-21]
FF Homepage: Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default -> hxxps://boards.4chan.org/toy/
hxxps://twitter.com/
hxxps://www.youtube.com/?hl=en&gl=CA
FF Extension: (Dark Moon) - C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default\Extensions\darkmoon@lootyhoof-pm.xpi [2018-02-12] [Legacy] [not signed]
FF Extension: (Greasemonkey for Pale Moon) - C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default\Extensions\greasemonkeyforpm@janekptacijarabaci.xpi [2018-03-05] [Legacy] [not signed]
FF Extension: (uBlock Origin) - C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default\Extensions\uBlock0@raymondhill.net.xpi [2018-02-12] [Legacy] [not signed]
FF Extension: (DarkPitch) - C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default\Extensions\{4b13c0da-55d5-44ce-b98e-98e62085837f}.xpi [2018-02-12] [Legacy] [not signed]
FF Extension: (Theme Font & Size Changer (no expire)) - C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default\Extensions\{6e5104b6-3c42-11e7-a919-92ebcb67fe33}.xpi [2018-02-12] [Legacy]
FF Extension: (NoScript) - C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-02-12] [Legacy]
FF Extension: (In The Dark) - C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default\Extensions\{86FA6F53-95FE-7A69-D8C3-E1454281F8B6}.xpi [2018-03-26] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
FF Plugin HKU\S-1-5-21-619396438-2450706291-207795060-1001: SkypePlugin -> C:\Users\Drew\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi.dll [2017-04-18] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-619396438-2450706291-207795060-1001: SkypePlugin64 -> C:\Users\Drew\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi-x64.dll [2017-04-18] (Skype Technologies S.A.)
Chrome:
=======
CHR Profile: C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default [2018-10-21]
CHR Extension: (Slides) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-11]
CHR Extension: (Docs) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-11]
CHR Extension: (Google Drive) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-02]
CHR Extension: (Skype Calling) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-05-23]
CHR Extension: (YouTube) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-02]
CHR Extension: (Sheets) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-11]
CHR Extension: (Google Docs Offline) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-30]
CHR Extension: (Manual Geolocation) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpiefjlgcjmciajdcinaejedejjfjgki [2018-01-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-17]
CHR Extension: (Gmail) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-02]
CHR Extension: (Chrome Media Router) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-22]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated)
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0323831.inf_amd64_1212be4b9fe2386c\atiesrxx.exe [481144 2018-02-06] (AMD)
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-08-26] (Advanced Micro Devices) [File not signed]
R2 GoogleIMEJaCacheService; C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [994256 2018-05-22] (Google Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\NisSrv.exe [3847376 2018-09-25] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MsMpEng.exe [114200 2018-09-25] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [313760 2016-08-26] (Advanced Micro Devices)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-11-05] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0323831.inf_amd64_1212be4b9fe2386c\atikmdag.sys [41578872 2018-02-06] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0323831.inf_amd64_1212be4b9fe2386c\atikmpag.sys [545656 2018-02-06] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2017-11-21] (Advanced Micro Devices)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [200232 2018-10-13] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [118584 2018-10-22] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [58400 2018-10-22] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260384 2018-10-22] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [110424 2018-10-22] (Malwarebytes)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-11] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\NPF.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
S3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2017-04-10] (Scarlet.Crush Productions)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-09-25] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [352424 2018-09-25] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60584 2018-09-25] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018
Ran by Drew (administrator) on DREW (22-10-2018 18:42:46)
Running from C:\Users\Drew\Downloads
Loaded Profiles: Drew (Available Profiles: Drew)
Platform: Windows 10 Home Version 1803 17134.345 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\DriverStore\FileRepository\c0323831.inf_amd64_1212be4b9fe2386c\atiesrxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\MsMpEng.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(SoundSwitch) C:\Program Files\SoundSwitch\SoundSwitch.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaRenderer.exe
() C:\Program Files (x86)\qBittorrent\qbittorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11809.1001.8.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2017-03-29] (Logitech Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2017-04-10] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9228800 2017-06-29] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2867712 2017-01-09] (Dominik Reichl)
HKLM-x32\...\Run: [Google Japanese Input Prelauncher] => C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe [1806800 2018-05-22] (Google Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKU\S-1-5-21-619396438-2450706291-207795060-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3208992 2018-10-12] (Valve Corporation)
HKU\S-1-5-21-619396438-2450706291-207795060-1001\...\Run: [SoundSwitch] => C:\Program Files\SoundSwitch\SoundSwitch.exe [1816768 2018-06-08] (SoundSwitch)
HKU\S-1-5-21-619396438-2450706291-207795060-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18594760 2018-09-19] (Piriform Ltd)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{02909200-05bf-4fe3-8eb4-a2f653214056}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{b3510a2e-45aa-4320-bdc2-1b4e6659b452}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-619396438-2450706291-207795060-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=U220DHP&pc=U220
HKU\S-1-5-21-619396438-2450706291-207795060-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-14] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-14] (Oracle Corporation)
FireFox:
========
FF DefaultProfile: dsgdew9w.default-1522896207997
FF DefaultProfile: 7j0vtojg.default
FF ProfilePath: C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997 [2018-10-22]
FF Homepage: Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997 -> about:home
FF Extension: (Nimbus Screen Capture: Screenshots, Annotate) - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2018-10-09]
FF Extension: (S3.Translator) - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997\Extensions\s3google@translator.xpi [2018-10-10]
FF Extension: (uBlock Origin) - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997\Extensions\uBlock0@raymondhill.net.xpi [2018-10-18]
FF Extension: (Youtube Checker) - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997\Extensions\youtube-subscription-checker@xrxr.xpi [2018-09-18]
FF Extension: (NoScript) - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-10-16]
FF Extension: (Greasemonkey) - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-08-28]
FF Extension: (Telemetry coverage) - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\dsgdew9w.default-1522896207997\features\{56895a34-384c-4d13-8c09-7863ac197743}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-11] [Legacy]
FF ProfilePath: C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default [2018-10-21]
FF Homepage: Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default -> hxxps://boards.4chan.org/toy/
hxxps://twitter.com/
hxxps://www.youtube.com/?hl=en&gl=CA
FF Extension: (Dark Moon) - C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default\Extensions\darkmoon@lootyhoof-pm.xpi [2018-02-12] [Legacy] [not signed]
FF Extension: (Greasemonkey for Pale Moon) - C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default\Extensions\greasemonkeyforpm@janekptacijarabaci.xpi [2018-03-05] [Legacy] [not signed]
FF Extension: (uBlock Origin) - C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default\Extensions\uBlock0@raymondhill.net.xpi [2018-02-12] [Legacy] [not signed]
FF Extension: (DarkPitch) - C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default\Extensions\{4b13c0da-55d5-44ce-b98e-98e62085837f}.xpi [2018-02-12] [Legacy] [not signed]
FF Extension: (Theme Font & Size Changer (no expire)) - C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default\Extensions\{6e5104b6-3c42-11e7-a919-92ebcb67fe33}.xpi [2018-02-12] [Legacy]
FF Extension: (NoScript) - C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-02-12] [Legacy]
FF Extension: (In The Dark) - C:\Users\Drew\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\7j0vtojg.default\Extensions\{86FA6F53-95FE-7A69-D8C3-E1454281F8B6}.xpi [2018-03-26] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
FF Plugin HKU\S-1-5-21-619396438-2450706291-207795060-1001: SkypePlugin -> C:\Users\Drew\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi.dll [2017-04-18] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-619396438-2450706291-207795060-1001: SkypePlugin64 -> C:\Users\Drew\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi-x64.dll [2017-04-18] (Skype Technologies S.A.)
Chrome:
=======
CHR Profile: C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default [2018-10-21]
CHR Extension: (Slides) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-11]
CHR Extension: (Docs) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-11]
CHR Extension: (Google Drive) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-02]
CHR Extension: (Skype Calling) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-05-23]
CHR Extension: (YouTube) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-02]
CHR Extension: (Sheets) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-11]
CHR Extension: (Google Docs Offline) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-30]
CHR Extension: (Manual Geolocation) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpiefjlgcjmciajdcinaejedejjfjgki [2018-01-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-17]
CHR Extension: (Gmail) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-02]
CHR Extension: (Chrome Media Router) - C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-22]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated)
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0323831.inf_amd64_1212be4b9fe2386c\atiesrxx.exe [481144 2018-02-06] (AMD)
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-08-26] (Advanced Micro Devices) [File not signed]
R2 GoogleIMEJaCacheService; C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [994256 2018-05-22] (Google Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\NisSrv.exe [3847376 2018-09-25] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MsMpEng.exe [114200 2018-09-25] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [313760 2016-08-26] (Advanced Micro Devices)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-11-05] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0323831.inf_amd64_1212be4b9fe2386c\atikmdag.sys [41578872 2018-02-06] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0323831.inf_amd64_1212be4b9fe2386c\atikmpag.sys [545656 2018-02-06] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2017-11-21] (Advanced Micro Devices)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [200232 2018-10-13] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [118584 2018-10-22] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [58400 2018-10-22] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260384 2018-10-22] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [110424 2018-10-22] (Malwarebytes)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-11] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\NPF.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
S3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2017-04-10] (Scarlet.Crush Productions)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-09-25] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [352424 2018-09-25] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60584 2018-09-25] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)